Discord Connect Wizard

Security checks across malware telemetry and agentic risk

Overview

This skill performs sensitive Discord setup work, but its token handling, config changes, and gateway restart are disclosed and aligned with its onboarding purpose.

Install only if you intend to create or connect a Discord bot for OpenClaw on this machine. Treat the bot token like a password, avoid pasting it into chat unless necessary, review the generated accountId/server/user before config is written, and consider changing requireMention=false if you do not want the bot watching ambient messages in the allowed server.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The README explicitly promises automated config writes and gateway restarts, which are local system modifications, but it does not clearly warn the user before those actions occur or emphasize that the skill changes local OpenClaw state. In an agent-driven workflow, missing consent and state-change disclosure can lead to unintended service disruption, altered bot configuration, or execution in the wrong environment.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill explicitly handles a Discord bot token and writes it into OpenClaw configuration, but it does not clearly warn the user that this credential will be persisted locally and may be exposed through shell history, logs, screenshots, or config files. In a setup wizard context this is functional behavior, but the lack of explicit credential-handling and storage warnings creates a real security risk if users proceed without understanding where the token ends up.

Missing User Warnings

Low

Confidence: 83% confidence
Finding: The skill states that it writes Discord-related configuration and restarts the gateway, but it does not present this as an explicit operational warning before execution. This can cause unintended service disruption or unexpected live config changes on a real OpenClaw instance, especially if the user assumes the wizard is purely informational or non-invasive.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs the agent to write local OpenClaw configuration and restart the gateway, but does not require an explicit user-facing confirmation immediately before those state-changing actions. In a browser-driving onboarding flow designed to minimize user thinking, this increases the chance of silent modification of the local system and service state beyond what the user reasonably expects.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The checklist explicitly instructs the agent to write OpenClaw configuration and restart the gateway, but it does not require an explicit user confirmation or a prominent disclosure immediately before making those system changes. In a local onboarding skill with browser/tool access, this can cause unintended modification of runtime state and service interruption, especially if the agent derives the wrong accountId or targets the wrong environment.

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: ## Flow 1) Agent opens https://discord.com/developers/applications (agent must do this; do NOT ask user to open it) 2) Agent creates new application (name auto-generated, must NOT contain "discord") 3) Agent navigates to Bot page, enables intents, saves 4) Agent triggers Reset Token (and clicks confirm)
Confidence: 82% confidence
Finding: do NOT ask user

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal