ClawHub

Dialogflow Cx Agents

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Dialogflow CX management helper, but it can modify or delete cloud chatbot agents if used with capable Google credentials.

Install only if you want an agent to manage Dialogflow CX resources. Use least-privilege Google Cloud credentials limited to the intended project, confirm project/location/agent identifiers before update, restore, or delete operations, and export or back up important agents before destructive changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The skill documents a DELETE request for agent removal without clearly warning that the action is destructive and potentially irreversible. In an agent-execution context, this increases the chance of accidental deletion of production chatbot assets, especially if users copy commands without safeguards.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The reference documents a destructive delete endpoint with no cautionary note, confirmation guidance, or mention of irreversibility. In an agent skill context, this increases the chance that an LLM-driven agent or user invokes deletion without understanding the blast radius, causing accidental loss of production chatbot configurations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The restore operation is documented without warning that it can overwrite or replace existing agent state. In this context, an automated agent could restore stale or malicious content into an existing Dialogflow CX agent, disrupting configurations, intents, flows, or integrations.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The delete command performs a destructive action immediately with no confirmation prompt, dry-run mode, or force flag separation. In a CLI managing cloud resources, this increases the risk of accidental or scripted deletion of production agents, especially when users pass full resource names directly.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal