ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Dify Orchestrator

v1.3.0

Use when managing a self-hosted Dify instance, checking feature feasibility, or orchestrating apps, prompts, datasets, and knowledge-base operations via the...

0· 72·0 current·0 all-time
byAlexander Schneider@arn0ld87
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (manage self-hosted Dify: apps, datasets, prompts, KB operations) matches the SKILL.md, README, examples and reference docs. The declared MCP calls (dify-manager:...) and references to Dify APIs are exactly what you'd expect for this purpose.
Instruction Scope
The runtime instructions stay within Dify management tasks (list/create/update/delete apps, datasets, prompt updates, search KB, health checks). They reference a canonical local MCP server path (/Users/alexanderschneider/mcp-servers/dify-manager) and accept file_path arguments for dataset uploads — these are reasonable for the skill but mean the agent will need access to that local path and any files the user wants uploaded. The SKILL.md follows safe operational rules (preflight checks, explicit confirmation before deletes, 'secrets stay out of content').
Install Mechanism
Instruction-only skill with no install spec and no code files to execute. This is low-risk from an installation/download perspective.
Credentials
The skill does not require or declare environment variables, but the README and Preflight checklist reference common DIFY_* env names (DIFY_MGMT_API_URL, DIFY_API_KEY, DIFY_CONSOLE_*). This is expected for a management skill, but the package itself does not ask for or contain credentials — operators should supply those locally (and keep them out of skill text/commits).
Persistence & Privilege
always is false and the skill does not request persistent/privileged platform presence or modify other skills. Normal autonomous invocation is allowed (platform default) but not exceptional privileges.
Assessment
This skill appears coherent and focused on self-hosted Dify management. Before installing or enabling it: 1) ensure your agent/process will only call the intended local MCP server (check the canonical path and MCP tooling), 2) do not store API keys or console passwords in the skill files — set DIFY_* credentials as local secrets or environment variables outside the skill, 3) confirm any file paths the agent will upload and grant access only to specific files, and 4) rely on the skill's preflight/confirmation behavior for destructive actions (require explicit human confirmation before delete). If you need higher assurance, verify the MCP server tooling (dify-manager) and that the agent account has only the minimum permissions required to perform management tasks.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fa22gnt58gvahh92rsfqn7d83b0fp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments