← Back to Skills Marketplace
453
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install discord-dual-bot-orchestrator
Description
Set up and operate dual Discord bots on one machine with isolated memory, channel allowlists, mention-gated reviewer bot behavior, optional one-way reviewer-...
README (SKILL.md)
Discord Dual Bot Orchestrator
Use placeholders only. Never store real secrets in this skill.
Required placeholders
BOT_A_NAMEBOT_B_NAMEBOT_A_TOKENBOT_B_TOKENBOT_A_IDBOT_B_IDGUILD_IDCHANNEL_ID_LIST(comma-separated)BASE_DIR(example:~/.openclaw/bots)
Workflow
- Create isolated workspaces for bot-a and bot-b.
- Write
.envfiles from template using placeholders. - Apply channel allowlist policy:
- Bot-A: primary chat policy
- Bot-B:
requireMention=trueon allowlisted channels
- Optional: enable one-way bridge (
bot-b -> bot-a) for reviewer feedback. - Create backup snapshot before each risky iteration.
- If behavior regresses, rollback snapshot and restart both gateways.
Commands
Initialize layout
Run:
scripts/init_dual_bot.sh
Apply policy (placeholder-safe)
Run:
scripts/apply_policy.sh
Backup current state
Run:
scripts/backup_state.sh
Rollback from backup dir
Run:
scripts/rollback_state.sh \x3CBACKUP_DIR>
Guardrails
- Keep
BOT_B_TOKENseparate fromBOT_A_TOKEN. - Keep bot-b mention-gated in group channels.
- Never enable bidirectional auto-bridge (avoids reply loops).
- Always backup before patching runtime files.
Usage Guidance
This skill appears to implement the advertised dual-bot orchestration, but it has two practical concerns you should address before running anything: (1) metadata claims no required credentials while the runtime templates and scripts clearly need bot tokens/IDs and will use values you place into .env files, and (2) the scripts read/write configs under your home directory and the rollback script will overwrite openclaw config files without prompts. Recommendations: inspect every script line-by-line, run in an isolated test account or container (not your real bot/guild), back up existing ~/.openclaw and ~/.openclaw-bot-b manually before using the provided backup/rollback, set BOTB_CONFIG/BASE_DIR/OUT_DIR to test paths to avoid clobbering production files, never commit real tokens into the skill files, and only provide credentials at runtime in the actual bot .env (not in the repo). If the package metadata can be corrected to declare the required credentials and path env vars explicitly, that would reduce ambiguity.
Capability Analysis
Type: OpenClaw Skill
Name: discord-dual-bot-orchestrator
Version: 1.0.0
The skill bundle is classified as suspicious due to multiple critical path traversal and arbitrary file write vulnerabilities across all shell scripts. Specifically, `scripts/apply_policy.sh`, `scripts/backup_state.sh`, `scripts/init_dual_bot.sh`, and `scripts/rollback_state.sh` directly use unsanitized environment variables (`BOTB_CONFIG`, `OUT_DIR`, `BASE_DIR`) and user-provided arguments (`BK_DIR` from `<BACKUP_DIR>` placeholder) in file system operations (`Path()`, `mkdir -p`, `cp -f`, `cat >`). This allows an attacker to write to arbitrary file paths, potentially leading to configuration corruption, data disclosure, or even remote code execution by overwriting critical system files.
Capability Assessment
Purpose & Capability
The scripts and SKILL.md implement the advertised capabilities (creating isolated workspaces, writing .env templates, applying channel allowlists, backups and rollbacks). However, the package metadata declares no required environment variables or credentials while the runtime instructions and templates clearly rely on bot tokens, IDs, guild/channel IDs, and other placeholders — this mismatch is unexpected and should be clarified.
Instruction Scope
The instructions and scripts operate on configuration files under $HOME (e.g. ~/.openclaw/openclaw.json and ~/.openclaw-bot-b/openclaw.json), create directories in the user's filesystem, and overwrite those files during rollback. apply_policy.sh edits the bot-b JSON config and backup/rollback copy files without additional confirmation. These actions are coherent with the stated purpose but are potentially destructive and broaden the agent's scope to the user's OpenClaw config files.
Install Mechanism
No install spec is provided and included files are simple shell and small Python snippets. There is no external download or archive extraction. Risk from install mechanism is low.
Credentials
The SKILL.md lists many sensitive placeholders (BOT_A_TOKEN, BOT_B_TOKEN, BOT IDs, GUILD_ID, CHANNEL_ID_LIST) and the scripts read environment variables (BOTB_CONFIG, GUILD_ID, CHANNEL_ID_LIST, BASE_DIR, OUT_DIR). Yet the skill metadata declares no required env vars/primary credential. Sensitive tokens are necessary for the skill's function but their handling depends on the user replacing .env.template files; this mismatch and the absence of an explicit credential declaration is a red flag. The scripts also default to standard home paths which can expose or overwrite existing configs if mispointed.
Persistence & Privilege
The skill is not always-enabled and does not install persistent agents. However, its scripts directly modify and restore user config files under $HOME, which is a form of high-impact filesystem privilege. That behaviour is consistent with its purpose but increases blast radius if run unintentionally or with incorrect paths.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install discord-dual-bot-orchestrator - After installation, invoke the skill by name or use
/discord-dual-bot-orchestrator - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial public release (placeholder-safe, no personal info)
Metadata
Frequently Asked Questions
What is Discord Dual Bot Orchestrator?
Set up and operate dual Discord bots on one machine with isolated memory, channel allowlists, mention-gated reviewer bot behavior, optional one-way reviewer-... It is an AI Agent Skill for Claude Code / OpenClaw, with 453 downloads so far.
How do I install Discord Dual Bot Orchestrator?
Run "/install discord-dual-bot-orchestrator" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Discord Dual Bot Orchestrator free?
Yes, Discord Dual Bot Orchestrator is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Discord Dual Bot Orchestrator support?
Discord Dual Bot Orchestrator is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Discord Dual Bot Orchestrator?
It is built and maintained by nbdxrycyl (@nbdxrycyl); the current version is v1.0.0.
More Skills