Discord Task Center

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Discord task-management skill that creates and archives forum task threads, with the main risk being accidental Discord changes from broad trigger phrases.

Install this only if you want an agent to manage Discord task-center forum threads. Use a minimally privileged Discord bot, restrict it to the intended server/forum, and consider adding confirmation or explicit command phrasing before creating or archiving tasks.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The README documents broad trigger phrases like '新建任务' and '归档这个任务' without defining strict scope, confirmation requirements, or exclusions. In an agent skill, overly general natural-language triggers can cause unintended task creation or archival when similar phrases appear in normal conversation, especially because the actions affect external Discord state.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal