Skillv1.10.5

ClawScan security

Agent Discordbot · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 6, 2026, 3:40 PM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requests, files, and runtime instructions match its stated purpose (controlling Discord bots via a CLI) and don't demand unrelated credentials or exotic installs, but there are a few privacy/operational cautions to consider before installing.
Guidance: This skill is internally consistent with its stated purpose, but review these before installing: 1) npm package trust: verify the agent-messenger package (publisher, source repo, checksums) before npm install. 2) Token storage: the CLI saves bot tokens in plaintext at ~/.config/agent-messenger/discordbot-credentials.json (docs recommend 0600). Treat that file like a secret and ensure proper permissions/backups. 3) Memory file access: the skill instructs the agent to read/write ~/.config/agent-messenger/MEMORY.md at the start of every task — confirm you are comfortable with an agent reading/writing that file and that you will not store sensitive data there. 4) Operational caution: run the CLI in a controlled environment (CI account or dedicated machine) if the bot tokens have broad permissions. If you need higher assurance, inspect the agent-messenger package source code (or its published repository) before use.

Review Dimensions

Purpose & Capability: okName/description, required binary (agent-discordbot), node install (agent-messenger), and the shipped templates all align with a CLI-based Discord bot manager. The skill does not request unrelated cloud credentials or system-level access.
Instruction Scope: noteSKILL.md instructs the agent to read/write a persistent memory file (~/.config/agent-messenger/MEMORY.md) at the start/end of every task and to use Read/Write tools to manage it. That is coherent with the described multi-session memory feature but expands the agent's runtime scope to read and overwrite a user file in the home directory — a privacy-sensitive operation the user should be aware of.
Install Mechanism: okInstall is via an npm package (agent-messenger) which produces the declared binary. This is a typical, traceable mechanism (moderate risk compared to direct downloads) and no suspicious external URLs or archive extracts are used.
Credentials: noteThe skill does not request environment variables, which matches expectations. However, the CLI stores bot tokens in plaintext at ~/.config/agent-messenger/discordbot-credentials.json (the docs say permissions 0600). Storing tokens in a local config file is expected for a CLI but is a sensitive behavior the user must accept — the skill explicitly warns not to put tokens into the memory file.
Persistence & Privilege: okalways is false and the skill does not request elevated or global agent privileges. It manages its own config and memory files under ~/.config/agent-messenger, not other skills' configs or system-wide settings.