Discord Voice
WarnAudited by ClawScan on May 10, 2026.
Overview
Discord Voice appears purpose-aligned, but it needs review because its default open voice access can let any user in a joined Discord channel drive the AI and provider API calls unless you restrict it.
Review this before installing if your Discord server has untrusted users. Configure allowedUsers, avoid public auto-join channels, use local/offline speech providers for private conversations, and monitor Discord/provider API usage. No artifact-backed malicious behavior was shown, but the default all-users voice access is broad enough to warrant caution.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Someone else in the Discord voice channel could prompt the bot, spend API quota, or steer the connected agent unless access is restricted.
The plugin itself warns that the default/no-allowlist configuration permits any user in a joined voice channel to interact with the bot and trigger provider or agent API activity.
[discord-voice] No allowedUsers configured — all users in joined channels can interact with the bot and trigger API calls. Set allowedUsers to restrict access.
Configure allowedUsers before enabling the plugin, avoid auto-joining public channels, and add confirmation or tool restrictions for non-chat actions.
Installing and enabling the skill gives it access to a Discord bot account and potentially billable speech provider accounts.
The skill requires a Discord bot token and can use multiple provider API keys, which is expected for Discord voice, speech-to-text, and text-to-speech integration.
"discord.token": { "required": true, "description": "Discord bot token ..." }, "OPENAI_API_KEY": { "required": false }, "ELEVENLABS_API_KEY": { "required": false }, "DEEPGRAM_API_KEY": { "required": false }Use a least-privileged Discord bot token, store provider keys securely, monitor usage, and revoke keys if the plugin is no longer needed.
Prior voice interactions may influence later agent responses, and sensitive spoken content may remain in local agent session history.
Voice interactions are tied to a persistent guild-level agent session store, so spoken content or resulting context may persist across conversations.
const sessionKey = `discord:voice:${guildId}`; ... const sessionStore = deps.loadSessionStore(storePath); ... await deps.saveSessionStore(storePath, sessionStore);Inform channel participants, avoid discussing sensitive information, and periodically clear or rotate voice-agent sessions if privacy matters.
Voice audio or transcripts may leave the local machine depending on the selected STT/TTS providers.
The plugin can send speech data to remote transcription/TTS providers or a remote Wyoming Whisper server, which is purpose-aligned but privacy-sensitive.
"description": "Wyoming Faster Whisper (remote STT over TCP)"
Use local-whisper and local/offline TTS providers for sensitive conversations, and only configure remote endpoints you trust.
The bot may reconnect and remain present in voice channels longer than expected if configured that way.
The plugin is designed to keep voice connectivity alive, which is disclosed and useful for voice chat but means it can continue operating after disconnections.
- **Auto-reconnect**: Automatic heartbeat monitoring and reconnection on disconnect
Only enable auto-join/reconnect behavior in channels where continuous bot presence is intended, and use leave/disable controls when finished.
Installing the plugin also installs third-party code that can run in the local OpenClaw environment.
The plugin depends on several npm packages for Discord voice, speech providers, and WebSocket/audio processing; this is expected for the purpose but adds normal dependency supply-chain exposure.
"dependencies": { "@aws-sdk/client-polly": "^3.990.0", "@deepgram/sdk": "^4.11.3", "@discordjs/voice": "^0.19.0", ... "ws": "^8.18.0" }Install from a trusted source, prefer lockfile-based installation, and keep dependencies updated.