Discord
Use when you need to control Discord from Clawdbot via the discord tool: send messages, react, post or upload stickers, upload emojis, run polls, manage threads/pins/search, fetch permissions or member/role/channel info, or handle moderation actions in Discord DMs or channels.
v1.0.1
2026/01/05
No changelog provided.
Security Scan
Status
suspicious
OpenClaw
gpt-5.5
OpenClaw analysis
This Discord skill is transparent about broad bot controls, but it lacks clear safeguards for message deletion, searches, public posting, local file uploads, and admin-style actions.
Confidence: high
VirusTotal
Type: OpenClaw Skill Name: discord Version: 1.0.1 The skill is classified as suspicious primarily due to the `mediaUrl` parameter in `SKILL.md` supporting `file:///path` for local file uploads (e.g., `emojiUpload`, `stickerUpload`, `sendMessage`). While this capability might be intended for legitimate media uploads, it grants broad local file read access to the agent, which could be abused for data exfiltration of sensitive files (e.g., credentials, private keys) if the agent is compromised via prompt injection. Additionally, the 'Discord Writing Style Guide' in `SKILL.md` demonstrates prompt injection against the agent, albeit for stylistic control rather than malicious actions.