ClawHub

Discord Roster

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed, read-only Discord roster helper that uses a configured bot token to query Discord APIs.

Install only if you are comfortable letting the skill use your configured Discord bot token to query guild, member, role, channel, and permission metadata. Use a least-privilege bot token, avoid running it against sensitive servers without authorization, and review any configured proxy because requests may route through it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill documentation does not clearly warn that it reads a Discord bot token from local configuration and sends authenticated requests to Discord, which can expose guild, member, role, and channel metadata to an external service. In a security-sensitive environment, missing disclosure can lead users to invoke the skill without realizing it performs network access with local credentials and enumerates potentially sensitive organizational information.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The script silently reads a sensitive Discord bot token from ~/.openclaw/openclaw.json without prominently disclosing this behavior to the user at runtime or in the main usage text beyond a brief note. While the token is needed for Discord API access and there is no sign of exfiltration, undisclosed secret consumption can surprise users and increases the risk of unintended credential use in environments where skills are expected to be explicit about accessing local secrets.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal