Protect Your Server: An In-Depth Look at the OpenClaw DCG Guard Plugin
Published: (March 18, 2026 at 04:30 PM EDT)
2 min read
Source: Dev.to
Source: Dev.to
How DCG Guard Works
- Interception – When the OpenClaw agent attempts to call an
exectool, the plugin intercepts the request via thebefore_tool_callevent. - Inspection – The command is examined by internal logic. If it matches a known dangerous pattern, it is blocked immediately.
- DCG Binary Check – If the command isn’t flagged by the built‑in logic, it is passed to the DCG (Dangerous Command Guard) binary (if installed). This adds roughly 27 ms of latency, which is negligible for most file‑system or network operations.
- Decision
- If the command is safe, the agent proceeds as normal.
- If it is blocked, the plugin returns
{ block: true }, effectively preventing the command from reaching the shell.
This fail‑open design ensures that, even if the DCG binary fails, the plugin will still block known dangerous commands.
Getting Started with DCG Guard
- Install the plugin via the OpenClaw marketplace or from the repository.
- Ensure the DCG binary is installed and accessible (e.g.,
/custom/path/to/dcg). - Add the plugin to your OpenClaw configuration.
Configuration
Custom configurations can be defined in the openclaw.json file. Example snippet:
{
"plugins": {
"dcg-guard": {
"dcgPath": "/custom/path/to/dcg",
"blockedCommands": [
"rm -rf",
"git reset --hard",
"Format-Volume"
]
}
}
}Best Practices
- Keep your AI agents’
AGENTS.mdfile up‑to‑date to handle block scenarios gracefully. - When a command is blocked by DCG Guard, do not retry it automatically. Instead, ask the user for clarification or an alternative approach.
- Regularly review and update the list of blocked commands to match your organization’s security policies.
Resources
- OpenClaw Hub – https://clawhub.example.com
- DCG Guard Skill Documentation –
guard/SKILL.md
Integrating DCG Guard helps safeguard your development workflow against accidental or malicious destructive commands, whether you’re a solo developer or managing a large‑scale enterprise.