Pluginv2026.4.30

ClawScan security

Discord Tool Status · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 30, 2026, 8:59 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The plugin's code matches its stated purpose (posting/updating/deleting a live status message in Discord) but it does not declare or document the configuration/credentials it actually needs and the bundle contains a large lockfile of transitive dependencies — these mismatches warrant caution before installing.
Guidance: What to check before installing: - Expectation vs reality: this plugin will call the Discord API (discord.com) to POST/PATCH/DELETE messages and thus needs a Discord bot token. The package metadata and SKILL.md do not document how/where to provide that token — confirm how your OpenClaw instance should supply api.config.channels.discord.token or environment variables by inspecting token.ts. - Least privilege: create a Discord bot token limited to the minimum scopes (send messages, manage messages if you want auto-deletion) and join it only to the intended guild/channel. - Review token resolution: open token.ts to see whether tokens can come from environment variables, global config, or other locations; ensure it won't read unrelated secret files or configs in your environment. - Dependency surface: the repository includes a large bun.lock with many transitive libraries; audit build/install steps and dependencies before running to avoid unexpected packages. - Test in a sandbox: enable the plugin in a non-production environment or with a test bot token first to observe behavior, rate-limiting handling, and message cleanup. If you want, I can: (1) inspect token.ts for exactly how the token is resolved, (2) list all network endpoints used by the code, or (3) suggest a minimal Discord bot permission set and configuration snippet to safely deploy this plugin.

Review Dimensions

Purpose & Capability: noteThe name/description match the code: the plugin posts, edits, and deletes a status message in Discord and hooks into agent lifecycle events. This capability legitimately requires a Discord bot token and permission to send/manage messages. However, the registry metadata and openclaw.plugin.json declare no required config/env, and SKILL.md does not explain how to supply the Discord bot token — a documentation/manifest omission.
Instruction Scope: okSKILL.md describes hooking into lifecycle events (before_tool_call, after_tool_call, agent_end) and the code implements those hooks. The runtime instructions and code stick to the plugin's stated purpose and only reference session/context, event metadata, and Discord API calls; there are no instructions to read unrelated files, access other credentials, or exfiltrate data to third-party endpoints.
Install Mechanism: noteThere is no install spec (the plugin is shipped as source), so nothing is downloaded at install time. The repository includes a large bun.lock with many transitive packages (including AWS SDK pieces and other large deps). That is not an immediate code-execution red flag, but it's unexpected for a lightweight Discord-status plugin and increases review surface — verify that build tooling and dependencies are what you expect before running or packaging.
Credentials: concernThe plugin uses a Discord bot token at runtime (resolveDiscordToken / api.config.channels.discord.token is used in tests and code) but the skill metadata lists no required environment variables or config paths. The plugin will need a bot token (Authorization: Bot <token>) and Discord channel IDs to operate; failing to declare this is a mismatch and may cause surprise when enabling the plugin. Ensure the token is provided via the platform config and scoped with minimal permissions (send/manage messages) — and review token.ts to see where it reads the credential (env vs config).
Persistence & Privilege: okFlags show always: false and normal agent invocation. The plugin does not assert global 'always-on' privileges and appears to only manage its own session state; it does not modify other plugins' configs or system-wide settings.