ClawHub
Back to skill
v1.0.0

Discord Doctor

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:43 AM.

Analysis

This skill is mostly aligned with Discord/Clawdbot repair, but it asks users to rely on an unprovided command that can inspect OAuth/session state and make local system changes.

GuidanceTreat this as a review-before-use skill. The diagnostic purpose is understandable, but do not run `discord-doctor --fix` until you know which binary will execute, where it came from, what credential/config files it reads, and whether you are comfortable with npm installs, gateway restarts, and Clawdis config migration.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusConcern
metadata
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill. No code files present

The skill depends on a `discord-doctor` command, but the reviewed artifacts do not provide the command implementation, install source, or provenance.

User impactA user could be directed to run a local command whose implementation is not available in the supplied artifacts, even though that command is documented as capable of changing packages, services, and config files.
RecommendationVerify where the `discord-doctor` binary comes from and review its implementation before running it, especially with `--fix`.
Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
When run with `--fix`, it can: Start gateway ... Install missing npm packages ... Restart gateway ... Remove legacy launchd service ... moves `~/.clawdis` to `~/.clawdis-backup`

The documented repair mode can perform multiple local mutations from a single fix command, including package installation, process control, and configuration migration.

User impactRunning the fix mode could alter the local Node/npm environment, change gateway process state, and move or remove legacy Clawdis configuration artifacts.
RecommendationRun diagnostic mode first, back up relevant config, and only use `--fix` if you trust the command and understand each change it may make.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceMediumStatusConcern
SKILL.md
Anthropic OAuth - Is your OAuth token valid or expired ... Recent Activity - Shows recent Discord sessions

The skill documents access to OAuth/account/session-related state, while the registry declares no primary credential, required env vars, or required config paths.

User impactThe command may inspect local authentication or account activity state; even if it only reports status, that is sensitive information users should expect and approve.
RecommendationConfirm which local credential or config files are read, ensure token values are not displayed or logged, and avoid running it in shared or untrusted environments.