ClawHub

Discord Project Manager

Security checks across malware telemetry and agentic risk

Overview

This skill is powerful but coherent: it manages Discord/OpenClaw project permissions as advertised and discloses its sensitive config and token access.

Install only if you want this skill to manage Discord project channels and OpenClaw agent permissions. Use a least-privilege Discord bot limited to the intended guild, back up ~/.openclaw/openclaw.json before first use, and double-check archive/remove commands because they can revoke agent access and trigger a gateway reload.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill reads a Discord bot token from the user's local OpenClaw configuration, giving it access to a sensitive credential without explicit user consent or scoping. In an agent-skill context, this expands the skill's privilege boundary and could enable unauthorized Discord API actions if the skill is misused or modified.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill reads a global user-scoped OpenClaw configuration file from ~/.openclaw/openclaw.json and derives Discord guild information from it without any explicit consent, scoping check, or validation that the data is intended for this skill. This creates a cross-boundary information access issue: the skill can consume unrelated application configuration and potentially bind itself to the wrong Discord environment if the shared config is stale, maliciously modified, or contains multiple accounts/guilds.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The fallback path directly edits a sensitive configuration file and sends a signal to a gateway process without any confirmation, authorization check, or explicit operator warning in this layer. In an agent skill context that manages Discord permissions, this increases the risk of unintended or unauthorized reconfiguration affecting service behavior or access controls.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The code silently retrieves a bot token from a local config file, with no user-facing disclosure that a stored credential is being accessed. In agent environments, undisclosed secret access is risky because users may not realize the skill can act with their bot's privileges across Discord resources.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The archive operation is a destructive action that removes permissions for all registered agents and marks the project archived immediately, with no confirmation, dry-run, or secondary authorization step. In a multi-agent Discord coordination system, a mistaken or spoofed invocation could lock participants out of a thread and disrupt collaboration state, making accidental misuse materially harmful.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal