discord admin

Security checks across malware telemetry and agentic risk

Overview

This is a real Discord administration skill, but it gives an agent broad live-server control with weak safety guardrails.

Install only if you intentionally want an agent to administer a Discord server. Use a dedicated bot with the minimum permissions needed, avoid --token, keep the token out of logs and shared terminals, test on a non-production server first, and require human review before delete, ban, prune, webhook, guild-edit, template, stage, and bulk actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (10)

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The documented ability to create entirely new servers from templates goes beyond ordinary in-place server administration and expands the operational scope of the skill. Broader-than-claimed capabilities are dangerous because they can mislead reviewers and users about what the skill can do, enabling unexpected resource creation and governance bypass in connected Discord environments.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: Documenting `guild-transfer` introduces server ownership transfer, which is substantially more sensitive than routine moderation or configuration. This is dangerous because ownership transfer can permanently hand control of a server to another account, making compromise or accidental misuse far more severe than normal admin actions.

Scope Creep

Medium

Confidence: 88% confidence
Finding: The documented command set includes capabilities such as invite creation and thread operations that are not reflected in the listed granular permissions, creating a mismatch between claimed and actual privilege requirements. This is dangerous because incomplete permission disclosure undermines least-privilege review and may cause users to grant broader rights than they realize are needed.

Intent-Code Divergence

High

Confidence: 91% confidence
Finding: The documented stage-management commands do not perform stage instance operations; instead they create or modify threads/channels. In an administrative tool, this mismatch is dangerous because an operator may invoke a seemingly safe stage action and unintentionally create, alter, or archive the wrong Discord resource, causing service disruption or unauthorized changes.

Intent-Code Divergence

High

Confidence: 89% confidence
Finding: The help text says template-use creates a server from a template, but the implementation posts to a guild template subresource instead. In a high-privilege admin CLI, this kind of semantic mismatch can cause operators to execute the wrong action against an existing guild, leading to unintended configuration changes or failed automation with misleading assumptions.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill prominently documents destructive operations such as channel deletion and pruning without strong warnings, safeguards, or confirmation requirements. In a shell-driven admin tool, that omission is dangerous because users or agents can trigger irreversible actions quickly, causing large-scale server disruption or data loss.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The quick-start instructs users to export a Discord bot token without any warning that it is a secret credential with full delegated administrative power. This is dangerous because tokens are easily exposed through shell history, logs, screenshots, or shared terminals, leading to full bot compromise and abuse of all granted server permissions.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: Allowing the bot token to be passed via --token exposes a high-value credential through shell history, process listings, job-control logs, and monitoring tools. Because this script provides broad Discord administrative control, compromise of that token can give an attacker extensive control over servers, channels, members, messages, and webhooks.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The script exposes many destructive operations such as delete, ban, kick, prune, leave, and bulk-delete with no confirmation, preview, or safety interlock. In a full-server-control context, a mistyped ID or automation mistake can immediately produce irreversible administrative damage across a Discord guild.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script exposes destructive actions like deleting channels/roles, kicking/banning members, and deleting messages with no confirmation, dry-run, or guardrails. In a server-administration skill, this increases the likelihood of accidental destructive changes or misuse by a caller with access to the bot token, leading to service disruption or moderation abuse.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal