Skillv0.1.0

ClawScan security

Discrawl · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 28, 2026, 5:57 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: Discrawl's requirements and runtime instructions are coherent with its stated purpose (mirroring Discord guild data locally); the only minor notes are reuse of an OpenClaw config file and the need to verify the third‑party Homebrew tap before installing.
Guidance: This skill appears to do what it says: it runs a local tool (discrawl) to copy Discord guild data into ~/.discrawl/discrawl.db using a Discord bot token. Before installing and using it: (1) verify the Homebrew tap (steipete/tap) and the formula source on the project's GitHub to ensure you're installing the expected binary, (2) create a bot token with the minimum permissions required and only invite the bot to guilds you control or trust, (3) protect the local DB (~/.discrawl/discrawl.db) with appropriate filesystem permissions or encryption because it will contain message history, and (4) be aware that an agent invoking this skill can run raw SQL (discrawl sql ...) against the local archive — restrict agent autonomy or review queries if you don't want full local-history access. If you want me to, I can check the GitHub repo and brew tap homepage for matching authorship and release artifacts.

Review Dimensions

Purpose & Capability: okThe skill declares a single required binary (discrawl) and a Discord bot token, which is exactly what's needed to crawl guild data. No unrelated credentials or unusual binaries are requested. The optional mention that it can reuse ~/.openclaw/openclaw.json is reasonable for convenience but is not required.
Instruction Scope: noteSKILL.md instructs only to run the discrawl binary (doctor/init/sync/status/search/sql) and store data under ~/.discrawl. This stays within the stated purpose. Notes: (1) it mentions optionally reusing ~/.openclaw/openclaw.json — reading that file is out-of-band relative to declared requirements and is optional, (2) it recommends scheduling via PaperFang cron (infrastructure suggestion), and (3) it exposes a raw SQL command (discrawl sql ...), meaning an agent with access to this skill can run arbitrary read queries against the local SQLite archive — protect that DB accordingly.
Install Mechanism: okInstallation is via a Homebrew formula (steipete/tap → discrawl). Brew formulas are a standard install path; this is lower-risk than arbitrary downloads. As a best practice, verify the tap (steipete/tap) and formula source before installing.
Credentials: okOnly DISCORD_BOT_TOKEN is required, which matches the stated purpose. No unrelated secrets or multiple credentials are requested. The only caveat: the SKILL.md mentions optionally reusing ~/.openclaw/openclaw.json (a config file) even though no config paths are declared — this is optional but worth noting.
Persistence & Privilege: okThe skill does not request always:true and writes its own config and DB under ~/.discrawl, which is expected. Model invocation is allowed (normal). Consider that allowing autonomous agent invocation plus the ability to run discrawl sql gives the agent read access to all mirrored messages — protect the local DB and limit agent privileges accordingly.