Discord Doctor
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is not proven malicious, but it tells users to run an unprovided repair command that can install packages, change gateway/launchd state, move config files, and inspect OAuth status.
Treat this as a review-needed skill. Before installing or running it, verify the source of the `discord-doctor` executable, run diagnostics without `--fix` first, back up `~/.clawdis`, and explicitly approve any package install, daemon restart, launchd change, or OAuth-related step.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent could run a command whose source and behavior were not reviewed as part of this skill.
The reviewed package contains only documentation, not the `discord-doctor` executable or an install source, so this depends on an unreviewed command found elsewhere on the system.
# Check and auto-fix issues discord-doctor --fix
Do not run `discord-doctor --fix` until you know where the executable comes from and have reviewed or trusted its implementation.
The repair mode could change your local development environment, running services, and saved configuration in ways that may be hard to audit afterward.
One auto-fix option can make multiple local mutations, including dependency installation, daemon control, launch agent removal, and config movement, without documenting separate approvals or exact limits.
When run with `--fix`, it can: ... Start gateway ... Install missing npm packages ... Restart gateway ... Remove legacy launchd service ... Backup legacy config
Run diagnostic-only mode first, inspect each proposed fix, back up relevant config, and avoid allowing an agent to run `--fix` without explicit confirmation.
The tool may inspect local authentication state for your Clawdbot/Anthropic setup.
The skill explicitly handles OAuth status, which is related to its stated purpose, but token storage, credential scope, and output handling are not specified.
Anthropic OAuth - Is your OAuth token valid or expired
Use only a trusted implementation and avoid sharing command output if it includes token values, account identifiers, or other sensitive authentication details.
A gateway process may continue running after the command finishes.
The skill checks and may start a gateway daemon, which is expected for this purpose but creates or changes background process state.
Gateway Process - Is the Clawdbot gateway daemon running
Confirm that you want the gateway running and know how to stop it if the repair is not desired.