Skip to content

πŸ›‘οΈ Security: Add automated security scanning for plugin submissionsΒ #2160

New issue
New issue
Open
Open
πŸ›‘οΈ Security: Add automated security scanning for plugin submissions#2160
Assignees
crazywoola
@elliotllliu

Description

@elliotllliu
elliotllliu
opened on Mar 13, 2026

πŸ›‘οΈ Security: Add automated security scanning for plugin submissions

Problem

The current plugin pre-check pipeline (pre-check-plugin.yaml) validates manifest format, icons, versioning, dependencies, and packaging β€” but does not include any security analysis of the plugin code itself.

After scanning all 493 plugins in this repository with AgentShield, we found:

Category Count %
πŸ”΄ Plugins with High Risk findings 6 1.2%
🟑 Plugins with Medium Risk findings 72 14.6%
🟒 Clean plugins 415 84.2%

High Risk Examples

LogicOber/better-e2b-sandbox (Score: 0/100)

  • tools/create-nextjs-bun-sandbox.py:134 β€” downloads and executes remote code via pipe-to-shell
  • tools/install-packages.py:18 β€” same pattern
  • Reverse shell patterns detected in multiple files

allenyzx/enhancing_function_agent (Score: 0/100)

  • 4 instances of eval() with dynamic (user-controlled) input in strategies/enhancing_function_agent.py

bowenliang123/md_exporter (Score: 0/100)

  • 6 instances of exec() with dynamic input in bundled md2pptx library

The full report with all findings is available here: Dify Plugins Security Report

Suggestion

Add a security scanning step to the pre-check pipeline. For example, using AgentShield:

- name: Security Scan
  run: |
    npx @elliotllliu/agentshield@latest scan "$PLUGIN_PATH" --json > security-report.json
    SCORE=$(node -e "console.log(JSON.parse(require('fs').readFileSync('security-report.json','utf8')).score)")
    HIGH=$(node -e "console.log(JSON.parse(require('fs').readFileSync('security-report.json','utf8')).findings.filter(f=>f.severity==='high').length)")
    echo "Security Score: $SCORE/100, High Risk: $HIGH"
    if [ "$HIGH" -gt 0 ]; then
      echo "::warning::Plugin has $HIGH high-risk security findings (score: $SCORE/100)"
    fi

This would:

  • βœ… Zero install required (npx)
  • βœ… Scan Python code for eval()/exec(), data exfiltration, backdoors, reverse shells
  • βœ… Detect prompt injection in tool descriptions
  • βœ… Support .difypkg zip extraction
  • βœ… Complete in <1s per plugin
  • βœ… Non-blocking (warning only, not failing the build)

Notes

  • AgentShield is open source (MIT license): https://github.com/elliotllliu/agentshield
  • The scan used v0.3.0 with three-tier risk classification (High/Medium/Low)
  • We focused on minimizing false positives β€” the 6 high-risk findings above are all confirmed real patterns
  • Happy to help integrate or adjust rules for the Dify plugin ecosystem

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions