Trust Assessment
discord-voice received a trust score of 43/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 1 medium, and 0 low severity. Key findings include Sensitive path access: AI agent config, Unpinned npm dependency version, User speech directly passed to LLM without sanitization.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | User speech directly passed to LLM without sanitization The `handleTranscript` function in `index.ts` takes transcribed user speech (`text`) and passes it directly as the `message` parameter to `api.runtime.agent?.chat()`. This allows an attacker to inject malicious instructions into the LLM's prompt by speaking them, potentially manipulating the LLM's behavior, extracting sensitive information, or causing it to generate harmful content. The LLM's response is then spoken back to the user via the `speak` tool, amplifying the potential impact. Implement robust input sanitization and validation for all user-provided text before it is passed to the LLM. Consider using a separate, hardened prompt for agent interactions initiated by user speech, or a prompt templating system that strictly separates user input from system instructions. Implement output filtering for LLM responses before they are spoken to prevent the bot from vocalizing harmful content. | LLM | index.ts:100 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/avatarneil/discord-voice/SKILL.md:50 | |
| HIGH | Arbitrary module loading via CLAWDBOT_ROOT environment variable The `resolveClawdbotRoot` function in `src/core-bridge.ts` allows the `CLAWDBOT_ROOT` environment variable to override the determined Clawdbot installation path. If an attacker can control this environment variable in the execution environment, they can point the skill to a malicious Clawdbot root directory. This would cause `importCoreModule` to load arbitrary modules from the attacker-controlled path, leading to arbitrary code execution within the skill's process. Avoid using environment variables to determine critical application paths that can lead to arbitrary code loading. If absolutely necessary, validate the `CLAWDBOT_ROOT` path against a whitelist of trusted locations or ensure the environment where this variable can be set is highly secured and isolated. Consider using a more robust and secure mechanism for locating core modules that is not easily manipulable by external input. | LLM | src/core-bridge.ts:60 | |
| MEDIUM | Unpinned npm dependency version Dependency '@discordjs/voice' is not pinned to an exact version ('^0.18.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/avatarneil/discord-voice/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/1aec3b5db5b32267)
Powered by SkillShield