DCG Guard
An OpenClaw plugin that hard-blocks dangerous shell commands before they execute. Works on any OpenClaw installation (Windows, macOS, Linux, local, VPS, anywhere). No binary dependencies required.
What It Does
Intercepts every exec/bash tool call via OpenClaw's before_tool_call plugin event. Pipes the command through DCG (Dangerous Command Guard). Safe commands pass silently with zero overhead. Dangerous commands are blocked before execution.
Blocked (Unix): rm -rf ~, git push --force, git reset --hard, git clean -fd, git branch -D
Blocked (Windows): Remove-Item -Recurse -Force, rd /s /q, del /s, Format-Volume, reg delete HKLM
Allowed: ls, cat, echo, git status, npm install, dir, �INLINECODE19
Install
CODEBLOCK0
Or manually:
CODEBLOCK1
How It Works
- 1. Agent calls
exec with a command - Plugin intercepts via
before_tool_call (runs before execution) - Command is checked against built-in rules (cross-platform, <1ms, no subprocess)
- If no built-in match and DCG binary is installed, command is piped to DCG (~27ms)
- Safe: silent passthrough, agent never knows the plugin exists
- Dangerous:
{ block: true } returned to OpenClaw, command never executes
v1.1.0: Built-in rules work without the DCG binary. DCG binary is optional (adds extra unix rules). Windows fully supported out of the box.
Security
- - No shell interpolation. Commands are passed to DCG via stdin using
execFileSync (not execSync). No injection risk. - Fail-open. If DCG binary is missing or crashes, commands pass through. The plugin never deadlocks your agent.
- Zero dependencies. Only requires the DCG binary (single Go binary, no runtime deps).
Configuration
Optional, in openclaw.json under plugins.entries.dcg-guard.config:
CODEBLOCK2
Default DCG path: �INLINECODE27
Override with env var: �INLINECODE28
Agent Instructions (optional)
Add to your workspace AGENTS.md:
CODEBLOCK3
DCG Guard
一款OpenClaw插件,可在危险shell命令执行前进行硬性拦截。适用于任何OpenClaw安装环境(Windows、macOS、Linux、本地、VPS、任何位置)。无需二进制依赖。
功能说明
通过OpenClaw的beforetoolcall插件事件拦截所有exec/bash工具调用。将命令通过DCG(危险命令防护)进行过滤。安全命令零开销静默通过。危险命令在执行前被拦截。
已拦截(Unix): rm -rf ~、git push --force、git reset --hard、git clean -fd、git branch -D
已拦截(Windows): Remove-Item -Recurse -Force、rd /s /q、del /s、Format-Volume、reg delete HKLM
允许通过: ls、cat、echo、git status、npm install、dir、Get-ChildItem
安装
bash
在 clawhub install dcg-guard 之后:
bash install.sh
或手动安装:
bash
1. 安装DCG二进制文件
curl -sSL https://raw.githubusercontent.com/Dicklesworthstone/destructive
commandguard/master/install.sh | bash
2. 将插件链接到OpenClaw
openclaw plugins install -l /path/to/dcg-guard
openclaw gateway restart
工作原理
- 1. 代理使用命令调用exec
- 插件通过beforetoolcall拦截(在执行前运行)
- 命令与内置规则进行比对(跨平台,<1ms,无子进程)
- 若无内置规则匹配且DCG二进制已安装,命令将传递给DCG(约27ms)
- 安全:静默通过,代理完全不知插件存在
- 危险:返回{ block: true }给OpenClaw,命令永不执行
v1.1.0: 内置规则无需DCG二进制即可工作。DCG二进制为可选(增加额外Unix规则)。Windows开箱即用完全支持。
安全性
- - 无Shell插值。 命令通过execFileSync(而非execSync)经由stdin传递给DCG。无注入风险。
- 故障开放。 若DCG二进制缺失或崩溃,命令将通过。插件永不会导致代理死锁。
- 零依赖。 仅需DCG二进制(单个Go二进制,无运行时依赖)。
配置
可选,位于openclaw.json的plugins.entries.dcg-guard.config下:
json
{
enabled: true,
dcgBin: /custom/path/to/dcg
}
默认DCG路径:~/.local/bin/dcg
通过环境变量覆盖:DCG_BIN=/path/to/dcg
代理指令(可选)
添加到工作区的AGENTS.md:
当命令被DCG Guard拦截时,请勿重试。
在尝试任何替代方案前,需获得用户的明确许可。
拦截存在是因为该命令具有破坏性或不可逆性。
