by 安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill appears to do what it says: run read-only Discord API queries using a bot token stored in ~/.openclaw/openclaw.json (or a path set via OPENCLAW_CONFIG). Before installing: 1) ensure you trust the skill source and that your bot token is stored only where you intend (the script will read that file); 2) confirm you have curl and python3 available (the script uses both, but the metadata didn't list them); 3) make sure the bot token has only the permissions you want (and enable Server Memb...详细分析 ▾
ℹ 用途与能力
The skill's purpose (querying Discord guild members, channels, roles) matches the script's behavior: it uses a bot token to call Discord REST endpoints. Minor mismatch: the package/registry metadata declares no required binaries, but the script clearly calls curl and python3.
✓ 指令范围
SKILL.md and the script confine actions to read-only Discord API GET requests and proxy detection; the script reads the bot token from ~/.openclaw/openclaw.json (or OPENCLAW_CONFIG if set) and may consult HTTPS_PROXY environment variables—all consistent with the stated purpose.
✓ 安装机制
Instruction-only skill with an included shell script; there is no install step that downloads or executes external code. No high-risk install mechanisms detected.
ℹ 凭证需求
Declared required config path is channels.discord.token (appropriate). The script also honors OPENCLAW_CONFIG and HTTPS_PROXY/https_proxy environment variables; these are reasonable but were not listed in required env vars. No unrelated credentials are requested.
✓ 持久化与权限
The skill does not request permanent/always inclusion and does not modify other skills or system-wide settings; it only reads the local OpenClaw config file for the token and proxy.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.22026/3/19
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install discord-roster
镜像加速npx clawhub@latest install discord-roster --registry https://cn.longxiaskill.com