Discord Chat

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Discord integration whose message and channel-management powers are disclosed, but users should tightly limit bot permissions and confirm destructive actions.

Install this only for a Discord bot you control. Grant the bot the minimum server and channel permissions needed, keep the token in environment variables or a secret manager, and require explicit confirmation before posting publicly, editing or deleting messages, pinning content, or changing/deleting channels.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The manifest description narrows the skill to sending, replying to, and searching Discord messages, but the body documents additional capabilities including reading, reacting, editing, deleting messages, and channel inspection. This scope mismatch can mislead users, reviewers, or policy systems about the true authority of the skill, increasing the chance that higher-risk actions are invoked without appropriate scrutiny.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The file documents powerful Discord administrative operations such as channel creation, editing, deletion, category management, and permission inspection, which materially exceed the stated skill scope of sending, replying to, and searching messages. In an agent setting, this kind of scope drift is dangerous because downstream planners or users may infer that the skill is authorized for broader server administration, leading to destructive or unauthorized actions on Discord infrastructure.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The title and introductory text explicitly present the file as a channel-management capability, contradicting the message-focused purpose in the skill metadata. This inconsistency increases the likelihood of operator or agent misuse because documentation is often treated as authoritative when deciding what actions a skill may perform.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly documents message deletion but provides no warning, confirmation requirement, or safety guidance for this destructive action. In a chat platform context, deleting messages can cause loss of records, disrupt coordination, or enable abuse by removing evidence of prior communications.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal