Skillv1.0.0

ClawScan security

Dify · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 6, 2026, 1:49 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is a documentation/instruction pack for the Dify platform and its files align with that purpose; there are a few small mismatches in metadata vs. the instructions (notably undeclared required binaries), but nothing that suggests malicious intent.
Guidance: This skill is a documentation/instruction pack for Dify and appears coherent with that purpose. Before installing or having an agent execute the example commands, note: (1) the SKILL.md examples assume tools (git, curl, jq, docker, docker-compose) that the metadata did not list — make sure those binaries are available and trusted; (2) deployment examples clone the public GitHub repo and run docker-compose, so verify the repo and .env.example contents before running to avoid accidentally exposing secrets or running unreviewed containers; (3) the API examples show using a Bearer API key — the skill does not request any secrets itself, so only provide keys when you trust the target endpoint; (4) if you plan to allow the agent to execute shell/network actions autonomously, be cautious — those actions can start containers or make network requests. If you want higher assurance, inspect the upstream GitHub repository indicated (https://github.com/langgenius/dify) and the Docker images used before running them.

Review Dimensions

Purpose & Capability: noteThe name/description match the content: this is a Dify guide for building apps, workflows, agents, RAG KBs and for self-hosting. However, the declared requirements list no required binaries or env vars while the SKILL.md contains concrete shell commands that assume git, curl, jq, docker and docker-compose are available — a minor metadata inconsistency.
Instruction Scope: okSKILL.md and the reference files are documentation and example API calls. The instructions include cloning from GitHub and running docker-compose, plus example HTTP requests requiring an API key in an Authorization header. They do not instruct reading unrelated local credentials, exfiltrating secrets, or calling unknown endpoints beyond Dify's documented URLs. The presence of deployment commands is expected for a self-hosting guide.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files. That is low-risk: nothing will be written or executed by the skill itself beyond the agent following textual instructions.
Credentials: noteThe docs reference an API Key for authenticating to Dify APIs, but the skill declares no required env vars. No other credentials or unrelated environment variables are requested. The lack of declared primaryEnv or required env vars is consistent with a public documentation skill, but the guide does show places where a user would need to supply API keys when actually using the API.
Persistence & Privilege: okalways:false and default invocation settings are used. The skill does not request persistent/privileged presence or modify other skills or system settings.