Agent Discordbot

Security checks across malware telemetry and agentic risk

Overview

This Discord bot skill is coherent and disclosed, but it can read or post in authorized servers and stores bot credentials locally.

Install only if you trust the agent-messenger npm package and need an agent-controlled Discord bot. Create a dedicated bot with minimal permissions, avoid broad snapshots unless necessary, confirm target channel IDs before posting or uploading files, and periodically clear stored credentials and ~/.config/agent-messenger/MEMORY.md when they are no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Rogue AgentSelf-Modification, Session Persistence
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Description-Behavior Mismatch

Medium

Confidence: 77% confidence
Finding: The manifest description omits significant capabilities including file upload, thread operations, user enumeration, credential storage, and full-server snapshots. In agent environments, understated capability descriptions can cause operators to authorize a skill without realizing it can collect workspace metadata or persist credentials, increasing the chance of unintended data exposure.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill directs persistent storage of server IDs, channel IDs, user IDs, aliases, and preferences across sessions without a prominent consent or privacy warning. Even if tokens and full message content are excluded, this metadata can still reveal internal workspace structure, personnel identities, and operational context, and may later be exposed to unrelated tasks or users.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documented snapshot and message-listing features can retrieve recent message content, member identities, and channel metadata, but the skill lacks a strong warning that these operations may expose sensitive communications and organizational data. In a multi-agent or shared environment, such broad read capabilities materially increase the risk of over-collection and accidental disclosure.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The examples demonstrate reading channel messages, listing users, and writing or modifying server content without any warning that these actions affect real Discord servers and may expose private conversations or member data. In an agent context, copy-pasted patterns can be executed against production workspaces, causing unintended disclosure, spam, or unauthorized interaction with live community data.

Ssd 3

Medium

Confidence: 90% confidence
Finding: The memory instructions explicitly tell the agent to retain identifiers, aliases, and preferences across sessions, creating a durable natural-language record of potentially sensitive organizational metadata. Cross-session retention increases the blast radius of prompt leakage, local compromise, or unintended reuse of prior context in unrelated conversations.

Session Persistence

Medium

Category: Rogue Agent
Content: ### Bot Token Setup agent-discordbot uses Discord Bot tokens which you create in the Discord Developer Portal: ```bash # Set bot token (validates against Discord API before saving)
Confidence: 84% confidence
Finding: create in the Discord Developer Portal: ```bash # Set bot token (validates against Discord API before saving) agent-discordbot auth set your-bot-token # Set with a custom bot identifier agent-discor

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal