Checklist
- Document why the bot is needed
- Invite with minimal permissions
- Restrict dashboard admins
- Place bot role below staff roles
- Set a review reminder
Steps
- Start from the bot's actual job, not a default admin invite.
- Invite the bot into a test server first when possible.
- Review channel overrides after installation.
- Document dashboard owners and recovery contacts.
- Remove the bot if nobody owns it anymore.
A bot with broad permissions can become a single point of failure. Least privilege is not distrust; it is good operations.
This guide never asks for bot tokens, private credentials, or unsafe account access.
