We checked this and rejected itsecurity

discord-manager: why it is not safe to use

discord-manager is safe in code but pairs untrusted Discord content with irreversible, high-blast-radius actions, so it warns rather than passes.

What we found

On the positive side, our scan found no data exfiltration, no hardcoded secrets, no obfuscation, and no calls to external endpoints beyond Discord and a localhost port. The bot token is read from the DISCORD_TOKEN environment variable, and the Java source is plain and readable.

The concern is combination, not malice. The same agent that reads messages and private messages (untrusted content) also holds irreversible actions: ban_member, delete_channel, delete_message, and delete_role. A crafted message could attempt to steer the agent toward harmful actions, a classic prompt-injection risk. The skill can also create or edit roles, rewrite channel permission overwrites, and create webhooks, which could escalate access within a server if misused. Blast radius scales with the token: a broadly scoped token effectively grants full server admin.

What to do instead

Scope the bot token to the narrowest permissions the task needs, and avoid granting admin. Prefer read-only or non-destructive setups where possible. Keep a human in the loop for bans, deletions, and role or permission changes, and treat message content as untrusted input rather than instructions.

Want the same outcome, safely? Use our checked skill instead.

Source: https://github.com/SaseQ/discord-mcp

We report what our security review found at the time we checked, with the goal of keeping people safe. Projects change; if a maintainer has since fixed this, we are glad to recheck it. Email hello@agentpod.com.

Copied to clipboard. Paste it into your AI (ChatGPT, Claude, or your agent) to add the skill.