Discord Dual Bot Orchestrator
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly aligned with managing two Discord bots, but one helper script can turn crafted setup values into executable Python code.
Review or patch scripts/apply_policy.sh before running it, especially if any IDs or paths come from copied text or another user. If you proceed, use only trusted Discord IDs and paths, keep bot tokens out of shared prompts, store backups privately, and keep the reviewer-to-primary bridge one-way and limited.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent or user passes untrusted setup values into this script, running it could execute unintended local code under the user's account.
Shell variables are interpolated into Python source code before Python runs. If BOTB_CONFIG, CHANNEL_ID_LIST, or GUILD_ID contain crafted quotes, newlines, or Python syntax, they can alter the executed script.
python3 - << PY
...
cfg=Path("$BOTB_CONFIG")
...
for cid in "$CHANNEL_ID_LIST".split(','):
...
["$GUILD_ID"]={'channels':channels}Patch the script to read values through os.environ inside Python and validate Discord IDs as numeric comma-separated values. Until then, run it only with trusted, simple Discord IDs and file paths.
Anyone with these bot tokens may be able to act as the bots within their Discord permissions.
The skill expects Discord bot tokens for operation. That is normal for a Discord bot orchestrator, and the skill says to use placeholders only, but users still need to handle real tokens when configuring their local .env files.
Required placeholders - `BOT_A_TOKEN` - `BOT_B_TOKEN`
Use least-privileged Discord bot permissions, keep the two tokens separate, do not paste real tokens into shared chats, and rotate tokens if they are exposed.
Backups could preserve sensitive configuration longer than expected if the backup directory is shared, synced, or left with broad permissions.
The backup script copies local OpenClaw configuration files into a backup directory. This is purpose-aligned for rollback, but those files may contain sensitive bot or account configuration.
cp -f "$HOME/.openclaw/openclaw.json" "$OUT_DIR/openclaw.main.json" cp -f "$HOME/.openclaw-bot-b/openclaw.json" "$OUT_DIR/openclaw.bot-b.json"
Store backups in a private local directory, review file permissions, and delete old backups when no longer needed.
Reviewer bot output may influence the primary bot if the bridge is enabled.
The skill describes an agent-to-agent context flow from the reviewer bot to the primary bot. It is disclosed and intentionally one-way, but it is still a data/control boundary users should understand.
Optional: enable one-way bridge (`bot-b -> bot-a`) for reviewer feedback.
Keep the bridge one-way, limit what reviewer context is forwarded, and avoid forwarding untrusted Discord content as authoritative instructions.
The command may fail or rely on whichever python3 is available on the machine.
The registry metadata declares no required binaries, but this helper requires python3. This is not malicious by itself, but it is an under-declared runtime dependency.
python3 - << PY
Verify python3 is installed from a trusted source before running the helper scripts.