ClawHub

Discord OpenAPI Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about controlling Discord through UXC, but it can grant broad bot powers and persist live Discord events locally, so it belongs in Review rather than automatic install.

Install only if you want an agent to operate Discord for you. Use a dedicated low-permission bot, restrict it to specific servers and intents, verify OAuth scopes before approving them, require explicit approval for posting/deleting/moderation/admin actions, and avoid or tightly manage Gateway event logs that may contain private data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The OAuth2 section repeatedly frames user OAuth as read-only while also documenting the `guilds.join` scope, which enables a write action under certain conditions. This can mislead operators into granting broader privileges than intended, causing unauthorized server joins or overly permissive consent flows in an agent context where scopes may be copied verbatim.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The example configures `uxc subscribe` to persist live Discord gateway events to a local NDJSON file, which can capture message metadata and potentially message content when privileged intents are enabled. Because the usage pattern does not prominently warn about retention, sensitivity, file permissions, or cleanup, users may unintentionally store private server or direct-message data on disk where it could later be exposed to other local users, backups, or logs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal