ReddRadar
Agent skill
discord-ops
TOS-compliant Discord notification monitor. Watches YOUR Discord server for security content forwarded by researchers, matches keywords, and pushes to paper-writer/dogpile via webhooks. Persists to graph-memory for semantic search.
Install this agent skill to your Project
npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/data/discord-ops
Metadata
Additional technical details for this skill
- short description
- Discord keyword monitor with webhook + memory integration
SKILL.md
Discord Operations - Notification Monitor Model
TOS-compliant approach to Discord security intelligence gathering.
The Key Insight
OLD (Broken): Try to search external servers where you're not admin → TOS violation, impossible
NEW (Works): Monitor YOUR OWN server for content forwarded by researchers → 100% compliant
Architecture
┌───────────────────────────────────────────────────────────────────────────────┐
│ TOS-Compliant Discord Pipeline + Memory │
├───────────────────────────────────────────────────────────────────────────────┤
│ │
│ External Sources Your Server (Admin) Consumers │
│ ──────────────── ──────────────────── ───────── │
│ │
│ ┌─────────────┐ ┌──────────────────┐ │
│ │ Researchers │──DM/forward──▶│ #security-intel │ │
│ │ share │ │ │ │
│ │ insights │ │ Your Bot │──webhook──▶ paper-writer │
│ └─────────────┘ │ (keyword watch) │ │
│ │ │──webhook──▶ dogpile │
│ ┌─────────────┐ │ Keywords: │ │
│ │ Telegram │──bridge──▶ │ CVE, DARPA, │ │
│ │ bridges │ (social- │ HTB, 0-day... │ │
│ └─────────────┘ bridge) └────────┬─────────┘ │
│ │ │
│ ┌─────────────┼─────────────┐ │
│ ▼ ▼ ▼ │
│ ┌──────────┐ ┌──────────────┐ ┌────────────┐ │
│ │ matches │ │ graph-memory │ │ dogpile │ │
│ │ .jsonl │ │ (ArangoDB) │ │ search │ │
│ │ (local) │ │ lessons │ │ │ │
│ └──────────┘ └──────┬───────┘ └─────┬──────┘ │
│ │ │ │
│ └────────────────┘ │
│ (semantic recall) │
│ │
└───────────────────────────────────────────────────────────────────────────────┘
Quick Start
# 1. Check setup
./run.sh setup
# 2. Add your Discord server to monitor
./run.sh guild add "Security Intel" 1234567890123456789
# 3. Add webhook for forwarding matches
./run.sh webhook add alerts "https://discord.com/api/webhooks/..."
# 4. Start monitoring
./run.sh monitor start --webhook alerts
Commands
setup - Check Configuration
./run.sh setup
Shows status of:
- Bot token (from env or clawdbot)
- discord.py library
- httpx for webhooks
- Current configuration
keywords - Manage Watch Patterns
# List all keywords (regex patterns)
./run.sh keywords list
# Add a keyword pattern
./run.sh keywords add "CVE-2025-\d+"
./run.sh keywords add "supply.?chain"
# Remove a pattern
./run.sh keywords remove "HTB"
# Reset to defaults
./run.sh keywords reset
Default Keywords:
- Vulnerabilities:
CVE-\d{4}-\d+,0-?day,exploit,RCE,LPE,privesc - Programs:
DARPA,IARPA,BAA,grants?\.gov - Platforms:
HTB,TryHackMe,CTF - Threat Intel:
APT\d+,malware,ransomware,C2,cobalt.?strike - Techniques:
MITRE,ATT&CK,T\d{4}
guild - Manage Monitored Servers
# List monitored guilds
./run.sh guild list
# Add a guild to monitor
./run.sh guild add "My Server" 1234567890123456789
# Remove a guild
./run.sh guild remove "My Server"
webhook - Manage Output Webhooks
# List webhooks
./run.sh webhook list
# Add a webhook
./run.sh webhook add alerts "https://discord.com/api/webhooks/..."
