ClawHub

Discord Roster

v1.0.2

Query Discord guild members, list bots, get channel and role info via REST API. Use when: listing server members, checking who's a bot, viewing channel permi...

0· 102·0 current·0 all-time
by@wehub4me
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's purpose (querying Discord guild members, channels, roles) matches the script's behavior: it uses a bot token to call Discord REST endpoints. Minor mismatch: the package/registry metadata declares no required binaries, but the script clearly calls curl and python3.
Instruction Scope
SKILL.md and the script confine actions to read-only Discord API GET requests and proxy detection; the script reads the bot token from ~/.openclaw/openclaw.json (or OPENCLAW_CONFIG if set) and may consult HTTPS_PROXY environment variables—all consistent with the stated purpose.
Install Mechanism
Instruction-only skill with an included shell script; there is no install step that downloads or executes external code. No high-risk install mechanisms detected.
Credentials
Declared required config path is channels.discord.token (appropriate). The script also honors OPENCLAW_CONFIG and HTTPS_PROXY/https_proxy environment variables; these are reasonable but were not listed in required env vars. No unrelated credentials are requested.
Persistence & Privilege
The skill does not request permanent/always inclusion and does not modify other skills or system-wide settings; it only reads the local OpenClaw config file for the token and proxy.
Assessment
This skill appears to do what it says: run read-only Discord API queries using a bot token stored in ~/.openclaw/openclaw.json (or a path set via OPENCLAW_CONFIG). Before installing: 1) ensure you trust the skill source and that your bot token is stored only where you intend (the script will read that file); 2) confirm you have curl and python3 available (the script uses both, but the metadata didn't list them); 3) make sure the bot token has only the permissions you want (and enable Server Members Intent if you need member lists); and 4) if ~/.openclaw/openclaw.json contains other secrets, consider putting the Discord token in a dedicated location or restrict that file's contents to minimize accidental exposure.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bwwrb2m02r7dtqce0wkf4718363ap

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📋 Clawdis
Configchannels.discord.token

Comments