Pilot Discord Bridge
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only Discord/Pilot bridge is coherent, but users should protect the Discord webhook, verify the external relay script, and treat inbound Discord messages as untrusted.
Before using this skill, confirm that you trust the local pilotctl installation and any external discord_relay.py script, keep the Discord webhook secret and channel-scoped, and add checks so Discord users cannot trigger unintended Pilot actions.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may send Discord messages or interact with the local Pilot daemon when this skill is used.
The skill exposes Bash-based pilotctl commands that can publish messages and manage bridge operations. This is central to the stated bridge purpose, but users should recognize that the agent can invoke these commands.
allowed-tools: - Bash ... pilotctl --json publish localhost discord-notifications --data "Agent deployed successfully"
Use this only with the intended Pilot daemon and Discord webhook, and review any message-sending workflow before relying on autonomous use.
If the webhook URL is exposed or misused, messages could be posted to the configured Discord channel.
A Discord webhook URL includes a token that grants posting ability to a Discord channel. This is expected for Discord notifications, but it is still a credential.
pilotctl --json set-webhook https://discord.com/api/webhooks/YOUR_WEBHOOK_ID/YOUR_WEBHOOK_TOKEN
Store the webhook as a secret or environment variable, restrict it to the needed channel, and rotate it if it is shared or logged accidentally.
Running an unverified relay script could introduce behavior beyond what this skill document describes.
The workflow references an external Python relay script that is not included in the reviewed artifact set. This is disclosed as external, but its contents and provenance are not reviewed here.
# Start Discord bot relay (external) python3 discord_relay.py &
Inspect and obtain discord_relay.py from a trusted source before running it, and confirm it only accesses the intended Discord bot and Pilot streams.
Discord messages could influence downstream Pilot agents or workflows if those agents treat them as trusted instructions.
The skill intentionally bridges Discord-originated content into Pilot event streams. That is purpose-aligned, but the artifact does not describe sender validation, channel restrictions, or trust boundaries for inbound messages.
You want to receive Discord messages in Pilot event streams ... pilotctl --json subscribe discord-relay discord-messages
Treat inbound Discord content as untrusted input, restrict bot/channel access, and add explicit approval or allowlists before actions are triggered from Discord messages.
The bridge may keep running and continue handling Discord/Pilot traffic after the initial setup command.
The example starts a daemon, launches a background listener, and runs an infinite loop. This is consistent with a bridge service, but it creates ongoing activity until the user stops it.
pilotctl --json daemon start --hostname discord-bridge pilotctl --json listen 1003 & ... while true; do
Run it only when needed, monitor the background process, and document how to stop the daemon/listener cleanly.