Community Mod Pack
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only moderation helper is coherent and limits itself to read-only analysis and draft replies, but users should carefully scope any message-log access, bot tokens, or webhooks.
This skill appears safe for draft-only moderation assistance. Before using it, confirm the community rules are clear, provide only the necessary message exports or read-only access, avoid granting moderation-action permissions, and review all flags or replies before posting or enforcing anything.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An over-scoped bot token could expose or modify community data even though the skill is intended only for analysis and drafts.
Bot tokens can grant access to Discord or Telegram community data, but the artifact frames them as optional and instructs read-only scoping and no file storage.
If bot tokens are provided, restrict to read-only scopes. Do not store tokens in files.
Use read-only/export access where possible, avoid granting delete/ban/moderation permissions, and do not store tokens in project files.
Private community messages or user identifiers could appear in summaries or flags if the provided exports are too broad.
The skill is expected to process community message logs, which may contain private or sensitive user content and untrusted text, but the artifacts also limit use to an allowed window and draft-only moderation outputs.
Channel logs or message exports within the allowed window.
Provide only the channels and time ranges needed, redact sensitive content where practical, and review outputs before sharing them with other moderators.
Improperly configured webhooks could send more message data than intended or trigger excessive processing.
Webhook-triggered processing is an external event flow that can carry community messages into the agent, but the artifact identifies it as optional and includes validation and rate-limiting guidance.
Optional: new message events to trigger summaries. Validate payloads and rate limit processing.
Use webhook secrets or source validation, rate limits, and channel filters; avoid retaining full message bodies beyond the analysis window.