Dialogflow Cx Nlu
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overly broad command could remove NLU resources and affect a Dialogflow agent’s behavior.
The CLI can delete Dialogflow CX intents and entity types. This is aligned with the management purpose, but deletion is a high-impact action if invoked on the wrong resource.
client.delete_intent(name=intent_name) ... client.delete_entity_type(name=entity_name)
Use least-privilege Dialogflow credentials, confirm full resource names before update/delete actions, and keep backups or exports of important agents.
The skill will operate with whatever Dialogflow permissions the authenticated Google account or service account has.
The skill requires Google Cloud account credentials to access Dialogflow CX. This is expected for the stated purpose, but it is sensitive authority and is not reflected in the registry credential declarations.
Service account or OAuth credentials with Dialogflow API access; `gcloud` CLI authenticated OR bearer token
Prefer a dedicated service account with only the Dialogflow permissions needed for the intended agent and avoid using broad owner/editor credentials.
Installing unpinned packages can pull newer dependency versions than expected.
The script depends on external Python packages installed by an unpinned pip command. This is expected for a Google API wrapper, but users should be aware of dependency provenance.
Run: pip install google-cloud-dialogflow-cx google-auth
Install dependencies in a controlled environment and consider pinning package versions for repeatable use.