ClawHub

Discord

OpenClaw skill for Discord Bot API workflows, covering interactions, commands, messages, and operations using direct HTTPS requests.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
2 · 2.4k · 16 current installs · 16 all-time installs
by@codedao12
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description and the included reference files (API overview, interactions, request templates, rate-limits, auth) are coherent: this is a REST/Interactions-focused Discord bot guidance pack and the materials match that purpose.
Instruction Scope
SKILL.md and supporting files stay within the stated domain (how to call Discord REST endpoints, validate interaction signatures, and design commands). The instructions explicitly require bot tokens, application ID, and interaction public key as inputs; they do not instruct the agent to read arbitrary system files or contact unexpected external endpoints. However, the instructions rely on handling sensitive secrets at runtime (e.g., bot token) which is important to highlight.
Install Mechanism
There is no install spec and no code files — this is instruction-only. That minimizes risk from arbitrary code downloads or installations.
!
Credentials
The skill's runtime text explicitly requires sensitive credentials (Bot token, application ID, interaction public key) and operational inputs (allowed intents), but the registry metadata declares no required env vars or primary credential. This mismatch means the skill expects secrets via conversation or external injection rather than declaring them in the manifest — increasing the chance a user will be asked to paste tokens into chat or store them insecurely. There is no justification in the files for other unrelated credentials, but the lack of declared credential fields is a notable inconsistency.
Persistence & Privilege
always is false, the skill has no install/daemon behavior and does not request system-level persistence or modification of other skills. It does not request elevated or permanent agent privileges.
What to consider before installing
This skill appears to be a coherent, instruction-only Discord API guide, but exercise caution before providing any bot tokens or keys. Do not paste secrets into a chat thread or skill prompt; instead use a secure secret store or environment variables local to your deployment. Prefer creating a dedicated test bot with minimal scopes for evaluation, and rotate tokens immediately if exposed. Ask the publisher (or check a source/homepage) how the skill expects to receive/store credentials and whether the agent will log or transmit them. If you must try this skill, test in a dev/test guild with restricted permissions and avoid giving it your production bot token. The manifest should ideally declare required credentials so you can manage them securely — the absence of declared env vars is the main inconsistency to verify before install.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.1.0
Download zip
latestvk97awehrgk5zfqnbw59563n4ds80knpx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Discord Bot API Skill (Advanced)

Purpose

Provide a production-oriented guide for building Discord bot workflows via the REST API and Interactions, focusing on professional command UX, safe operations, and direct HTTPS usage (no SDKs).

Best fit

  • You want command-first bot behavior and clear interaction flows.
  • You prefer direct HTTP requests without a library dependency.
  • You need a structured map of Discord API surfaces.

Not a fit

  • You need a full SDK or gateway client implementation.
  • You plan to stream large media uploads directly.

Quick orientation

  • Read references/discord-api-overview.md for base URL, versioning, and object map.
  • Read references/discord-auth-and-tokens.md for token types and security boundaries.
  • Read references/discord-interactions.md for interaction lifecycle and response patterns.
  • Read references/discord-app-commands.md for slash, user, and message commands.
  • Read references/discord-messages-components.md for messages, embeds, and components.
  • Read references/discord-gateway-webhooks.md for gateway vs webhook tradeoffs.
  • Read references/discord-rate-limits.md for throttling and header-based handling.
  • Read references/discord-request-templates.md for HTTP payload templates.
  • Read references/discord-feature-map.md for the full surface checklist.

Required inputs

  • Bot token and application ID.
  • Interaction endpoint public key (if using interaction webhooks).
  • Command list and UX tone.
  • Allowed intents and event scope.

Expected output

  • A clear bot workflow plan, command design, and operational checklist.

Operational notes

  • Prefer interactions and slash commands over prefix parsing.
  • Always validate incoming interaction signatures.
  • Keep payloads small and respond quickly to interactions.

Security notes

  • Never log tokens or secrets.
  • Use least-privilege permissions and scopes.

Files

10 total
Select a file
Select a file to preview.

Comments

Loading comments…