Discord Digest

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it asks users to reuse and store a highly sensitive Discord user token in ways that can expose the account.

Install only if you understand that a Discord user token can provide broad account access. Prefer a bot or OAuth-based alternative, avoid putting tokens on the command line, do not sync or share the config file, rotate the token if exposed, and do not enable the Telegram cron example unless all channel owners and recipients are authorized.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (9)

Missing User Warnings

High

Confidence: 96% confidence
Finding: The README explicitly instructs users to extract a Discord user token from browser developer tools and store it for ongoing use. A user token is a highly sensitive credential that grants broad account access, and documenting this workflow without strong warnings, safer alternatives, or storage protections materially increases the risk of account compromise, ToS violations, and unauthorized access if the token is exposed.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The cron example directs users to send generated Discord digests to Telegram, which can disclose collected message content to a separate third-party service. Because the digest may contain private or sensitive server content, presenting this as a routine automation path without explicit disclosure and consent guidance creates a realistic data-leak risk.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The instructions explicitly tell the user to copy a Discord Authorization token from browser traffic and store it for reuse, but do not treat it as a highly sensitive secret with strong safeguards. A stolen user token can provide full access to the user's Discord account context, including private servers, messages, and actions available to that account.

Natural-Language Policy Violations

Medium

Confidence: 97% confidence
Finding: Documenting a workflow that relies on harvesting a Discord user token from Authorization headers is a policy-sensitive and unsafe credential practice. It normalizes reuse of a session credential outside its intended context, increasing the risk of account compromise, unauthorized access, and Terms-of-Service violations.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The script stores a Discord user token directly in a local JSON config file with no permission hardening, encryption, or clear warning to the user. A Discord user token is a highly sensitive credential; if the file is readable by other local users, backed up insecurely, or exposed through other tooling, an attacker could hijack the Discord account and access servers and messages available to that user.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: This script accepts a Discord user token on the command line, performs authenticated requests, and can dump message contents to stdout as formatted JSON without any explicit consent, minimization, or warning. In the context of a digesting skill that reads selected channels and threads, this increases the chance of exposing sensitive private server content, and passing the token via argv may also leak credentials through shell history or process inspection on shared systems.

Ssd 3

Medium

Confidence: 91% confidence
Finding: The documentation embeds a natural-language instruction to transmit digest output off-platform to Telegram, creating an easy exfiltration path for harvested Discord content. In the context of a tool that reads messages across selected channels using an account credential, this makes the skill more dangerous because it normalizes cross-platform redistribution of potentially non-public communications.

Ssd 3

High

Confidence: 99% confidence
Finding: These instructions direct the operator to extract a live user authorization token from browser traffic and persist it for later automation. That effectively turns a highly privileged session secret into a reusable stored credential, which materially raises the chance of credential theft, account takeover, and unauthorized monitoring of Discord content.

Ssd 3

Medium

Confidence: 94% confidence
Finding: The token-expiry workflow asks for a new secret in plain language and writes it back into persistent configuration, reinforcing insecure secret-handling practices. Even without direct exfiltration behavior in the document, this increases the likelihood that sensitive credentials will be exposed through logs, shell history, backups, or readable config files.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal