Back to skill
Skillv1.1.0
VirusTotal security
Discord Digest · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:10 AM
- Hash
- 88897692588d34059dee2d0e1bb0132c13da123018dedf13b47d650e17ed1b66
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: discord-digest Version: 1.1.0 The skill's core functionality is benign, aiming to generate Discord digests. However, it is classified as 'suspicious' due to significant security vulnerabilities related to handling the Discord user token. Specifically, the `scripts/discord_api.py` script, as instructed in `SKILL.md` and `README.md`, passes the sensitive Discord user token directly as a command-line argument, exposing it in process lists (`ps aux`), shell history, and logs. Additionally, the `scripts/config_manager.py` stores this token in plain text within `~/.openclaw/workspace/config/discord-digest.json`. These are critical vulnerabilities that could lead to unauthorized access if the system is compromised, but they do not indicate intentional malicious behavior by the skill itself, such as exfiltrating the token to an external attacker-controlled server.
- External report
- View on VirusTotal