Discord Chat
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: discord-chat Version: 1.0.0 The skill bundle provides comprehensive documentation for interacting with Discord via a `message` tool, covering standard operations like sending messages, managing channels, and searching. All instructions are clearly defined Discord API operations. The `CONFIG.md` file explicitly recommends strong security practices for bot configuration, such as using environment variables for tokens and limiting permissions. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, obfuscation, or prompt injection attempts against the agent to perform actions beyond the stated purpose of Discord interaction.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the bot has sufficient permissions, the agent could send, edit, delete, pin, or administer Discord content and channels when directed.
The skill documents high-impact Discord administration actions, including permanent channel deletion; this is disclosed and user-directed, but misuse can disrupt a server.
message action=channel-delete channel=discord channelId="1234567890" ... ⚠️ **Warning**: Deletion is permanent. Cannot be undone.
Grant the bot only the permissions needed for the intended use, and require explicit user confirmation before public posts, deletions, channel changes, pins, or other irreversible actions.
A leaked or over-permissioned bot token could allow unintended access or actions in the Discord server.
Discord access relies on a bot token and delegated server permissions configured outside the skill; this is expected for the integration, but it is sensitive authority.
token: "YOUR_BOT_TOKEN" ... https://discord.com/api/oauth2/authorize?client_id=YOUR_CLIENT_ID&permissions=2147485696&scope=bot
Store the token in environment variables or a secret manager, do not commit it to source control, rotate it if exposed, and invite the bot with the least privileges needed.
Discord history could expose sensitive conversations to the agent, and untrusted messages could influence the agent if treated as authoritative instructions.
The skill may retrieve Discord message history as context; that content can be private or written by untrusted channel members.
message action=search channel=discord channelId="1234567890" query="search terms" limit=50 ... **Search before asking** - Check history before requesting info
Limit the bot to appropriate channels, keep search limits narrow, and treat retrieved Discord messages as untrusted user content rather than instructions.