π‘οΈ Security: Add automated security scanning for plugin submissions
Problem
The current plugin pre-check pipeline (pre-check-plugin.yaml) validates manifest format, icons, versioning, dependencies, and packaging β but does not include any security analysis of the plugin code itself.
After scanning all 493 plugins in this repository with AgentShield, we found:
| Category |
Count |
% |
| π΄ Plugins with High Risk findings |
6 |
1.2% |
| π‘ Plugins with Medium Risk findings |
72 |
14.6% |
| π’ Clean plugins |
415 |
84.2% |
High Risk Examples
LogicOber/better-e2b-sandbox (Score: 0/100)
tools/create-nextjs-bun-sandbox.py:134 β downloads and executes remote code via pipe-to-shelltools/install-packages.py:18 β same pattern- Reverse shell patterns detected in multiple files
allenyzx/enhancing_function_agent (Score: 0/100)
- 4 instances of
eval() with dynamic (user-controlled) input in strategies/enhancing_function_agent.py
bowenliang123/md_exporter (Score: 0/100)
- 6 instances of
exec() with dynamic input in bundled md2pptx library
The full report with all findings is available here: Dify Plugins Security Report
Suggestion
Add a security scanning step to the pre-check pipeline. For example, using AgentShield:
- name: Security Scan
run: |
npx @elliotllliu/agentshield@latest scan "$PLUGIN_PATH" --json > security-report.json
SCORE=$(node -e "console.log(JSON.parse(require('fs').readFileSync('security-report.json','utf8')).score)")
HIGH=$(node -e "console.log(JSON.parse(require('fs').readFileSync('security-report.json','utf8')).findings.filter(f=>f.severity==='high').length)")
echo "Security Score: $SCORE/100, High Risk: $HIGH"
if [ "$HIGH" -gt 0 ]; then
echo "::warning::Plugin has $HIGH high-risk security findings (score: $SCORE/100)"
fiThis would:
- β
Zero install required (
npx)
- β
Scan Python code for
eval()/exec(), data exfiltration, backdoors, reverse shells
- β
Detect prompt injection in tool descriptions
- β
Support
.difypkg zip extraction
- β
Complete in <1s per plugin
- β
Non-blocking (warning only, not failing the build)
Notes
- AgentShield is open source (MIT license): https://github.com/elliotllliu/agentshield
- The scan used v0.3.0 with three-tier risk classification (High/Medium/Low)
- We focused on minimizing false positives β the 6 high-risk findings above are all confirmed real patterns
- Happy to help integrate or adjust rules for the Dify plugin ecosystem
π‘οΈ Security: Add automated security scanning for plugin submissions
Problem
The current plugin pre-check pipeline (
pre-check-plugin.yaml) validates manifest format, icons, versioning, dependencies, and packaging β but does not include any security analysis of the plugin code itself.After scanning all 493 plugins in this repository with AgentShield, we found:
High Risk Examples
LogicOber/better-e2b-sandbox (Score: 0/100)
tools/create-nextjs-bun-sandbox.py:134β downloads and executes remote code via pipe-to-shelltools/install-packages.py:18β same patternallenyzx/enhancing_function_agent (Score: 0/100)
eval()with dynamic (user-controlled) input instrategies/enhancing_function_agent.pybowenliang123/md_exporter (Score: 0/100)
exec()with dynamic input in bundledmd2pptxlibraryThe full report with all findings is available here: Dify Plugins Security Report
Suggestion
Add a security scanning step to the pre-check pipeline. For example, using AgentShield:
This would:
npx)eval()/exec(), data exfiltration, backdoors, reverse shells.difypkgzip extractionNotes