v1.1.1

Dify Knowledge Base Search

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:28 AM.

Analysis

The skill appears to do what it says: use a Dify API key to list and search Dify knowledge bases for RAG context.

GuidanceThis skill is reasonable to install if you trust the Dify instance and are comfortable giving the agent read access through the configured Dify API key. Prefer a least-privileged key, specify the intended dataset when possible, and treat retrieved knowledge-base text as potentially sensitive context.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

install spec

[1] node | package: requests

The skill depends on the Python requests package without a pinned version. This is common and purpose-aligned, but the exact installed package version is not fixed by the artifact.

User impactFuture installs may receive whatever requests version the package source provides.

RecommendationIf reproducibility matters, pin dependency versions in your environment or install from a trusted package source.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

scripts/search.py

api_key = os.environ.get("DIFY_API_KEY") ... "Authorization": f"Bearer {api_key}"

The script uses the configured Dify API key as a bearer token to access Dify datasets. This is expected for the skill, but the key's permissions define how much knowledge-base data the skill can read.

User impactThe agent can access Dify datasets that the configured API key is allowed to read.

RecommendationUse a least-privileged Dify API key and configure the intended Dify base URL carefully.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

context = "\n".join([r["content"] for r in results["results"]])
final_prompt = f"Answer based on context:\n\n{context}\n\nQuestion: {query}"

The documentation explicitly recommends using retrieved dataset content as model context. This is the intended RAG behavior, but retrieved text can influence answers and may contain sensitive or untrusted material.

User impactKnowledge-base content may be surfaced in conversations and can shape the agent's response.

RecommendationOnly connect trusted datasets, avoid storing malicious instructions in knowledge-base content, and review outputs when datasets contain sensitive material.