Community Mod Pack
v1.0.0Assist community moderation with summaries, spam detection suggestions, and draft replies for Discord or Telegram. Use when a user wants moderation help, rule reminders, or daily summaries without automatic enforcement actions.
⭐ 0· 986·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the instructions: the skill is designed to ingest channel logs, surface moderation signals, and draft replies for human moderators. The declared requirements (none) are consistent with an instruction-only skill that expects the user to supply logs or tokens as needed.
Instruction Scope
SKILL.md and references clearly limit the agent to read-only analysis, summarization, and draft outputs and explicitly forbid enforcement actions. However the runtime instructions assume ingestion of message logs or read-only API access — these are sensitive inputs (user identifiers, message content). The instructions do not direct the agent to transmit data to external endpoints beyond optional Discord/Telegram APIs, but they also rely on user-supplied logs/tokens which is the main privacy surface.
Install Mechanism
No install spec and no code files are present; this is instruction-only and will not write binaries to disk. That minimizes direct supply-chain risk.
Credentials
No environment variables or credentials are declared as required. The references/auth.md recommends using read-only bot tokens or exports if provided — this is reasonable, but the skill does not formally declare or constrain those credentials. Users should not provide broad-scoped tokens by default.
Persistence & Privilege
always is false and there is no install or persisted configuration. The skill does not request permanent platform privileges or modify other skills, so its system presence is minimal.
Assessment
This skill is internally coherent for moderation assistance, but it requires sensitive inputs (channel logs or bot/read-only tokens). Before using it: 1) Prefer exporting logs and providing only the minimum time window and channels needed rather than full real-time/continuous access. 2) If you must supply a bot token, limit scopes to read-only and create a short-lived token that you can rotate afterwards. 3) Confirm with the skill/user interface how logs are handled and retained — avoid sharing full message bodies or unnecessary PII. 4) Do not provide admin-level credentials or long-lived tokens. 5) Test on a small, non-production dataset first and have a human review any flagged items before taking actions. If the skill later asks to send data to external endpoints or to perform enforcement actions, stop and re-evaluate before continuing.Like a lobster shell, security has layers — review code before you run it.
latestvk979n6zyfac93c3enjz9srx1hs80tmba
License
MIT-0
Free to use, modify, and redistribute. No attribution required.