by 安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
This instruction-only Discord skill appears to do what it claims, but there are important surprises to be aware of: it implicitly expects a pre-configured 'Clawdbot' bot token and a 'discord' tool on the agent even though no credentials or binaries are declared; it allows uploading local files (file:/// paths), which will read and transmit files from the agent host to Discord; and it supports powerful moderation and role-change actions (disabled by default) that require high privileges. Before i...详细分析 ▾
ℹ 用途与能力
The SKILL.md consistently describes Discord management capabilities (messages, reactions, uploads, polls, moderation). However, it implicitly depends on a pre-configured 'discord' tool and a Clawdbot bot token while the skill metadata declares no required binaries, config paths, or credentials. That mismatch (implicit credential/tool assumption not declared) is an inconsistency.
⚠ 指令范围
Runtime instructions allow reading local files via file:/// (for media/emoji/sticker uploads) and performing sensitive Discord operations (readMessages, searchMessages, memberInfo, role changes, moderation). Reading arbitrary local files and uploading them to Discord is explicitly supported and could be used to exfiltrate sensitive local data if misused. The instructions otherwise stay within Discord-related actions and don't instruct reading unrelated system files or env vars, but the local-file upload capability and broad message/member access are notable risks.
✓ 安装机制
There is no install spec and no code files; the skill is instruction-only. That minimizes on-disk installation risk. The SKILL.md assumes an existing 'discord' tool/environment but does not install anything itself.
⚠ 凭证需求
The skill does not declare any required environment variables or primary credential, yet the documentation explicitly says it uses 'the bot token configured for Clawdbot.' Relying on an undeclared bot token (or other agent configuration) is a proportionality and transparency issue: users may not realize the skill needs access to the bot token or other service credentials to function.
ℹ 持久化与权限
The skill does not request permanent/always-on inclusion and uses the default agent-invocation model. That is normal. However, because the skill can perform privileged Discord operations (moderation, role changes) — even though those groups default to disabled — allowing autonomous invocation without explicit restrictions increases blast radius if the agent is granted those permissions.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.22026/3/18
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install taizi-discord
镜像加速npx clawhub@latest install taizi-discord --registry https://cn.longxiaskill.com