Discord Channel Auditor

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: maintain a Discord guide channel, with disclosed Discord read/write/delete capabilities.

Install only for Discord servers where you are comfortable letting the agent edit and delete guide-channel messages. Use it on a clearly designated guide channel, review planned changes before bulk deletion when possible, and avoid running it unattended unless the channel content is recoverable or backed up.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly instructs the agent to delete old guide messages before reposting, but it provides no confirmation, rollback, or safeguard to ensure only the intended guide content is removed. In practice, a bad channel read, incorrect targeting, or malformed comparison could cause loss of legitimate guide/history content in the channel, especially under unattended cron execution.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal