Discord Context
WarnAudited by ClawScan on May 18, 2026.
Overview
This skill asks users to expose a Discord bot token so the agent can bypass OpenClaw’s normal Discord visibility limits and read message history outside the current session.
Install only if you intentionally want this agent to have ongoing bot-token access to Discord history. Use a dedicated bot with minimum channel permissions, confirm each channel/thread ID, avoid persistent token pointers, and rotate or delete the token after use.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent with this token can use the bot’s Discord privileges, including reading channels and threads beyond the active OpenClaw session and potentially performing other Discord API actions allowed to the bot.
The skill explicitly works around a platform credential-redaction boundary by making the raw Discord bot token available to the agent.
OpenClaw redacts the Discord bot token ... by design ... Store the Discord bot token in a separate file accessible to the agent
Use only a dedicated, tightly permissioned bot token if this is truly needed, and prefer a platform-supported scoped integration with explicit per-request approval.
A mistaken or overbroad invocation could pull private Discord history anywhere the bot has access, and the read-only intent is guidance rather than a technical limit.
The skill exposes direct raw API calls for arbitrary channel or thread IDs rather than a scoped read-only tool or approval-gated workflow.
curl -s -H "Authorization: Bot $DISCORD_TOKEN" ... "https://discord.com/api/v10/channels/{channel_or_thread_id}/messages?limit=50"Require explicit user confirmation of the target channel/thread ID, keep requests narrow, and avoid giving the agent a general-purpose bot token when a scoped read-only mechanism is available.
Future agent sessions may know how to find the token and retrieve Discord history without you re-entering or re-scoping the credential.
The skill creates persistent cross-session context pointing the agent to a sensitive credential, enabling later reuse beyond a single approved task.
Record the path in `TOOLS.md` so the agent knows where to find it across sessions.
Avoid storing credential locations in persistent agent notes; if used, remove the token file and TOOLS.md entry after the task or rotate the token.