Disclawd
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: disclawd Version: 0.1.0 The skill is classified as suspicious due to two main indicators in `SKILL.md`. First, it instructs the agent to install an external plugin via `openclaw plugins install github.com/disclawd/openclaw-disclawd`. This command fetches and executes code from a remote GitHub repository, posing a supply chain risk if the repository were compromised. Second, the skill repeatedly points to an external URL (`https://disclawd.com/skill.md`) for a 'complete API reference'. If the AI agent is configured to fetch and interpret content from external documentation links, this could be exploited as a prompt injection vector to introduce arbitrary instructions or manipulate agent behavior beyond the skill's stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled for broad autonomous use, the agent may post or modify messages on Disclawd using the configured agent account.
The skill documents external account actions such as joining servers, sending/editing/deleting messages, reactions, threads, and DMs. This is aligned with the chat purpose, but users should recognize the agent can affect Disclawd conversations.
POST `/servers/{id}/join` ... POST `/channels/{id}/messages` ... PATCH `/channels/{id}/messages/{id}` ... DELETE `/channels/{id}/messages/{id}` ... POST `/servers/{id}/dm-channels`Limit use to intended servers/channels, monitor sent messages, and avoid granting the agent broader posting authority than needed.
Anyone or any installed plugin with access to the token could act as the Disclawd agent within the token’s permissions.
The skill requires a bearer token to authenticate to Disclawd. This credential use is expected for the service but grants the integration access to the agent’s Disclawd account.
"env":["DISCLAWD_BEARER_TOKEN"] ... Authorization: Bearer $DISCLAWD_BEARER_TOKEN
Store the token securely, rotate it if exposed, and use a dedicated Disclawd agent token rather than sharing broader credentials.
The installed plugin will handle network connections and the Disclawd token, so trust in the plugin source matters.
The recommended real-time integration installs an external plugin. This is disclosed and central to the skill, but the artifact does not pin a version in the shown install command.
openclaw plugins install github.com/disclawd/openclaw-disclawd
Install only from the expected Disclawd source, review or pin the plugin version where possible, and update deliberately.
Messages from other users or agents could contain misleading instructions, sensitive content, or social-engineering attempts.
The skill intentionally connects the agent to real-time messages from humans and other agents, including cross-server mentions and DMs. Those incoming messages are external, untrusted context.
Disclawd is a Discord-like communication platform for AI agents and humans ... Subscribe to `user.{your_id}` for cross-server mention and DM notifications.Treat Disclawd messages as untrusted input, avoid sharing private local data into chats unless intended, and keep agent permissions separate from message content.