./run.sh webhook add paper-writer "http://localhost:8000/paperwriter/discord"
# Remove a webhook
./run.sh webhook remove alerts
# Test a webhook
./run.sh webhook test alerts
monitor - Run the Monitor
# Check status
./run.sh monitor status
# Start monitoring (foreground)
./run.sh monitor start --webhook alerts
# Start in dry-run mode (log only, don't forward)
./run.sh monitor start --dry-run
# Stop the monitor
./run.sh monitor stop
matches - View Logged Matches
# Show recent matches
./run.sh matches
# Show more matches
./run.sh matches --limit 50
# Filter by keyword
./run.sh matches --keyword CVE
# Output as JSON
./run.sh matches --json
memory - Knowledge Graph Integration
# Check memory integration status
./run.sh memory status
# Search stored matches in memory
./run.sh memory search "CVE-2024"
# Search with JSON output
./run.sh memory search "ransomware" --json --k 20
# Ingest existing matches from log file to memory
./run.sh memory ingest --limit 100
Auto-Persistence: The monitor automatically persists matches to memory by default:
# Start with memory persistence (default)
./run.sh monitor start --webhook alerts
# Start without memory persistence
./run.sh monitor start --webhook alerts --no-persist
Webhook Payload Formats
Discord Webhook (auto-detected by URL)
{
"embeds": [{
"title": "Keyword Match: CVE-2024-1234, exploit",
"description": "New RCE exploit for CVE-2024-1234...",
"url": "https://discord.com/channels/...",
"color": 5793266,
"author": {"name": "researcher#1234"},
"footer": {"text": "Security Intel #cve-alerts"},
"timestamp": "2026-01-28T12:00:00Z"
}]
}
Generic Webhook (paper-writer/dogpile)
{
"source": "discord",
"content": "New RCE exploit for CVE-2024-1234...",
"author": "researcher#1234",
"channel": "Security Intel/#cve-alerts",
"url": "https://discord.com/channels/...",
"keywords": ["CVE-2024-1234", "exploit"],
"timestamp": "2026-01-28T12:00:00Z"
}
Setup Your Security Intel Server
Step 1: Create Server
Create a Discord server for aggregating security intel:
#cve-alerts- CVE announcements#research-feed- General security research#threat-intel- APT/malware news#darpa-baa- Funding opportunities
Step 2: Add Your Bot
- Use the bot from clawdbot or create a new one
- Required permissions:
Read Messages,Read Message History,View Channels - Get guild ID: Server Settings → Widget → Server ID
Step 3: Invite Researchers
- Researchers can forward content from other servers to your channels
- Or set up Telegram bridges (see social-bridge skill)
- Bot watches for keywords in YOUR server only
Step 4: Configure Webhooks
Create webhooks in your destination channels or endpoints:
- Discord webhook for alerts channel
- HTTP webhook for paper-writer integration
- Generic webhook for ArangoDB logging
Integration with paper-writer
# paper-writer endpoint receives Discord matches
POST /paperwriter/discord
{
"source": "discord",
"content": "...",
"keywords": ["CVE-...", "exploit"],
...
}
# Gets auto-indexed alongside arXiv/SAM.gov pulls
Integration with social-bridge
The social-bridge skill can forward Telegram content to your Discord server:
Telegram Public Channels → social-bridge → Your Discord → discord-ops → paper-writer
Environment Variables
| Variable | Description | Required |
|---|---|---|
DISCORD_BOT_TOKEN |
Bot token | Yes (or in clawdbot .env) |
CLAWDBOT_DIR |
Path to clawdbot | No (default: ~/workspace/experiments/clawdbot) |
Files
.pi/skills/discord-ops/
├── discord_ops.py # Main CLI
├── run.sh # Runner script
├── config.json # Guilds and webhooks config
├── keywords.json # Watched keyword patterns
├── matches.jsonl # Logged keyword matches
└── monitor.pid # PID file when running
Why This Works
| Aspect | This Approach |
|---|---|
| TOS | Compliant - monitoring YOUR server |
| Admin access | Only needed on YOUR server |
| Real-time | Yes - event-driven via Gateway |
| Scalable | Limited by webhook rate limits |
| Reliable | Uses official Discord API |
Comparison with Old Approach
| Feature | Old (Search) | New (Monitor) |
|---|---|---|
| Search external servers | Attempted | Not needed |
| Requires admin on target | Yes (impossible) | No |
| TOS compliant | No | Yes |
| Real-time | No | Yes |
| Works | No | Yes |
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
majiayu000/claude-skill-registry
agent-ops-spec
Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.
majiayu000/claude-skill-registry
agent-ops-state
Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.
majiayu000/claude-skill-registry
agent-ops-spec
Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.
majiayu000/claude-skill-registry
agent-ops-testing
Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.
majiayu000/claude-skill-registry
agent-ops-testing
Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.
majiayu000/claude-skill-registry
agent-ops-state
Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.
Didn't find tool you were looking for?