Discord skill
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Discord-control skill, but it gives the agent broad power to post, delete, upload, and potentially moderate Discord content, so it should be reviewed and tightly scoped before use.
Install only if you want Clawdbot to act in Discord. Before enabling, give the bot the minimum Discord permissions needed, restrict it to specific channels if possible, disable unused action groups, and require explicit confirmation for public posts, deletions, uploads, role/channel changes, or moderation.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked incorrectly or with overly broad bot permissions, the agent could post to channels or DMs, delete or edit messages, upload assets, or otherwise affect shared Discord spaces.
The skill documents broad Discord mutation authority, with most action groups enabled unless disabled. The artifact does not show per-action approval, channel allowlisting, or rollback guidance for public posts, deletions, uploads, pins, or moderation-adjacent actions.
Use `discord` to manage messages, reactions, threads, polls, and moderation. You can disable groups via `discord.actions.*` (defaults to enabled, except roles/moderation).
Restrict the Discord bot to only necessary servers and channels, disable unused `discord.actions.*` groups, and require explicit user confirmation for sends, deletions, uploads, pins, channel changes, role changes, and moderation.
The agent may be able to perform any Discord action that the Clawdbot bot account is allowed to perform.
Discord access is delegated through the configured bot identity. This is expected for a Discord integration, but the bot token's server permissions determine what the agent can do.
The tool uses the bot token configured for Clawdbot.
Use a dedicated bot account with minimal permissions, avoid administrator-level roles, limit access to specific channels where possible, and monitor Discord audit logs.
A mistaken file path or target channel could expose private local files or media to Discord users.
The skill can upload user-selected local files or remote media to Discord. This is purpose-aligned, but it creates a data boundary where local content may be sent to an external Discord channel or DM.
`mediaUrl` supports local files (`file:///path/to/file`) and remote URLs (`https://...`)
Only provide approved file paths and destination IDs, avoid sensitive local files, and disable media upload action groups if they are not needed.