Back to skill

Security audit

Discord

Security checks across malware telemetry and agentic risk

Overview

This Discord integration is disclosed and purpose-aligned, but it can affect your Discord account or server state through ClawLink, so users should review permissions before installing.

Install only if you trust ClawLink to broker your Discord OAuth connection. Review the Discord scopes during OAuth, prefer read-only tools when possible, and require explicit confirmation before leaving guilds, editing command permissions, consuming or deleting entitlements, updating or deleting role connections, or modifying your Discord profile. Revoke the ClawLink or Discord OAuth connection when you no longer need it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill exposes destructive or account-affecting Discord actions such as leaving guilds, deleting entitlements, deleting role connections, and modifying user state, but it provides only terse risk labels without clear user-facing warnings about consequences before use. In a chat-driven agent context, users may invoke these actions without understanding they are irreversible or materially disruptive, increasing the chance of accidental harmful changes.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.