critical
suspicious.env_credential_access
- Location
- index.ts:156
- Finding
- Environment variable access combined with network send.
Discord Voice
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal, suspicious.insecure_tls_verification
Findings (8)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
Someone else in the Discord voice channel could prompt the bot, spend API quota, or steer the connected agent unless access is restricted.
Why it was flagged
The plugin itself warns that the default/no-allowlist configuration permits any user in a joined voice channel to interact with the bot and trigger provider or agent API activity.
Skill content
[discord-voice] No allowedUsers configured — all users in joined channels can interact with the bot and trigger API calls. Set allowedUsers to restrict access.
Recommendation
Configure allowedUsers before enabling the plugin, avoid auto-joining public channels, and add confirmation or tool restrictions for non-chat actions.
What this means
Installing and enabling the skill gives it access to a Discord bot account and potentially billable speech provider accounts.
Why it was flagged
The skill requires a Discord bot token and can use multiple provider API keys, which is expected for Discord voice, speech-to-text, and text-to-speech integration.
Skill content
"discord.token": { "required": true, "description": "Discord bot token ..." }, "OPENAI_API_KEY": { "required": false }, "ELEVENLABS_API_KEY": { "required": false }, "DEEPGRAM_API_KEY": { "required": false }Recommendation
Use a least-privileged Discord bot token, store provider keys securely, monitor usage, and revoke keys if the plugin is no longer needed.
What this means
Prior voice interactions may influence later agent responses, and sensitive spoken content may remain in local agent session history.
Why it was flagged
Voice interactions are tied to a persistent guild-level agent session store, so spoken content or resulting context may persist across conversations.
Skill content
const sessionKey = `discord:voice:${guildId}`; ... const sessionStore = deps.loadSessionStore(storePath); ... await deps.saveSessionStore(storePath, sessionStore);Recommendation
Inform channel participants, avoid discussing sensitive information, and periodically clear or rotate voice-agent sessions if privacy matters.
What this means
Voice audio or transcripts may leave the local machine depending on the selected STT/TTS providers.
Why it was flagged
The plugin can send speech data to remote transcription/TTS providers or a remote Wyoming Whisper server, which is purpose-aligned but privacy-sensitive.
Skill content
"description": "Wyoming Faster Whisper (remote STT over TCP)"
Recommendation
Use local-whisper and local/offline TTS providers for sensitive conversations, and only configure remote endpoints you trust.
What this means
The bot may reconnect and remain present in voice channels longer than expected if configured that way.
Why it was flagged
The plugin is designed to keep voice connectivity alive, which is disclosed and useful for voice chat but means it can continue operating after disconnections.
Skill content
- **Auto-reconnect**: Automatic heartbeat monitoring and reconnection on disconnect
Recommendation
Only enable auto-join/reconnect behavior in channels where continuous bot presence is intended, and use leave/disable controls when finished.
What this means
Installing the plugin also installs third-party code that can run in the local OpenClaw environment.
Why it was flagged
The plugin depends on several npm packages for Discord voice, speech providers, and WebSocket/audio processing; this is expected for the purpose but adds normal dependency supply-chain exposure.
Skill content
"dependencies": { "@aws-sdk/client-polly": "^3.990.0", "@deepgram/sdk": "^4.11.3", "@discordjs/voice": "^0.19.0", ... "ws": "^8.18.0" }Recommendation
Install from a trusted source, prefer lockfile-based installation, and keep dependencies updated.
Findings (8)
critical
suspicious.env_credential_access
- Location
- src/streaming-tts.ts:56
- Finding
- Environment variable access combined with network send.
critical
suspicious.env_credential_access
- Location
- src/stt.ts:38
- Finding
- Environment variable access combined with network send.
critical
suspicious.env_credential_access
- Location
- src/tts.ts:49
- Finding
- Environment variable access combined with network send.
critical
suspicious.exposed_secret_literal
- Location
- src/config.ts:269
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- src/streaming-tts.ts:116
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- src/tts.ts:96
- Finding
- File appears to expose a hardcoded API secret or token.
warn
suspicious.insecure_tls_verification
- Location
- index.ts:158
- Finding
- HTTPS certificate verification is disabled.