Security Review

A short trust review for server owners.

Use this page when staff or members ask whether Aegis is safe to invite, what it can control, and how to test it without risking the whole server.

Discord permissions are the safety boundary

Aegis cannot do actions that Discord permissions do not allow. If you do not want Aegis managing channels, roles, moderation, or messages, do not grant those permissions until you are ready to test them.

Remove the bot to stop control

If Aegis is removed from a server, it cannot keep managing that server. Dashboard controls require the bot to be installed and authorized in the selected server.

Roblox login does not share passwords

Roblox OAuth sends members through Roblox. Aegis receives identity information needed for verification, not the Roblox password. Manual profile-code verification also avoids passwords.

Test before production

The recommended install path is a private test server or locked test category, limited permissions, logs enabled, and one module tested at a time.

Owner Concerns

Direct answers before you invite.

Can Aegis nuke my server?

Aegis can only perform destructive actions if Discord permissions allow it and an enabled module or authorized staff action triggers that behavior. The safest review is to avoid Administrator at first, keep the Aegis role below staff roles, and test in a private category before giving server-wide access.

Are there hidden remote controls?

Dashboard controls should require Discord login and server-management permission checks. Aegis cannot control a server where it is not installed. If you remove the bot from your server, dashboard control over that server stops.

Does Roblox login expose passwords?

No. Roblox OAuth sends the member through Roblox. Aegis receives identity information needed for verification, not the Roblox password. Manual verification uses a temporary profile code instead of a password.

Can normal members use dashboard controls?

No. Dashboard access should be restricted to accounts with appropriate Discord permissions in the selected server. Normal members should not be able to manage modules, roles, or moderation settings.

Can I safely test Aegis first?

Yes. The recommended path is a private test server or test category, limited permissions, one enabled module at a time, and staff review before production rollout.

Safe Install Order

Step 1

First invite

Use a test server or a single private category.

Step 2

First permissions

Start with view/send/embed/logging permissions only.

Step 3

First feature

Enable tickets, logs, or welcome messages before high-risk systems.

Step 4

Before verification

Review pending, verified, allied, and log roles or channels.

Step 5

Before Administrator

Only grant it if you want full setup automation and have reviewed the behavior.

Review Checklist

Invite Aegis to a test server first.
Do not start with Administrator unless you are intentionally testing full automation.
Place the Aegis role below owner and senior staff roles.
Give Aegis access only to the test category while reviewing behavior.
Enable logs before testing moderation, verification, tickets, or role sync.
Check Discord audit logs after every high-impact test.
Remove unused permissions before moving to production.
Keep old bots installed until Aegis replacement features are confirmed.

Need the full version?

Read the full owner docs.

The full documentation explains permissions, dashboard controls, data storage, Roblox OAuth, migration, pricing, feature coverage, and the owner-away reliability plan.

Open Owner Docs Ask Aegis Support