ClawHub

Dialogflow CX to CES Migration

Security checks across malware telemetry and agentic risk

Overview

This is a coherent migration tool that reads a specified Dialogflow CX agent and writes CES migration files, but the exported files should be treated as sensitive.

Install only if you are authorized to access the target GCP project and Dialogflow CX agent. Run with least-privilege credentials, use --dry-run first, store generated files securely, and review webhook URLs, authentication, consent language, and broad routing phrases before importing the CES agent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Low
Confidence
82% confidence
Finding
The description lists output artifacts but does not clearly warn that running the migration will write multiple files to disk unless `--dry-run` is used. While expected for a migration tool, the lack of an explicit write-to-disk warning can lead users to run it in sensitive directories or automation contexts without understanding the side effects.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill fetches Dialogflow CX agent configuration, flows, intents, webhooks, entity types, and test cases from Google Cloud APIs, but the description does not explicitly warn that potentially sensitive conversational configuration and evaluation data will be accessed and materialized locally. In enterprise environments, these exports may contain internal logic, endpoint details, or sample utterances that should be handled as sensitive data.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The routing hints include very broad trigger phrases such as 'yes', 'no', 'agent', 'Apple', and generic terms like 'feedback' or 'faq'. In a conversational system, these can cause unintended intent matches and misroute users into flows that collect data, escalate to a human, or invoke downstream actions without sufficient confirmation. The risk is amplified here because multiple flows collect personal and location information and some invoke external tools.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This agent collects personal and sensitive operational data such as name, city, state, pin code, location, vehicle details, service date/time, and then uses external webhook tools hosted on remote Cloud Run endpoints with no visible user notice, consent, or data-minimization controls. Because the tools use unauthenticated endpoints and the prompts do not disclose external processing, users may unknowingly provide data that is transmitted off-platform, creating privacy, compliance, and potential data-exposure risks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal