Skillv0.1.1

ClawScan security

Discord Admin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 13, 2026, 4:34 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requests and behavior are consistent with a Discord administration plugin: it only needs a Discord bot token, Node, and network access to operate and its instructions and code align with that purpose.
Guidance: This plugin appears coherent for Discord server administration, but exercise normal caution before installing: 1) Only provide a bot token with the minimum permissions and privileged intents needed — avoid giving a full-owner/admin token. Use a test bot/server if possible. 2) The package is authored in TypeScript (index.ts) and uses npm dependencies (discord.js); ensure your OpenClaw runtime can run or build TypeScript plugins. 3) Review the code locally (index.ts) before running to confirm there are no hidden network calls or logging of the token; you can also run it in an isolated/test environment first. 4) Keep the bot token secret and rotate it if you revoke or change permissions. If you want additional assurance, provide the full (untruncated) index.ts and I can look for any network calls or operations beyond the Discord API.

Review Dimensions

Purpose & Capability: okName/description (Discord server administration) match the declared primary credential (DISCORD_TOKEN), required binary (node), and the actions described in SKILL.md and index.ts (role/channel/moderation/webhook operations). Nothing requested appears unrelated to Discord administration.
Instruction Scope: okSKILL.md instructs the agent to install, configure a bot token from OpenClaw config, enable Discord intents, and restart the gateway. The runtime instructions and action list are narrowly scoped to Discord administration. The manifest and code indicate the token is used to connect a discord.js client; the instructions do not ask the agent to read unrelated files or exfiltrate data.
Install Mechanism: okThere is no remote-download install step; package.json declares standard dependencies (discord.js, typebox) and the plugin's openclaw.install step is simply `npm install`. This is an expected install mechanism for a Node-based plugin and is proportionate to the functionality. (Note: index.ts is TypeScript — the environment must support running TS or build/transpile it; this is an operational, not security, concern.)
Credentials: okOnly a single credential (DISCORD_TOKEN) is declared as required and mapped to a clear config path (channels.discord.token). That credential is necessary and expected for a bot that manages a guild. No unrelated secrets or multiple unrelated credentials are requested.
Persistence & Privilege: okThe plugin is not force-enabled (always: false) and uses normal service/tool registration. It does not request persistent, system-wide privileges in the manifest. Autonomous invocation is enabled by default (normal for skills) but is not combined with other red flags.