v1.0.4

delete discord message in bulk

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:30 PM.

Analysis

The skill is purpose-aligned, but it can use a Discord bot token to irreversibly bulk-delete channel messages, so it needs careful review before use.

GuidanceBefore installing, make sure you are comfortable giving an agent access to a Discord bot that can delete messages. Limit the bot to only the channels it should manage, protect the token, and require clear confirmation of the exact channel and message count before running the purge.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

scripts/discord-purge-tool.py

deleted_url = f"https://discord.com/api/v10/channels/{channel_id}/messages/bulk-delete" ... req = urllib.request.Request(deleted_url, data=data_to_send, method="POST", headers=headers)

The script makes a direct Discord bulk-delete API call against a user-supplied channel ID. This is the intended function, but it is an irreversible moderation action and the code does not enforce an additional preview or confirmation step.

User impactIf the wrong channel or count is used, recent Discord messages can be permanently removed from a server channel.

RecommendationUse only after explicit confirmation of the server, channel, and number of messages. Consider adding a dry-run or preview step before deletion and avoid running it from ambiguous requests.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

Create `token.json` ... "token": "tokenhere" ... OR set environment variable ... DISCORD_TOKEN ... Your Discord bot must have `MANAGE_MESSAGES` permission in target channels

The skill requires a Discord bot credential with message-management authority. This is expected for a deletion tool, but it grants meaningful moderation power wherever that bot has access.

User impactA broadly-permissioned bot token could allow deletion in more channels than the user intended.

RecommendationUse a dedicated bot token with the minimum required channel permissions, keep the token out of shared files, and rotate it if exposed.