Back to skill
Skillv1.0.0
ClawScan security
Dify工作流调用 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 17, 2026, 2:33 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and README clearly require a local env file with DIFY_API_KEY and DIFY_API_BASE, but the registry metadata declares no required credentials — this mismatch and the presence of a bundled CLI script warrant caution before installing.
- Guidance
- This skill otherwise appears to do what it says, but before installing: 1) Be aware the SKILL.md and script require a config file at ~/.openclaw/config/dify.env containing DIFY_API_KEY and DIFY_API_BASE — the registry metadata failing to declare these is an incoherence. 2) Verify DIFY_API_BASE points to a trusted/local Dify instance (not a public or unknown endpoint) and only provide an API key with minimal required permissions. 3) Inspect ~/.openclaw/config/dify.env file permissions (restrict to the user) and avoid putting high-privilege credentials there. 4) Note the package includes an executable Python script; if you don’t trust the source (no homepage, source unknown), run it in an isolated environment or review the script fully (it appears straightforward). 5) Ask the publisher to correct the registry metadata to list required env vars/primary credential before deploying widely.
Review Dimensions
- Purpose & Capability
- concernThe skill's stated purpose (calling a local Dify API for KB Q&A) matches the included CLI script and instructions. However, the registry metadata lists no required environment variables or primary credential while SKILL.md and scripts/dify_chat.py explicitly require a config file (~/.openclaw/config/dify.env) containing DIFY_API_KEY and DIFY_API_BASE. The missing declaration in metadata is an incoherence and should be corrected.
- Instruction Scope
- noteSKILL.md instructs the agent/user to read ~/.openclaw/config/dify.env and call the Dify API (POST /chat-messages) with streaming responses — that is consistent with the skill's purpose. The instructions do not ask for unrelated system files or other service credentials. Minor inconsistencies: troubleshooting mentions DIFY_WORKFLOW_ID though the script does not use it; the README advises not to send sensitive data but the script will forward any query to the configured API endpoint, so endpoint scope matters.
- Install Mechanism
- okThis is an instruction-only skill with a bundled Python script and no automated install spec. It requires the 'requests' Python package (documented). No external downloads or installers are used, which is low-risk from an install perspective.
- Credentials
- concernThe script legitimately needs DIFY_API_KEY and DIFY_API_BASE (and optionally DIFY_USER) — these are proportional to the task. The problem is that the skill metadata does not declare these required environment variables or a primary credential, creating a mismatch. Also, the skill reads plaintext credentials from ~/.openclaw/config/dify.env; users should ensure that file is stored and permissioned securely and that the API key has minimal scope.
- Persistence & Privilege
- okThe skill does not request persistent/global privileges (always is false) and does not modify other skills or system-wide configuration. It simply reads a user config file and performs network calls to the configured Dify endpoint.