ClawHub

Discord Admin

Security checks across malware telemetry and agentic risk

Overview

This is a real Discord administration skill, but it gives an agent broad server-control power without built-in confirmation or scope limits.

Install only if you intentionally want OpenClaw to administer your Discord server. Use a dedicated least-privilege bot, restrict it to intended servers and permissions, avoid exposing tool output to untrusted users, and require an external human approval process for bans, deletes, role/channel changes, invites, and webhooks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instantiates its own Discord client and pulls a raw bot token from global configuration instead of using the provided runtime Discord interface. This expands the skill's privilege boundary, bypasses centralized access controls and auditing, and gives the skill broad standalone authority over Discord actions if the plugin is invoked or modified maliciously.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The warn action opens a DM channel and sends messages to users, which is a messaging capability beyond the declared administration scope. Hidden outbound messaging increases abuse potential because the skill can contact users directly for harassment, phishing, or deceptive moderation notices without clear user/operator awareness.

Missing User Warnings

High
Confidence
99% confidence
Finding
The code itself acknowledges that destructive actions lack an explicit confirmation step, and the tool exposes high-risk operations such as bans, kicks, role deletion, channel privacy changes, webhook deletion, and bulk deletion for immediate execution. In an agent setting, prompt injection, misunderstanding, or ambiguous requests could therefore trigger irreversible administrative actions with no human checkpoint.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill silently reads the Discord token from shared configuration during registration, without any user disclosure or consent boundary. While it does not exfiltrate the token directly, undisclosed credential use is dangerous because it enables privileged external actions under a bot identity that operators may not realize this skill is independently controlling.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The plugin description advertises broad, high-risk administrative control over a Discord server but does not define any trigger boundaries, approval requirements, or scope limits. In a skill that requests privileged bot credentials and powerful moderation permissions, this ambiguity increases the chance of unsafe invocation, excessive actions, or misuse by an agent without adequate user confirmation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal