How does Dify ensure plugin security?

[WilliamChen-luckbob]

Self Checks

• I have searched for existing issues search for existing issues, including closed ones.
• I confirm that I am using English to submit this report (我已阅读并同意 Language Policy).
• [FOR CHINESE USERS] 请务必使用英文提交 Issue，否则会被关闭。谢谢！:)
• Please do not modify this template :) and fill in all the required fields.

Content

I notice all content in the dify-plugin repository is made up of binary encrypted files(.difypkg), which means I have no way to verify the security of the plugins at all.
How does Dify ensure plugin security? Or I can only develop customized plugin all by myself for safety reasons?
Alternatively, could the official team unpack the .difypkg files into source code files and only approve them for listing after a thorough review confirms there are no issues?

[dosubot[bot]]

Dify enforces plugin security through several mechanisms: plugin code execution is delegated to an external sandboxed daemon, not run directly in the core app, which helps isolate plugins from the main system. When installing plugins, Dify can enforce signature verification (if configured to restrict to marketplace-only plugins), and it checks the plugin’s verification status and authorized category (like “official” or “partner”) before allowing installation. All credentials associated with a plugin are automatically deleted when the plugin is uninstalled to prevent leakage. However, the actual plugin code in .difypkg files remains encrypted and is not unpacked or reviewed for source-level security by users or the Dify team before listing—verification is based on package metadata and optional signature checks, not source code review. If you require full source-level trust, developing your own custom plugins is currently the only way to guarantee that level of security.
Reference: Dify core plugin management and security

To reply, just mention @dosu.

---

^{How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other}