ClawHub

Discord

Security checks across malware telemetry and agentic risk

Overview

This official Discord plugin is coherent with its purpose, but it handles Discord tokens, webhooks, and voice transcripts, so users should configure it carefully.

Install this only if you intend OpenClaw to operate a Discord bot. Use a dedicated bot token with the minimum Discord permissions needed, protect OpenClaw config/state/logs, disable voice and thread bindings if you do not need them, and avoid verbose logging for private voice conversations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The function reads a Discord bot token from configuration or process.env and returns the raw secret in its output object. Exposing credentials through an inspection/helper API increases the chance of accidental logging, downstream leakage, or misuse by other components, especially since the skill purpose provided here does not justify returning the secret value itself.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The code pulls DISCORD_BOT_TOKEN from the environment and returns it to callers without any access control, redaction, or user-visible disclosure. Environment-sourced secrets are highly sensitive, and returning them from a utility function can silently broaden their exposure surface to logs, UI layers, plugins, or untrusted callers.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code logs transcribed voice content (`transcript`) together with speaker identity and guild/channel context via verbose logging. Voice transcripts can contain sensitive personal, authentication, or private conversational data, and logging them without explicit notice, minimization, or redaction increases privacy and data-exposure risk if logs are retained, aggregated, or accessed by operators.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The code forwards final transcript utterances to an external callback (`transcripts.onUtterance`) containing speaker identifiers, transcript text, and channel metadata, but this file shows no consent, disclosure, or destination controls around that export path. This creates a privacy and data-governance risk because downstream handlers may store, relay, or process sensitive voice-derived text outside the immediate voice interaction context.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The function sends captured audio files to a transcription subsystem/provider (`transcribeAudioFile`) for speech-to-text processing. Voice audio is highly sensitive biometric and conversational data, and transmitting it to external processing without visible disclosure, consent, or strict policy checks can expose private content and create compliance issues.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
When an audio attachment is present and the message has no typed text, the code automatically sends attachment URLs and inferred media types to a transcription runtime. There is no visible consent, notice, or policy gate in this file before user audio is transmitted for processing, which creates a privacy risk because voice content may contain sensitive personal or confidential information. In a Discord integration context, this is more dangerous because users may not expect private or DM audio messages to be forwarded to another processing component.

Missing User Warnings

Low
Confidence
84% confidence
Finding
When a recipient string looks like a username, the code sends the raw user-supplied value to `listDiscordDirectoryPeersLive` as `query` without any visible consent, warning, or minimization at this layer. This can leak sensitive or mistyped identifiers to a remote directory service and may surprise users who expect local-only parsing of recipient input.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The code includes webhookId and webhookToken in the binding metadata returned by toSessionBindingRecord, and the same manager also persists binding records to disk. Webhook tokens are bearer secrets for posting into Discord channels; exposing them through adapter metadata and persisting them in plaintext materially increases the risk of unauthorized message injection if logs, storage, or downstream consumers are compromised.

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal