Is ingejanben268/discord-hub-my safe?

https://github.com/openclaw/skills/tree/main/skills/ingejanben268/discord-hub-my

88
SAFE

This skill is a straightforward Discord Bot API reference guide whose SKILL.md and supporting reference documents are clean, on-topic, and free of prompt injection or hidden instructions. The only meaningful security concerns are two included bash helper scripts that use an Android Termux-specific interpreter path and send data via curl to an unvalidated webhook URL, but no proactive credential harvesting was observed and all canary files remained intact. The skill is safe for installation with the caveat that the bundled shell scripts should not be invoked with sensitive data or untrusted WEBHOOK_URL values.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 80/100 · 25%
Code Execution 78/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (5)

LOW Unvalidated WEBHOOK_URL accepts any endpoint in curl call -20

discord_send.sh sends the contents of $MSG to $WEBHOOK_URL with no validation of the URL scheme, host, or domain. If a user or orchestration layer sets WEBHOOK_URL to an attacker-controlled server, all message content passed to the script is exfiltrated. Exploitation requires the attacker to control the WEBHOOK_URL environment variable and cause the script to be invoked with sensitive content.

LOW Termux-specific bash shebang makes scripts non-portable and execution-dependent -10

Both run.sh and discord_send.sh declare #!/data/data/com.termux/files/usr/bin/bash as their interpreter. On a standard Linux system this path does not exist, so the scripts will fail with 'interpreter not found' rather than executing. This limits the attack surface but also signals scripts were written for Android Termux, an atypical production environment.

LOW Unsanitized $MSG variable interpolated directly into JSON string -12

In discord_send.sh, $MSG is embedded into a JSON payload via shell string interpolation without escaping double quotes or backslashes. Content containing '"' would produce malformed JSON and could potentially alter the JSON structure if the variable is constructed from user-controlled input upstream.

INFO run.sh sources .env file from skill directory with set -a (export-all) 0

run.sh checks for a .env file in its own directory and sources it with set -a enabled, which exports every variable defined in the file to the environment for child processes. While scoped to the skill directory rather than the user home, this pattern could be abused if an adversary placed a .env file in the skill directory.

INFO Install-time network limited to GitHub sparse-checkout clone 0

The only external TCP connection initiated during skill installation was to GitHub (140.82.121.4:443) to perform the git sparse-checkout clone. No secondary download, CDN fetch, or callback to the skill author's infrastructure was observed.