Discord Purge Bot

Security checks across malware telemetry and agentic risk

Overview

This is a real Discord cleanup tool, but its destructive message and channel deletion flows need careful review before use.

Install only if you intentionally want agent-assisted Discord moderation. Use a dedicated least-privileged bot restricted to the intended guild and channels, set the token via environment or secret tooling rather than --token, manually review preview counts and filters before deletion, and avoid --delete-old unless you are certain the original channel history can be lost.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script explicitly accepts a Discord bot token via the `--token` CLI argument, which can expose the credential through shell history, process listings, job logs, or orchestration tooling. In this skill's context, the token is highly sensitive because it authorizes destructive message-deletion operations against Discord channels, so accidental disclosure could enable unauthorized purge actions or broader bot abuse.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal