ClawHub

Dialogflow Cx Flows

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly coherent for managing Dialogflow CX, but it gives broad cloud mutation guidance with weak warnings around credentials, deletion, and restore operations.

Install only if you are comfortable giving the agent Google Dialogflow CX credentials with permission to modify resources. Use least-privilege credentials, avoid pasting tokens into chats or logs, review every delete or version-load command before execution, and export or back up flows before allowing state-changing operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill metadata says it manages flows and pages, but this reference also documents Transition Route Groups and Versions, including restore/load operations. Expanding documented capability beyond the declared scope can cause an agent to invoke higher-impact actions users did not expect, increasing the chance of unsafe or unauthorized modifications.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill instructs users to obtain bearer tokens and reference service account credentials, but it does not warn that these are sensitive secrets that can grant API access if exposed in shell history, logs, screenshots, or shared terminals. In this context the skill is intended to call Google APIs, so external transmission is expected, but the lack of credential-handling guidance increases the chance of accidental token leakage or misuse.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The reference documents destructive DELETE operations for flows without any warning that the action is irreversible or may break conversation behavior. In an agent-tooling context, omission of such warnings increases the risk that an LLM or user triggers destructive state changes without informed confirmation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documented version load operation restores a previous flow state, but the reference does not warn that current configuration may be overwritten or reverted. In practice this can undo production changes, disrupt routing, and cause loss of newer configuration if invoked inadvertently.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal