ClawHub

Discord Message Guard

v1.0.0

Filters and moderates Discord messages with spam detection, rate limiting, content checks, and pattern-based blocking before reaching agents.

0· 55·0 current·0 all-time
by@jlkptom-prog
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the code and README: the code implements metadata extraction, rule engine, session state, and history cleaning for Discord messages. Declared dependencies (discord.js) and the included TS source files are appropriate for this purpose.
Instruction Scope
SKILL.md is minimal and describes middleware behavior only. The runtime code references only Discord message data structures and internal state; it does not read files, environment variables, or call external endpoints beyond what a Discord bot integration would normally use.
Install Mechanism
The registry entry contains no install spec, but the package includes package.json, package-lock.json, and TS sources with README build instructions (npm install; npm run build). This is not malicious but means the skill requires a build step and npm dependencies to be installed by the integrator — the registry did not provide an automated install mechanism.
Credentials
The skill declares no required environment variables or credentials. The code expects a botUserId to be passed programmatically; it does not request tokens or unrelated secrets. Dependencies are standard npm packages (discord.js and common dev tools).
Persistence & Privilege
Flags show standard defaults (always:false, model invocation enabled). The skill does start an internal cleanup timer (setInterval) for session management, which is reasonable for a long-running middleware; it does not modify other skills or system-wide settings.
Assessment
This skill appears to do what it says: local middleware for Discord message filtering. Before installing, note that: (1) it's source-based (TypeScript) and includes a package.json and package-lock — you or your deploy system must run npm install and build (the registry has no automated install step). (2) It does not request bot tokens or env secrets itself, but you will still need to integrate it into your bot code and supply your bot user id and bot token via your own code (do not paste tokens into third-party UIs). (3) Review the code if you have policy requirements (the repo is from an unknown source in the registry metadata). (4) Test in a staging environment first; the skill runs a periodic cleanup timer (normal) and can be invoked autonomously by agents (default behavior). If you need an install script provided by the publisher or an audited distribution, request that before using in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk971ar7fz7gxpc1ztzwn6cd7g184b014

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments