Discord
Use when you need to control Discord from Clawdbot via the discord tool: send messages, react, post or upload stickers, upload emojis, run polls, manage threads/pins/search, fetch permissions or member/role/channel info, or handle moderation actions in Discord DMs or channels.
暂无可比对内容
需要至少一个上一版本,才能生成差异对比。
Security Scan
状态
suspicious
OpenClaw
gpt-5-mini
OpenClaw 分析
The SKILL.md describes a Discord bot integration and supports broad actions (including file uploads and moderation), but the manifest fails to declare the expected bot credential and gives the agent the ability to read local files — these gaps are incoherent and warrant caution.
置信度: high
VirusTotal
Type: OpenClaw Skill Name: discord Version: 1.0.1 The skill is classified as suspicious primarily due to the `mediaUrl` parameter in `SKILL.md` supporting `file:///path` for local file uploads (e.g., `emojiUpload`, `stickerUpload`, `sendMessage`). While this capability might be intended for legitimate media uploads, it grants broad local file read access to the agent, which could be abused for data exfiltration of sensitive files (e.g., credentials, private keys) if the agent is compromised via prompt injection. Additionally, the 'Discord Writing Style Guide' in `SKILL.md` demonstrates prompt injection against the agent, albeit for stylistic control rather than malicious actions.