Claude-skill-registry discord-ops
install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/discord-ops" ~/.claude/skills/majiayu000-claude-skill-registry-discord-ops && rm -rf "$T"
manifest:
skills/data/discord-ops/SKILL.mdsource content
Discord Operations - Notification Monitor Model
TOS-compliant approach to Discord security intelligence gathering.
The Key Insight
OLD (Broken): Try to search external servers where you're not admin → TOS violation, impossible
NEW (Works): Monitor YOUR OWN server for content forwarded by researchers → 100% compliant
Architecture
┌───────────────────────────────────────────────────────────────────────────────┐ │ TOS-Compliant Discord Pipeline + Memory │ ├───────────────────────────────────────────────────────────────────────────────┤ │ │ │ External Sources Your Server (Admin) Consumers │ │ ──────────────── ──────────────────── ───────── │ │ │ │ ┌─────────────┐ ┌──────────────────┐ │ │ │ Researchers │──DM/forward──▶│ #security-intel │ │ │ │ share │ │ │ │ │ │ insights │ │ Your Bot │──webhook──▶ paper-writer │ │ └─────────────┘ │ (keyword watch) │ │ │ │ │──webhook──▶ dogpile │ │ ┌─────────────┐ │ Keywords: │ │ │ │ Telegram │──bridge──▶ │ CVE, DARPA, │ │ │ │ bridges │ (social- │ HTB, 0-day... │ │ │ └─────────────┘ bridge) └────────┬─────────┘ │ │ │ │ │ ┌─────────────┼─────────────┐ │ │ ▼ ▼ ▼ │ │ ┌──────────┐ ┌──────────────┐ ┌────────────┐ │ │ │ matches │ │ graph-memory │ │ dogpile │ │ │ │ .jsonl │ │ (ArangoDB) │ │ search │ │ │ │ (local) │ │ lessons │ │ │ │ │ └──────────┘ └──────┬───────┘ └─────┬──────┘ │ │ │ │ │ │ └────────────────┘ │ │ (semantic recall) │ │ │ └───────────────────────────────────────────────────────────────────────────────┘
Quick Start
# 1. Check setup ./run.sh setup # 2. Add your Discord server to monitor ./run.sh guild add "Security Intel" 1234567890123456789 # 3. Add webhook for forwarding matches ./run.sh webhook add alerts "https://discord.com/api/webhooks/..." # 4. Start monitoring ./run.sh monitor start --webhook alerts
Commands
setup
- Check Configuration
setup./run.sh setup
Shows status of:
- Bot token (from env or clawdbot)
- discord.py library
- httpx for webhooks
- Current configuration
keywords
- Manage Watch Patterns
keywords# List all keywords (regex patterns) ./run.sh keywords list # Add a keyword pattern ./run.sh keywords add "CVE-2025-\d+" ./run.sh keywords add "supply.?chain" # Remove a pattern ./run.sh keywords remove "HTB" # Reset to defaults ./run.sh keywords reset
Default Keywords:
- Vulnerabilities:
,CVE-\d{4}-\d+
,0-?day
,exploit
,RCE
,LPEprivesc - Programs:
,DARPA
,IARPA
,BAAgrants?\.gov - Platforms:
,HTB
,TryHackMeCTF - Threat Intel:
,APT\d+
,malware
,ransomware
,C2cobalt.?strike - Techniques:
,MITRE
,ATT&CKT\d{4}
guild
- Manage Monitored Servers
guild# List monitored guilds ./run.sh guild list # Add a guild to monitor ./run.sh guild add "My Server" 1234567890123456789 # Remove a guild ./run.sh guild remove "My Server"
webhook
- Manage Output Webhooks
webhook# List webhooks ./run.sh webhook list # Add a webhook ./run.sh webhook add alerts "https://discord.com/api/webhooks/..." ./run.sh webhook add paper-writer "http://localhost:8000/paperwriter/discord" # Remove a webhook ./run.sh webhook remove alerts # Test a webhook ./run.sh webhook test alerts
monitor
- Run the Monitor
monitor# Check status ./run.sh monitor status # Start monitoring (foreground) ./run.sh monitor start --webhook alerts # Start in dry-run mode (log only, don't forward) ./run.sh monitor start --dry-run # Stop the monitor ./run.sh monitor stop
matches
- View Logged Matches
