Back to plugin

Security audit

Discord

Security checks across malware telemetry and agentic risk

Overview

This official OpenClaw Discord plugin is coherent with its purpose and exposes expected Discord bot capabilities with configuration gates, though users should scope it carefully.

Install only for Discord servers and channels you intend OpenClaw to access. Keep the bot token secret, use guild/channel allowlists and actions gates, disable moderation/presence/thread-spawn/voice features you do not need, and confirm destructive actions such as delete, edit, pin, role, channel, kick, or ban operations before asking an agent to run them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly documents destructive actions such as delete, edit, pin, and thread creation without any caution about authorization, confirmation, auditability, or irreversible effects. In an agent setting, this increases the chance that an LLM or operator will perform harmful state-changing actions in the wrong channel or on the wrong message, especially because the examples make these actions look routine and low-friction.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill describes read and search capabilities over Discord content without warning that these operations may expose private messages, sensitive internal discussions, or data from channels the user did not intend to query. In a multi-account, multi-guild environment, omission of privacy constraints makes accidental overcollection and inappropriate disclosure more likely.

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.env_credential_access

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/manager.runtime-DaB-CTrt.js:97
Evidence
const ffmpeg = spawn(resolveFfmpegBin(), [

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/provider-BkfbC9FQ.js:6092
Evidence
env: process.env