ClawHub
Back to skill
v1.0.0

Dialogflow Cx Advanced

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:12 AM.

Analysis

This skill is coherent for Dialogflow CX administration, but it gives an agent high-impact Google Cloud deployment and webhook authority that should be reviewed carefully before use.

GuidanceUse this skill only if you intentionally want the agent to administer Dialogflow CX environments, deployments, and webhooks. Prefer a least-privileged service account, require explicit confirmation before any POST/deploy/webhook change, and carefully review any external webhook endpoint before routing user conversations to it.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
references/advanced.md
### Deploy Flow to Environment
POST /v3beta1/{environment}:deployFlow

This documents an authenticated operation that changes which flow version is deployed to a Dialogflow environment, with no explicit approval, environment scoping, or rollback guidance.

User impactA mistaken or autonomous deployment could alter a live customer-facing Dialogflow bot.
RecommendationRequire explicit user confirmation for create, deploy, and webhook changes; restrict use to named projects, locations, agents, and environments; document rollback steps before production use.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
scripts/advanced.py
Install:
    pip install google-cloud-dialogflow-cx google-auth

The script documents installing unpinned Python packages, while the registry has no install spec; this is user-directed and relevant to the skill, but users should still verify package provenance.

User impactDependency installation may vary over time and could introduce package-version or supply-chain risk.
RecommendationInstall dependencies from trusted package indexes, pin versions where possible, and review dependency provenance before using the script.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusConcern
SKILL.md
- Service account or OAuth credentials with Dialogflow API access
- `gcloud` CLI authenticated OR bearer token

The skill requires Google Cloud credentials capable of Dialogflow API access, while the registry metadata declares no primary credential and the artifacts do not specify least-privilege roles or token-use limits.

User impactIf installed with broad Google Cloud credentials, the agent may be able to inspect or change Dialogflow CX resources beyond what the user intended.
RecommendationUse a least-privileged service account limited to the required Dialogflow CX project and operations, avoid broad user OAuth tokens for automation, and declare the credential requirement clearly.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusNote
references/advanced.md
"sessionInfo": {
  "session": "projects/.../sessions/...",
  "parameters": { ... }
},
"text": "user input"

The webhook reference shows that external fulfillment endpoints may receive end-user text and session parameters; this is expected for Dialogflow webhooks but privacy-sensitive.

User impactConversation content or session data could be sent to whichever webhook endpoint is configured.
RecommendationOnly configure trusted HTTPS webhook endpoints, avoid sending unnecessary sensitive parameters, use authentication for webhooks, and review privacy/compliance requirements.