Pluginv2026.4.29

ClawScan security

discord-tool-status · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 5:31 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The plugin's code and instructions are consistent with a Discord status-updater: it posts, updates, and deletes a message in Discord to reflect agent tool usage; nothing in the package indicates covert or unrelated behavior.
Guidance: This plugin appears to do what it says: post an updating status message to Discord and clean it up when the agent finishes. Before enabling it: (1) Be aware it needs a Discord bot token (channels.discord config or DISCORD_BOT_TOKEN env var) even though the README/metadata doesn't explicitly list that env var. Only provide a token with the minimum scopes (posting/editing/deleting messages) and limit the bot to channels where you want the agent status published. (2) Review and test in a non-production channel or account first so you can confirm formatting/rate-limiting behavior. (3) If you have policy requirements, verify that the OpenClaw host supplies the expected channels.discord config rather than relying on process.env. (4) The repo includes a lockfile with many transitive deps (from the SDK) — that’s normal for plugin SDKs, but if you require stricter supply-chain controls, consider auditing the runtime dependencies provided by your OpenClaw deployment.

Review Dimensions

Purpose & Capability: noteThe plugin claims to show live tool-call status in Discord and the code implements that behavior (registers lifecycle hooks, formats messages, calls Discord API). One minor mismatch: the registry metadata and SKILL.md do not explicitly call out that the plugin will try to read a Discord token from configuration or the DISCORD_BOT_TOKEN environment variable, but the token resolution logic in token.ts makes this optional credential access necessary for operation.
Instruction Scope: okSKILL.md describes hooking into lifecycle events and updating/deleting a Discord message. The runtime instructions and code only reference session keys, lifecycle hooks, and Discord API calls. There are no instructions to read unrelated host files or exfiltrate data to unexpected endpoints.
Install Mechanism: okNo install spec is provided (instruction-only at registry level), and the package contains source files only. There is no download-from-URL or archive extraction. The presence of a lockfile (bun.lock) and dev deps is expected for a Node/TypeScript project but does not affect installation since no install steps are declared.
Credentials: noteThe plugin will use a Discord bot token pulled from (in order) channels.discord.* config or, for the default account, process.env.DISCORD_BOT_TOKEN. The skill metadata listed no required env vars; this is not harmful but is an omission you should be aware of. The requested credential (Discord bot token) is proportionate to the stated functionality, but you should only supply a token with minimal scopes and target channels you trust.
Persistence & Privilege: okalways is false and the plugin uses normal lifecycle hooks. It does not request global or persistent privileges beyond reading the channel/account config or an env var for the Discord token, nor does it attempt to modify other plugins or system-wide settings.