discord-clawd
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill provides instructions to extract a Discord bot token by remotely sourcing a shell profile (~/.profile) via SSH on a different machine (peters-mac-studio-1).
- [COMMAND_EXECUTION]: The skill executes various system commands using sqlite3 for database interaction and runs a binary specifically located in a temporary directory (/tmp/discrawl), which is a non-standard and risky location.
- [DATA_EXFILTRATION]: The skill is designed to query and summarize private Discord history and member data from a local SQLite database (~/.discrawl/discrawl.db), exposing sensitive communication data to the agent context.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by ingesting untrusted Discord message content. Ingestion points: Data retrieved from the messages table in ~/.discrawl/discrawl.db via sqlite3 and the /tmp/discrawl CLI. Boundary markers: None identified. Capability inventory: sqlite3 execution, SSH command execution, and execution of the /tmp/discrawl binary. Sanitization: No sanitization or filtering of the retrieved Discord message content is documented.
Recommendations
- AI detected serious security threats
Audit Metadata