Back to skill
Skillv1.0.0
VirusTotal security
Dialogflow Cx Flows · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:44 AM
- Hash
- 26c74a504694de7b49b72d981e17ab7684329908605f7dc0f53a95c7b898a122
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: dialogflow-cx-flows Version: 1.0.0 The skill bundle is designed to manage Google Dialogflow CX resources. The `SKILL.md` file provides `curl` command examples for interacting with the Dialogflow CX API, which, if executed by an AI agent with unsanitized user-provided variables (e.g., for `PROJECT_ID`, `AGENT_ID`), could lead to shell injection vulnerabilities. While the `scripts/flows.py` Python script uses official Google Cloud client libraries and appears benign, the direct shell command examples in the markdown documentation represent a high-risk capability that could be exploited due to a vulnerability in the agent's execution environment, classifying it as suspicious rather than benign. There is no clear evidence of intentional malicious behavior like data exfiltration or persistence.
- External report
- View on VirusTotal