ClawHub

Discord Bridge

Security checks across malware telemetry and agentic risk

Overview

This Discord bridge appears to do what it says, but it can automatically relay Discord chat messages to an HTTP API too broadly unless carefully configured.

Install only if you intentionally want Discord chat relayed to Agent Zero. Set DISCORD_CHANNEL_IDS to a narrow allowlist, restrict the bot's Discord permissions, use HTTPS or loopback-only API access, use dedicated low-privilege credentials, and notify channel participants that messages may be sent to Agent Zero and answered publicly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description explains that Discord messages are bridged to Agent Zero, but it does not clearly present a user-facing warning that messages from configured channels will be transmitted to an HTTP endpoint along with any included content. In a chat integration, this omission is security-relevant because users may disclose secrets or sensitive operational data without realizing it is being forwarded outside Discord.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This code forwards every non-command Discord message from allowed channels to an HTTP API, but there is no in-band notice, consent mechanism, or transparency to users that their messages are being relayed to another service. In a Discord bridge skill, that behavior is core functionality, but it still creates a real privacy and data-handling risk because users may reasonably assume messages remain within Discord rather than being transmitted to a separate backend that may log, process, or retain them.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal