Hi Dify team! π
We built AgentShield and scanned all 493 plugins in this repo. Results:
- 6 high-risk plugins (1.2%) β real
eval()/exec() with dynamic input
- 73 medium-risk (14.8%) β potential issues worth reviewing
- 414 clean (84.0%) β no issues found
- Average score: 93/100
Suggestion
Consider adding AgentShield as a CI check for new plugin PRs:
# .github/workflows/security-scan.yml
- name: Security Scan
run: npx -y @elliotllliu/agent-shield scan ./plugins/${{ github.event.pull_request.title }} --json --fail-under 70This would catch malicious plugins before they enter the marketplace. AgentShield:
- Has native
.difypkg support (auto-extract + scan)
- Runs 100% offline (no data leaves CI)
- Takes ~200ms per plugin
- MIT licensed, zero cost
Full integration guide: https://github.com/elliotllliu/agent-shield/blob/main/docs/integration-guide.md
π https://github.com/elliotllliu/agent-shield
π¦ https://www.npmjs.com/package/@elliotllliu/agent-shield
Hi Dify team! π
We built AgentShield and scanned all 493 plugins in this repo. Results:
eval()/exec()with dynamic inputSuggestion
Consider adding AgentShield as a CI check for new plugin PRs:
This would catch malicious plugins before they enter the marketplace. AgentShield:
.difypkgsupport (auto-extract + scan)Full integration guide: https://github.com/elliotllliu/agent-shield/blob/main/docs/integration-guide.md
π https://github.com/elliotllliu/agent-shield
π¦ https://www.npmjs.com/package/@elliotllliu/agent-shield