Discord

Security checks across malware telemetry and agentic risk

Overview

This Discord skill is transparent about its capabilities, but it gives an agent broad Discord posting, deletion, search, and moderation-style powers without explicit safety or confirmation rules.

Install only for bots and servers where you are comfortable granting Discord posting and message-management authority. Keep role and moderation actions disabled unless needed, restrict action groups where possible, and require explicit user confirmation before deleting messages, changing roles, moderating users, searching private content, or uploading any local file path.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill exposes destructive, privacy-impacting, and moderation-capable Discord operations such as message deletion, message search, member/role/channel inspection, role changes, and moderation actions, but it provides no explicit safety guidance requiring user confirmation, authorization checks, or caution for sensitive actions. In an agent setting, this omission increases the chance of unauthorized data access or harmful actions being carried out from ambiguous or indirect user prompts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal