discord-members

From the provided documentation/metadata alone there is no direct evidence of malware. The primary concern is the design choice to require a DISCORD_USER_TOKEN (user account token) and to persist potentially sensitive member data to local files without documented protections. That combination increases the risk of credential misuse, policy violation, and data leakage if the actual implementation or environment is compromised. Before using this tool, perform a manual code review of the referenced Python scripts to confirm: network calls are limited to Discord API endpoints, no secrets are exfiltrated, exported data is handled securely, and recommend using a bot token or least-privilege credentials where possible. Treat this package as moderately risky until the implementation has been reviewed.