v1.0.0

Dialogflow Cx Conversations

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:12 AM.

Analysis

The skill appears to do what it claims for Dialogflow CX, but it needs Google Cloud access and sends conversation text to Dialogflow.

GuidanceInstall only if you intend to let the skill access your Dialogflow CX project. Use least-privilege Google Cloud credentials, test against non-production agents when possible, avoid sending sensitive data in messages, and pin/install the Python dependencies from trusted sources if you use the helper script.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

"https://dialogflow.googleapis.com/v3beta1/projects/${PROJECT_ID}/locations/${LOCATION}/agents/${AGENT_ID}/testCases"

The documentation includes authenticated POST operations that can create Dialogflow test-case resources; this matches the testing purpose but is still a cloud-side mutation.

User impactRunning the documented commands against a real project can create or affect Dialogflow testing resources and session behavior.

RecommendationReview project, agent, location, and session IDs before running commands, and prefer a non-production Dialogflow agent for testing.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

scripts/conversations.py

Install:
    pip install google-cloud-dialogflow-cx google-auth

The helper script instructs users to install external Python packages without pinned versions; this is a normal setup step for the Google SDK but still relies on package-source trust.

User impactInstalling dependencies may bring in whatever current versions are served by the package source at install time.

RecommendationInstall dependencies from trusted package indexes, consider pinning versions in your own environment, and use a virtual environment.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

- Service account or OAuth credentials with Dialogflow API access
- `gcloud` CLI authenticated OR bearer token

The skill needs Google Cloud credentials to call Dialogflow; this is purpose-aligned, but the effective permissions depend on the credential the user provides.

User impactIf used with broad Google Cloud credentials, the skill can act against Dialogflow resources allowed by that account or service account.

RecommendationUse a least-privilege service account or OAuth login limited to the intended Dialogflow project and avoid exposing bearer tokens.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityInfoConfidenceHighStatusNote

SKILL.md

| **Sessions** | Conversation instances with state |
| **Detect Intent** | Process user input and get responses |

The skill sends user text into Dialogflow sessions that maintain conversation state; this is expected for the product but means prompts may become part of provider-side session context.

User impactConversation text and session context may be processed by Dialogflow according to the user's Google Cloud configuration and policies.

RecommendationDo not send secrets or regulated data in test messages unless the Dialogflow project is approved for that data, and use deliberate session IDs when testing.