ClawHub

Discord Bot

Security checks across malware telemetry and agentic risk

Overview

This Discord Bot skill is coherent but needs review because it can perform high-impact moderation and deletion actions with uneven guardrails.

Install only if you intend to let an OOMOL-connected Discord bot manage servers. Before running it, verify the bot permissions and OAuth scopes, keep access limited to the guilds you trust, and require explicit confirmation for bans, pruning, deletes, message posting, role changes, channel changes, and command changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The documentation presents `invite_resolve` as an operation that resolves an invite code, which is typically a read-like lookup, but then labels it as a write action that changes Discord state. This mismatch can mislead an agent into applying unnecessary confirmation flows or, worse, misunderstanding the action’s real side effects, increasing the chance of unsafe automation if the underlying connector actually performs a state-changing operation.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The documentation states that a read/list action requires the `discordbot.commands.permissions.update` scope, which is broader than necessary for simply listing permissions. Overstating required privileges can cause clients or operators to grant unnecessary write-capable access, violating least-privilege and increasing the blast radius if credentials or the integration are abused.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description says to use this skill for ANY Discord Bot request, which is an overly broad trigger that can cause the agent to route a wide range of Discord-related tasks into a high-privilege integration. In this context, the skill exposes many state-changing and destructive actions, so accidental invocation could lead to unintended reads, writes, or deletions if downstream confirmation logic fails or is bypassed.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This action exposes a highly destructive bulk-ban capability with no embedded warning, confirmation guidance, or guardrails in the skill documentation. In an agent-driven context, that omission increases the chance of accidental mass moderation actions, misuse from ambiguous prompts, or unsafe automation against an entire guild population.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation describes a destructive moderation action without warning that it can remove inactive guild members from a server. In an agent-driven context, this omission increases the chance of accidental mass-member removal because a caller may treat the action as routine maintenance without understanding its operational impact.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal