Security audit

Huimai Discord Automation

Security checks across malware telemetry and agentic risk

Overview

This Discord administration skill is coherent, but needs review because it can use powerful bot permissions and includes a mode that skips confirmations for moderation or cleanup actions.

Review before installing. Use a dedicated low-privilege Discord bot token, enable log-only or confirmation-required mode first, avoid professional mode for deletes, kicks, role changes, and channel changes, and test in a non-critical server before granting real moderation permissions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The invocation examples are open-ended and do not define clear activation boundaries, which raises the risk that an agent may trigger administrative workflows from loosely related user requests. In a Discord management skill with moderation and cleanup powers, ambiguous activation can lead to unintended scans, role changes, archival, or deletion prompts in the wrong context.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill advertises destructive moderation and cleanup features like kicking, muting, channel cleanup, archiving, and deletion without prominent user-facing warnings about irreversibility or data loss. Because this skill operates in a high-privilege Discord administration context, insufficient warnings and safeguards materially increase the chance of accidental or socially engineered destructive actions.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The manifest describes broad Discord automation capabilities for server-wide management without specifying narrow triggers, approval boundaries, or scope limits. In a high-privilege environment like Discord administration, ambiguous invocation scope can lead to unintended moderation, permission, cleanup, or logging actions being executed too broadly.

Known Vulnerable Dependency: openclaw==2026.4.0 — 10 advisory(ies): CVE-2026-41913 (OpenClaw: Concurrent async auth attempts can bypass the intended shared-secret r); CVE-2026-43526 (OpenClaw: QQBot reply media URL handling could trigger SSRF and re-upload fetche); CVE-2026-43530 (OpenClaw: busybox and toybox applet execution weakened exec approval binding) +7 more

High

Category: Supply Chain
Confidence: 90% confidence
Finding: openclaw==2026.4.0

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal