Back to skill
Skillv1.1.0
ClawScan security
Discord Digest · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 18, 2026, 8:27 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill does what it claims (reads Discord messages and formats digests using a Discord user token); it is internally consistent, but it requires a very sensitive user token stored on-disk and has a few small metadata mismatches you should consider before installing.
- Guidance
- This skill is coherent and implements the documented digest functionality, but it requires you to supply a Discord "user token" (the Authorization header value copied from your browser). That token grants full account access if leaked or misused. Before installing: (1) understand this likely violates Discord ToS and use at your own risk; (2) prefer using a bot token or a separate, limited account instead of your main account token; (3) restrict filesystem permissions on the config file (~/.openclaw/workspace/config/discord-digest.json), and consider setting DISCORD_DIGEST_CONFIG_DIR to a secure location; (4) review the included scripts yourself (they only call discord.com endpoints currently) and run them in a trusted, isolated environment; (5) rotate your Discord token (change password / enable 2FA) if you ever suspect it was exposed. If you need lower risk, request a bot-based implementation that uses an explicit bot token and OAuth-based least-privilege access.
Review Dimensions
- Purpose & Capability
- noteThe name/description match the implementation: the scripts use a Discord user token to read guilds, channels, threads and messages and format digests. However, the registry metadata does not declare the sensitive credential (the skill relies on a Discord user token kept in a config file rather than an explicit declared primary credential), which is a gap between manifest and actual requirements.
- Instruction Scope
- okSKILL.md and README give concrete, narrow instructions (obtain a user token via browser devtools, run the provided Python scripts). The runtime instructions and scripts only perform Discord API reads and local formatting; they do not reference unrelated system files or external endpoints other than discord.com.
- Install Mechanism
- okNo install spec is provided (scripts run directly with Python). All code is included in the skill bundle and there are no downloads from external/untrusted URLs — low install risk.
- Credentials
- concernThe skill requires a Discord user token (stored in ~/.openclaw/workspace/config/discord-digest.json by default). That token is highly privileged (full user account access) even though the code only issues read requests. The README mentions an optional DISCORD_DIGEST_CONFIG_DIR env var for overriding config location; that environment variable is not declared in registry metadata. Storing the token in plaintext on disk and asking users to copy the browser Authorization header are both sensitive practices.
- Persistence & Privilege
- notealways:false and the skill is user-invocable (normal). The skill persists the token and server list to a local config file under the user's OpenClaw workspace; it does not modify other skills or system-wide settings. Persisting a user token locally increases blast radius if the machine or workspace is shared or compromised.