Is discord safe?

The mediaUrl parameter in sendMessage, emojiUpload, and stickerUpload actions accepts file:/// URIs, allowing the agent to upload arbitrary local files to Discord channels or DMs. While this is a legitimate feature for sharing local content, it creates a potential data exfiltration vector if the agent is manipulated by prompt injection or a malicious co-installed skill.

The 'Discord Writing Style Guide' section instructs the agent to adopt a casual tone, avoid markdown headers, skip polite preambles, and use lowercase. While contextually appropriate for Discord formatting, this constitutes agent behavioral modification that could conflict with user-configured preferences or system-level style instructions.

The skill includes an 'Ideas to try' section that suggests autonomous behaviors like 'DM stickers as acknowledgements when a user's request is completed' and 'Send celebratory stickers after successful deploys'. These could be interpreted by an eager agent as standing instructions rather than optional suggestions.

This skill's ability to send messages and file attachments to arbitrary Discord channels or DMs makes it a potential exfiltration channel when combined with other skills that have filesystem or data access. A malicious co-installed skill could read sensitive data and then instruct the agent to send it via Discord DM.

The skill includes timeout, kick, and ban moderation actions. While disabled by default, enabling them exposes significant destructive capability that could be triggered by prompt injection or agent misinterpretation.

The Clawdbot runtime (not the skill itself) reads .env, .aws/credentials, openclaw.json, .profile, .bashrc, and auth-profiles.json during skill installation. This is standard framework behavior for loading configuration and authentication context, not initiated by the skill.