Trust Assessment
discord-voice received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 1 high, 2 medium, and 1 low severity. Key findings include Sensitive path access: AI agent config, Insecure API Key Storage in Configuration Examples, Supply Chain Risk from Unpinned Dependencies and Placeholder Repository.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/thiagoruss0/discord-voicetwhtm/SKILL.md:54 | |
| MEDIUM | Insecure API Key Storage in Configuration Examples The configuration examples in `SKILL.md` show API keys (e.g., `openai.apiKey`, `elevenlabs.apiKey`, `deepgram.apiKey`) being directly embedded in the `clawdbot.json` file. Storing sensitive credentials directly in configuration files can expose them if the file is accidentally committed to version control, shared, or accessed by unauthorized processes. While environment variables are mentioned as an alternative, the primary examples encourage insecure storage. Emphasize the use of environment variables as the primary and recommended method for providing API keys in all configuration examples. Remove direct API key values from examples, replacing them with placeholders like `"$OPENAI_API_KEY"` or `"<YOUR_OPENAI_API_KEY>"`. | LLM | SKILL.md:99 | |
| MEDIUM | Supply Chain Risk from Unpinned Dependencies and Placeholder Repository The manual installation instructions include `git clone <repository-url>` and `npm install`. The `git clone` command uses a placeholder `<repository-url>`, which if replaced with an untrusted source, can lead to arbitrary code execution. The subsequent `npm install` command, without a `package-lock.json` or explicit version pinning in `package.json` (which are not provided in this context), can fetch the latest versions of dependencies, potentially introducing vulnerable or malicious packages into the project. Provide a specific, trusted `repository-url` for `git clone`. Ensure that the `package.json` uses strict version pinning (e.g., exact versions instead of caret/tilde ranges) and that a `package-lock.json` file is always committed and used to ensure deterministic dependency installations. Recommend `npm ci` for clean installs in CI/CD or production environments. | LLM | SKILL.md:59 | |
| LOW | Excessive Default Permissions for `allowedUsers` The `allowedUsers` configuration option defaults to an empty array, which means all users are permitted to use the voice features. While configurable, this default setting grants broad access and might not align with the principle of least privilege, potentially allowing unintended users to interact with the bot. Consider changing the default `allowedUsers` to require explicit configuration, or at least highlight the security implications of the empty array default. For example, `allowedUsers: ["<YOUR_DISCORD_USER_ID>"]` as a default example, or `allowedUsers: ["<USER_ID_1>", "<USER_ID_2>"]` to encourage explicit whitelisting. | LLM | SKILL.md:90 |
Scan History
Embed Code
[](https://skillshield.io/report/fa3544b3d5480093)
Powered by SkillShield