discord-clawd

SUSPICIOUS. The core local-archive querying behavior is coherent and the referenced discrawl project appears legitimate, but the skill is over-scoped for a local search tool because it retrieves a Discord bot secret over SSH, sources a remote shell profile, and forwards credentials into a CLI for live sync. The nonstandard /tmp binary path and token/env mismatch add uncertainty. This looks more like a risky operational skill than confirmed malware.