ClawHub

Dialogflow Cx Advanced

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Dialogflow CX administration helper, but users should handle Google Cloud credentials and webhook configuration carefully.

Install only if you intend to manage Dialogflow CX resources. Use least-privileged Google Cloud credentials, avoid sharing tokens or service-account files, verify project/location/agent IDs before create or deploy operations, and configure webhooks only to trusted HTTPS endpoints authorized to receive conversation data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The authentication section instructs users to obtain bearer tokens and use service-account credentials, but it does not warn about the sensitivity of these credentials or safe handling practices. In a cloud-admin context, exposed tokens or credential files can enable unauthorized access to Dialogflow and possibly broader Google Cloud resources permitted to that identity.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The examples include POST requests that create Dialogflow environments and webhooks, which are state-changing operations against live cloud resources. Without warnings about production impact, users may unintentionally modify active agents, deploy integrations, or affect conversation routing and fulfillment behavior.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The reference shows a webhook request payload that includes raw user input and session parameters being sent to an external server, but it provides no warning about privacy, data minimization, consent, or secure handling requirements. In an agent skill for Dialogflow CX, this omission can lead developers to forward sensitive conversational and session data to third-party infrastructure without evaluating compliance, retention, or exposure risks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal