@steipete

Discord

Use when you need to control Discord from Clawdbot via the discord tool: send messages, react, post or upload stickers, upload emojis, run polls, manage threads/pins/search, fetch permissions or member/role/channel info, or handle moderation actions in Discord DMs or channels.

Current version
v1.0.1
80 3.9万All installs 0

SKILL.md

text/markdown · 7146 bytes

skill-card.md

text/markdown · 2648 bytes

Security Scan

Status

suspicious

Open VirusTotal

OpenClaw

gpt-5.5

suspicious

OpenClaw analysis

This Discord skill is transparent about broad bot controls, but it lacks clear safeguards for message deletion, searches, public posting, local file uploads, and admin-style actions.

Confidence: high

VirusTotal

Type: OpenClaw Skill Name: discord Version: 1.0.1 The skill is classified as suspicious primarily due to the `mediaUrl` parameter in `SKILL.md` supporting `file:///path` for local file uploads (e.g., `emojiUpload`, `stickerUpload`, `sendMessage`). While this capability might be intended for legitimate media uploads, it grants broad local file read access to the agent, which could be abused for data exfiltration of sensitive files (e.g., credentials, private keys) if the agent is compromised via prompt injection. Additionally, the 'Discord Writing Style Guide' in `SKILL.md` demonstrates prompt injection against the agent, albeit for stylistic control rather than malicious actions.

Metadata

  • Owner: @steipete
  • Created: 2026/01/04
  • Updated: 2026/05/18
  • Versions: 2
  • Comments: 4
  • Scan checked at: 2026/07/10

Runtime

No runtime requirements are exposed in the official public payload.

Discord | ClawHub CN