matches# Show recent matches ./run.sh matches # Show more matches ./run.sh matches --limit 50 # Filter by keyword ./run.sh matches --keyword CVE # Output as JSON ./run.sh matches --json
memory
- Knowledge Graph Integration
memory# Check memory integration status ./run.sh memory status # Search stored matches in memory ./run.sh memory search "CVE-2024" # Search with JSON output ./run.sh memory search "ransomware" --json --k 20 # Ingest existing matches from log file to memory ./run.sh memory ingest --limit 100
Auto-Persistence: The monitor automatically persists matches to memory by default:
# Start with memory persistence (default) ./run.sh monitor start --webhook alerts # Start without memory persistence ./run.sh monitor start --webhook alerts --no-persist
Webhook Payload Formats
Discord Webhook (auto-detected by URL)
{ "embeds": [{ "title": "Keyword Match: CVE-2024-1234, exploit", "description": "New RCE exploit for CVE-2024-1234...", "url": "https://discord.com/channels/...", "color": 5793266, "author": {"name": "researcher#1234"}, "footer": {"text": "Security Intel #cve-alerts"}, "timestamp": "2026-01-28T12:00:00Z" }] }
Generic Webhook (paper-writer/dogpile)
{ "source": "discord", "content": "New RCE exploit for CVE-2024-1234...", "author": "researcher#1234", "channel": "Security Intel/#cve-alerts", "url": "https://discord.com/channels/...", "keywords": ["CVE-2024-1234", "exploit"], "timestamp": "2026-01-28T12:00:00Z" }
Setup Your Security Intel Server
Step 1: Create Server
Create a Discord server for aggregating security intel:
- CVE announcements#cve-alerts
- General security research#research-feed
- APT/malware news#threat-intel
- Funding opportunities#darpa-baa
Step 2: Add Your Bot
- Use the bot from clawdbot or create a new one
- Required permissions:
,Read Messages
,Read Message HistoryView Channels - Get guild ID: Server Settings → Widget → Server ID
Step 3: Invite Researchers
- Researchers can forward content from other servers to your channels
- Or set up Telegram bridges (see social-bridge skill)
- Bot watches for keywords in YOUR server only
Step 4: Configure Webhooks
Create webhooks in your destination channels or endpoints:
- Discord webhook for alerts channel
- HTTP webhook for paper-writer integration
- Generic webhook for ArangoDB logging
Integration with paper-writer
# paper-writer endpoint receives Discord matches POST /paperwriter/discord { "source": "discord", "content": "...", "keywords": ["CVE-...", "exploit"], ... } # Gets auto-indexed alongside arXiv/SAM.gov pulls
Integration with social-bridge
The social-bridge skill can forward Telegram content to your Discord server:
Telegram Public Channels → social-bridge → Your Discord → discord-ops → paper-writer
Environment Variables
| Variable | Description | Required |
|---|---|---|
| Bot token | Yes (or in clawdbot .env) |
| Path to clawdbot | No (default: ~/workspace/experiments/clawdbot) |
Files
.pi/skills/discord-ops/ ├── discord_ops.py # Main CLI ├── run.sh # Runner script ├── config.json # Guilds and webhooks config ├── keywords.json # Watched keyword patterns ├── matches.jsonl # Logged keyword matches └── monitor.pid # PID file when running
Why This Works
| Aspect | This Approach |
|---|---|
| TOS | Compliant - monitoring YOUR server |
| Admin access | Only needed on YOUR server |
| Real-time | Yes - event-driven via Gateway |
| Scalable | Limited by webhook rate limits |
| Reliable | Uses official Discord API |
Comparison with Old Approach
| Feature | Old (Search) | New (Monitor) |
|---|---|---|
| Search external servers | Attempted | Not needed |
| Requires admin on target | Yes (impossible) | No |
| TOS compliant | No | Yes |
| Real-time | No | Yes |
| Works | No | Yes |