Discord Voice Using Deepgram
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This appears to be a real Discord/Deepgram voice plugin, but it can let Discord voice input drive the agent’s full toolset and may listen more broadly than users expect unless carefully configured.
Only install this if you trust the publisher and are comfortable letting Discord voice input reach your agent. Before enabling it, set primaryUser or allowedUsers using numeric Discord IDs, consider disabling allowVoiceSwitch and autoJoinChannel, require confirmations for high-impact agent tools, and make sure everyone in the voice channel understands that audio/transcripts may be sent to Deepgram and stored in agent session history.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone whose speech is accepted in the voice channel, or a bad transcription, could potentially trigger whatever tools and skills the user’s main agent can normally use.
Transcribed speech is used as the agent prompt while the voice session explicitly grants access to all normal tools and does not use a restricted lane.
const extraSystemPrompt = `You are ${agentName}, speaking in a Discord voice channel... You have access to all your normal tools and skills. The user's Discord ID is ${userId}.`; ... prompt: text, ... // lane: "discord-voice", // Removed - was possibly restricting tool accessUse a restricted voice lane or tool allowlist, require confirmation for high-impact tools, and enforce primaryUser or allowedUsers before the bot joins a channel.
If the installer does not set a primary speaker or allowlist, other people in the Discord voice channel may be able to talk to and control the agent.
The actual configuration indicates an empty allowlist permits all users, which is easy to miss because SKILL.md presents the 'only listen to you' safeguard as the default behavior.
"allowedUsers": { "type": "array", ... "default": [] } ... "help": "Discord user IDs allowed to use voice (empty = all allowed)"Make the default deny-by-default, require a primaryUser during setup, and update the documentation to clearly say that an empty allowlist means all channel users are allowed.
Speech from one accepted Discord user may affect the ongoing memory/context used for later voice interactions in the same guild.
Voice transcripts are routed into a persistent agent session keyed only by guild, not by individual speaker, with no retention or speaker-boundary controls described.
const sessionKey = `discord:voice:${guildId}`; ... const sessionStore = deps.loadSessionStore(storePath); ... await deps.saveSessionStore(storePath, sessionStore); ... sessionFile, ... prompt: textDocument retention clearly, consider per-user sessions, provide a way to clear voice session history, and avoid reusing multi-user voice context for sensitive tasks.
Installing the skill gives the plugin access to your Discord bot identity and your Deepgram account for transcription and speech generation.
The skill requires account credentials and Discord bot permissions, which are expected for a Discord voice/STT/TTS integration but still sensitive.
- A Discord bot token (`DISCORD_TOKEN`) - A Deepgram API key (`DEEPGRAM_API_KEY`) - Discord bot permissions in your server: Connect, Speak, Use Voice Activity
Use a dedicated Discord bot token, limit Discord permissions to the minimum needed, store the Deepgram key as a secret, and rotate keys if removed.
Voice audio, transcripts, and agent replies may be processed by Deepgram outside your local OpenClaw environment.
The skill discloses the external provider flow: Discord audio and generated text are sent to Deepgram as part of the voice pipeline.
Discord voice audio → Deepgram streaming STT (WebSocket) - Transcript → your agent - Agent reply → Deepgram TTS (`/v1/speak` streamed HTTP Ogg/Opus)
Confirm that all voice-channel participants consent to this processing and review Deepgram’s data handling settings and retention policy.
If auto-join is configured, the bot may enter a voice channel and start listening whenever the service starts.
The plugin can automatically join a configured voice channel on startup, which is purpose-aligned but creates an ongoing listener if enabled.
if (cfg.autoJoinChannel) { ... api.logger.info(`[deepgram-discord-voice] Auto-joining channel ${cfg.autoJoinChannel}`); ... await vm.join(channel as VoiceBasedChannel); }Leave autoJoinChannel unset unless you explicitly want this behavior, and provide clear status/leave controls for users in the Discord server.
It may be harder to confirm that the reviewed package is the exact package and publisher you intended to install.
The package-internal metadata differs from the registry summary, which lists a different owner ID, slug, and version; this is a provenance/versioning gap for a credential-using plugin.
"ownerId": "kn738y5j6ep0rq1e9efavpzkth7zyh41", "slug": "deepgram-discord-voice", "version": "0.2.0"
Verify the publisher and source before installing, and prefer a package with matching registry/package metadata and a clear upstream repository.