Discord Connect UI

Installing it can change how your local Clawdbot gateway and dashboard behave, and a failed or incorrect modification could break the service.

The installer writes backend and RPC registration changes into an auto-detected Clawdbot source tree, giving the skill high-impact local mutation authority.

A normal package installation path could execute local code that changes and rebuilds Clawdbot, rather than only installing passive skill instructions.

The package install lifecycle is wired to run the installer script, which the provided code shows can modify source files and run build/restart commands.

Anyone with the bot token can act as that Discord bot within the permissions you granted it.

A Discord bot token is required and gives the integration delegated access to the bot's Discord servers; this is expected for the skill but sensitive.

It is harder to know exactly what will run, where it came from, and whether the platform will manage or constrain the install behavior.

For a skill that contains installer code, source-modifying hooks, and shell build execution, the registry-level provenance and install/capability contract are under-declared.

A user may trust the install to be easily reversible when the provided installation path may still overwrite working source files.

The package presents automatic backups as a mitigation for high-impact source edits, but the visible installer helpers copy/write files directly, so users should not rely on the backup claim without verifying it.