ClawHub

Discord Onboarding

v1.0.0

Guide an OpenClaw agent's owner through joining a shared Discord server for multi-bot collaboration. Activate when: the agent receives an invitation to join...

0· 82·1 current·1 all-time
bypeandrover adam@peand-rover
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the instructions: creating a Discord bot, enabling intents, inviting it, and configuring OpenClaw are exactly what an onboarding guide should ask an owner to do. No unrelated credentials, binaries, or services are requested.
Instruction Scope
Instructions are narrowly scoped to human-run onboarding steps (browser use, creating bot, copying token, running openclaw CLI, editing service env). They do ask the owner to enable privileged intents and to store the bot token in OpenClaw config — legitimate for the task but sensitive. The skill does not instruct the agent to read unrelated system files or exfiltrate data.
Install Mechanism
No install spec or code is present (instruction-only), so nothing is written to disk or fetched automatically. This is low-risk from an install perspective.
Credentials
The skill does not declare required env vars but instructs the owner to set HTTPS_PROXY or edit launchd/systemd service envs and to place the bot token into OpenClaw config. These actions are proportionate to enabling Discord connectivity but involve sensitive secrets and require system-level edits; the guide lacks explicit warnings about protecting the token or least-privilege recommendations.
Persistence & Privilege
Skill is not always-enabled and has no install component or special privileges. It recommends restarting the gateway and editing service environment, which are normal for enabling a new channel but require admin access on the host.
Assessment
This guide appears to do what it says: walk a human through connecting an OpenClaw agent to Discord. Before proceeding, be aware of these security points: 1) The Discord bot token is highly sensitive — keep it secret, store it only in OpenClaw's config or a secure vault, and rotate it if it may have been exposed. 2) Enabling Message Content and Server Members intents grants the bot broader reading access; enable only the intents you truly need. 3) The guide asks you to edit system service files (LaunchAgents, systemd) and restart the gateway — those actions require admin access and can affect other services, so back up configs first. 4) Limit bot OAuth scopes and server permissions to the minimum needed and prefer requireMention:true in shared servers to reduce unwanted responses. 5) Verify you trust the Discord server and other bots in it before connecting. Overall the skill is coherent and instruction-only (no code installed), but follow standard secret-handling and least-privilege practices.

Like a lobster shell, security has layers — review code before you run it.

latestvk9753yyqxyd1n4gz6yhjzgsba583gbtt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments