Discord Bot
Discord Bot API integration — manage servers, channels, messages, roles, members, and webhooks via the Discord REST API. Send messages, manage server setting...
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 313 · 3 current installs · 3 all-time installs
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill name/description (Discord bot management) aligns with the code’s intent (HTTP calls to discord.com). However the actual HTTP paths and methods in the script are incorrect/implausible for the real Discord REST API (e.g., using endpoints like /guild/get, /channel/create, /message/edit instead of Discord’s documented endpoints), and the script uses Authorization: Bearer <token> while Discord bot tokens require the Authorization: Bot <token> header. These mismatches mean the script likely will not function as advertised and raise concerns about correctness.
Instruction Scope
SKILL.md states 'never stores data locally' and declares only DISCORD_BOT_TOKEN as required, but the runtime script attempts to read an .env file from a workspace path (constructed from WORKSPACE or ~/.openclaw/workspace/.env) if the environment variable is absent. Reading files from the user home/workspace is outside what the skill declares and is unexpected scope creep. The SKILL.md instructions do not mention this fallback behavior.
Install Mechanism
This is instruction-only with an included Python script and no install spec — nothing is automatically downloaded or written to disk by an installer. Risk from install mechanism itself is low.
Credentials
The declared required credential (DISCORD_BOT_TOKEN) is appropriate. However the script also reads a WORKSPACE environment variable (not declared) to form a path to an .env file in the user's home (~/.openclaw/workspace/.env), which could access other secrets or files. The undocumented file-read fallback is disproportionate and should be disclosed or removed.
Persistence & Privilege
The skill does not request permanent presence (always is false) and does not modify other skills or system-wide settings. No elevated persistence privileges are requested.
What to consider before installing
This skill is internally inconsistent and should be reviewed/fixed before you provide a real bot token or run it in a production environment. Specific points to consider:
- Do not supply your production DISCORD_BOT_TOKEN until the script is fixed and reviewed. Use a test bot with minimal permissions for experiments.
- Code issues to fix or verify: change Authorization header to 'Bot <token>' (not 'Bearer'), and update the HTTP endpoints and methods to match Discord's documented API (e.g., POST /guilds/{guild.id}/channels to create channels, etc.). Many functions currently call nonstandard paths and HTTP verbs and will fail or behave unpredictably.
- The script will try to read ~/.openclaw/workspace/.env (or a WORKSPACE-specified path) if DISCORD_BOT_TOKEN isn't set. This file-read is not declared in SKILL.md — consider removing this fallback or documenting it, since it can access arbitrary files in your home/workspace.
- Because the implementation appears buggy, run the CLI in an isolated environment (sandbox/container) and with a test bot account to observe actual network requests. Inspect and/or instrument the script (or run it under a network debugger) to confirm which endpoints it calls.
- If you are the maintainer or plan to use this skill, request an updated version from the author that fixes the Authorization header, corrects endpoints/methods, removes undocumented file reads, and documents behavior explicitly. If the author provides a corrected version, re-evaluate; if they explain the odd endpoints are placeholders or proxies and provide secure justification, that could change this assessment.
Confidence is medium: the issues look like sloppy/incorrect implementation rather than clearly malicious intent, but the undocumented file access and protocol errors justify caution.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🤖 Clawdis
EnvDISCORD_BOT_TOKEN
Primary envDISCORD_BOT_TOKEN
SKILL.md
🤖 Discord Bot
Discord Bot API integration — manage servers, channels, messages, roles, members, and webhooks via the Discord REST API.
Features
- Send messages — text, embeds, files to any channel
- Channel management — create, update, delete channels
- Server info — guild details, settings, and statistics
- Member management — list, kick, ban, role assignment
- Role management — create, update, assign roles
- Message operations — send, edit, delete, react, pin
- Webhook management — create and send via webhooks
- Thread management — create and manage threads
- Emoji management — list and manage custom emojis
- Audit log — view server audit events
Requirements
| Variable | Required | Description |
|---|---|---|
DISCORD_BOT_TOKEN | ✅ | API key/token for Discord Bot |
Quick Start
# List bot's servers
python3 {baseDir}/scripts/discord-bot.py guilds
# Get server details
python3 {baseDir}/scripts/discord-bot.py guild-get 123456789
# List server channels
python3 {baseDir}/scripts/discord-bot.py channels --guild 123456789
# Create a channel
python3 {baseDir}/scripts/discord-bot.py channel-create --guild 123456789 "general-chat" --type text
Commands
guilds
List bot's servers.
python3 {baseDir}/scripts/discord-bot.py guilds
guild-get
Get server details.
python3 {baseDir}/scripts/discord-bot.py guild-get 123456789
channels
List server channels.
python3 {baseDir}/scripts/discord-bot.py channels --guild 123456789
channel-create
Create a channel.
python3 {baseDir}/scripts/discord-bot.py channel-create --guild 123456789 "general-chat" --type text
channel-update
Update channel.
python3 {baseDir}/scripts/discord-bot.py channel-update 987654321 '{"name":"announcements","topic":"Important updates"}'
send
Send a message.
python3 {baseDir}/scripts/discord-bot.py send --channel 987654321 "Hello from the bot!"
send-embed
Send embed message.
python3 {baseDir}/scripts/discord-bot.py send-embed --channel 987654321 '{"title":"Update","description":"New feature released","color":5814783}'
messages
List channel messages.
python3 {baseDir}/scripts/discord-bot.py messages --channel 987654321 --limit 20
message-edit
Edit a message.
python3 {baseDir}/scripts/discord-bot.py message-edit --channel 987654321 --message 111222333 "Updated text"
message-delete
Delete a message.
python3 {baseDir}/scripts/discord-bot.py message-delete --channel 987654321 --message 111222333
react
Add reaction to message.
python3 {baseDir}/scripts/discord-bot.py react --channel 987654321 --message 111222333 --emoji 👍
members
List server members.
python3 {baseDir}/scripts/discord-bot.py members --guild 123456789 --limit 50
roles
List server roles.
python3 {baseDir}/scripts/discord-bot.py roles --guild 123456789
role-assign
Assign role to member.
python3 {baseDir}/scripts/discord-bot.py role-assign --guild 123456789 --user 444555666 --role 777888999
webhooks
List channel webhooks.
python3 {baseDir}/scripts/discord-bot.py webhooks --channel 987654321
Output Format
All commands output JSON by default. Add --human for readable formatted output.
# JSON (default, for programmatic use)
python3 {baseDir}/scripts/discord-bot.py guilds --limit 5
# Human-readable
python3 {baseDir}/scripts/discord-bot.py guilds --limit 5 --human
Script Reference
| Script | Description |
|---|---|
{baseDir}/scripts/discord-bot.py | Main CLI — all Discord Bot operations |
Data Policy
This skill never stores data locally. All requests go directly to the Discord Bot API and results are returned to stdout. Your data stays on Discord Bot servers.
Credits
Built by M. Abidi | agxntsix.ai YouTube | GitHub Part of the AgxntSix Skill Suite for OpenClaw agents.
📅 Need help setting up OpenClaw for your business? Book a free consultation
Files
2 totalSelect a file
Select a file to preview.
Comments
Loading comments…