ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Dialogflow Cx Flows

v1.0.0

Manage flows and pages in Google Dialogflow CX via REST API. Use for creating and organizing conversation paths within agents. Supports v3beta1 API.

0· 346·0 current·0 all-time
byYash Kavaiya@yash-kavaiya
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the included CLI script and SKILL.md. The script and curl examples all target Dialogflow CX v3beta1 endpoints and use standard Google auth mechanisms; nothing requested is unrelated to managing flows/pages.
Instruction Scope
SKILL.md instructs the agent to obtain a Google access token (gcloud or service account) and call Dialogflow REST endpoints or use the provided Python CLI. Instructions do not request reading unrelated files or sending data to non-Google endpoints.
Install Mechanism
There is no install spec (instruction-only), which is low-risk. The Python script recommends installing google-cloud-dialogflow-cx and google-auth via pip; that is expected for this functionality but the registry does not provide an automatic install step.
Credentials
The skill requires Google credentials (gcloud ADC or a service-account JSON) to operate, which is proportional to its purpose. The registry metadata, however, lists no required env vars — SKILL.md mentions exporting GOOGLE_APPLICATION_CREDENTIALS and using a TOKEN/PROJECT_ID placeholders; this mismatch is informational but not malicious.
Persistence & Privilege
always is false and the skill does not request persistent system-wide changes or modify other skills. The CLI is a simple client and does not persist secrets or alter agent configuration beyond normal Dialogflow API operations.
Assessment
This skill appears to do what it says: manage Dialogflow CX flows and pages. Before installing or running it: (1) Verify the source/repository since 'Source: unknown' and no homepage are provided. (2) Inspect the included scripts (scripts/flows.py) yourself — they are short and readable. (3) Use a Google service account with the minimum Dialogflow permissions required (principle of least privilege). (4) Prefer using gcloud ADC or a dedicated service-account JSON stored securely; do not paste tokens into untrusted UIs. (5) If you will run the pip-installed libraries, install them in a virtual environment. If any of these checks fail or you can't verify the origin, treat the skill with caution.

Like a lobster shell, security has layers — review code before you run it.

latestvk973n18zfme9686t9vrp9fqtj9820jbp
346downloads
0stars
1versions
Updated 7h ago
v1.0.0
MIT-0
Yash Kavaiya@yash-kavaiya
latest
Download

Dialogflow CX Flows

Manage flows and pages in Google Dialogflow CX via REST API for organizing conversation paths.

Prerequisites

  • Google Cloud project with Dialogflow CX API enabled
  • Service account or OAuth credentials with Dialogflow API access
  • gcloud CLI authenticated OR bearer token

Authentication

Option 1: gcloud CLI (recommended)

gcloud auth application-default login
TOKEN=$(gcloud auth print-access-token)

Option 2: Service Account

export GOOGLE_APPLICATION_CREDENTIALS="/path/to/service-account.json"
TOKEN=$(gcloud auth application-default print-access-token)

API Base URL

https://dialogflow.googleapis.com/v3beta1

Regional endpoints available:

  • https://{region}-dialogflow.googleapis.com (e.g., us-central1, europe-west1)

Common Operations

List Flows

curl -X GET \
  "https://dialogflow.googleapis.com/v3beta1/projects/${PROJECT_ID}/locations/${LOCATION}/agents/${AGENT_ID}/flows" \
  -H "Authorization: Bearer ${TOKEN}"

Create Flow

curl -X POST \
  "https://dialogflow.googleapis.com/v3beta1/projects/${PROJECT_ID}/locations/${LOCATION}/agents/${AGENT_ID}/flows" \
  -H "Authorization: Bearer ${TOKEN}" \
  -H "Content-Type: application/json" \
  -d '{
    "displayName": "Booking Flow",
    "description": "Handles flight booking conversations"
  }'

List Pages

curl -X GET \
  "https://dialogflow.googleapis.com/v3beta1/projects/${PROJECT_ID}/locations/${LOCATION}/agents/${AGENT_ID}/flows/${FLOW_ID}/pages" \
  -H "Authorization: Bearer ${TOKEN}"

Create Page

curl -X POST \
  "https://dialogflow.googleapis.com/v3beta1/projects/${PROJECT_ID}/locations/${LOCATION}/agents/${AGENT_ID}/flows/${FLOW_ID}/pages" \
  -H "Authorization: Bearer ${TOKEN}" \
  -H "Content-Type: application/json" \
  -d '{
    "displayName": "Collect Destination",
    "entryFulfillment": {
      "messages": [
        {
          "text": {
            "text": ["Where would you like to fly?"]
          }
        }
      ]
    }
  }'

Key Resources

ResourceDescription
FlowsConversation paths within an agent
PagesStates within a flow
Transition RoutesRouting logic between pages
VersionsImmutable snapshots of flows

Quick Reference

For detailed API reference:

Scripts

  • scripts/flows.py — CLI wrapper for flows and pages operations

Usage

python scripts/flows.py list-flows --agent AGENT_NAME
python scripts/flows.py list-pages --flow FLOW_NAME
python scripts/flows.py get-flow --flow FLOW_NAME
python scripts/flows.py get-page --page PAGE_NAME

Tips

  • Every agent has a default "Default Start Flow"
  • Pages represent conversation states
  • Use transition routes to move between pages based on intents or conditions
  • Train flows after making changes to update NLU

Comments

Loading comments...