ClawHub

Discord

v1.1.0

OpenClaw skill for Discord Bot API workflows, covering interactions, commands, messages, and operations using direct HTTPS requests.

2· 3.2k·20 current·20 all-time
by@codedao12
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description and the included reference files (API overview, interactions, request templates, rate-limits, auth) are coherent: this is a REST/Interactions-focused Discord bot guidance pack and the materials match that purpose.
Instruction Scope
SKILL.md and supporting files stay within the stated domain (how to call Discord REST endpoints, validate interaction signatures, and design commands). The instructions explicitly require bot tokens, application ID, and interaction public key as inputs; they do not instruct the agent to read arbitrary system files or contact unexpected external endpoints. However, the instructions rely on handling sensitive secrets at runtime (e.g., bot token) which is important to highlight.
Install Mechanism
There is no install spec and no code files — this is instruction-only. That minimizes risk from arbitrary code downloads or installations.
!
Credentials
The skill's runtime text explicitly requires sensitive credentials (Bot token, application ID, interaction public key) and operational inputs (allowed intents), but the registry metadata declares no required env vars or primary credential. This mismatch means the skill expects secrets via conversation or external injection rather than declaring them in the manifest — increasing the chance a user will be asked to paste tokens into chat or store them insecurely. There is no justification in the files for other unrelated credentials, but the lack of declared credential fields is a notable inconsistency.
Persistence & Privilege
always is false, the skill has no install/daemon behavior and does not request system-level persistence or modification of other skills. It does not request elevated or permanent agent privileges.
What to consider before installing
This skill appears to be a coherent, instruction-only Discord API guide, but exercise caution before providing any bot tokens or keys. Do not paste secrets into a chat thread or skill prompt; instead use a secure secret store or environment variables local to your deployment. Prefer creating a dedicated test bot with minimal scopes for evaluation, and rotate tokens immediately if exposed. Ask the publisher (or check a source/homepage) how the skill expects to receive/store credentials and whether the agent will log or transmit them. If you must try this skill, test in a dev/test guild with restricted permissions and avoid giving it your production bot token. The manifest should ideally declare required credentials so you can manage them securely — the absence of declared env vars is the main inconsistency to verify before install.

Like a lobster shell, security has layers — review code before you run it.

latestvk97awehrgk5zfqnbw59563n4ds80knpx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments