Dialogflow Cx Conversations
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to do what it claims for Dialogflow CX, but it needs Google Cloud access and sends conversation text to Dialogflow.
Install only if you intend to let the skill access your Dialogflow CX project. Use least-privilege Google Cloud credentials, test against non-production agents when possible, avoid sending sensitive data in messages, and pin/install the Python dependencies from trusted sources if you use the helper script.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with broad Google Cloud credentials, the skill can act against Dialogflow resources allowed by that account or service account.
The skill needs Google Cloud credentials to call Dialogflow; this is purpose-aligned, but the effective permissions depend on the credential the user provides.
- Service account or OAuth credentials with Dialogflow API access - `gcloud` CLI authenticated OR bearer token
Use a least-privilege service account or OAuth login limited to the intended Dialogflow project and avoid exposing bearer tokens.
Running the documented commands against a real project can create or affect Dialogflow testing resources and session behavior.
The documentation includes authenticated POST operations that can create Dialogflow test-case resources; this matches the testing purpose but is still a cloud-side mutation.
"https://dialogflow.googleapis.com/v3beta1/projects/${PROJECT_ID}/locations/${LOCATION}/agents/${AGENT_ID}/testCases"Review project, agent, location, and session IDs before running commands, and prefer a non-production Dialogflow agent for testing.
Conversation text and session context may be processed by Dialogflow according to the user's Google Cloud configuration and policies.
The skill sends user text into Dialogflow sessions that maintain conversation state; this is expected for the product but means prompts may become part of provider-side session context.
| **Sessions** | Conversation instances with state | | **Detect Intent** | Process user input and get responses |
Do not send secrets or regulated data in test messages unless the Dialogflow project is approved for that data, and use deliberate session IDs when testing.
Installing dependencies may bring in whatever current versions are served by the package source at install time.
The helper script instructs users to install external Python packages without pinned versions; this is a normal setup step for the Google SDK but still relies on package-source trust.
Install:
pip install google-cloud-dialogflow-cx google-authInstall dependencies from trusted package indexes, consider pinning versions in your own environment, and use a virtual environment.