Discord AI Dispatcher
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Discord/webhook dispatcher guide, but its persistent auto-healing mode can reset state and resend or update Discord messages using local webhook secrets without a clear approval gate.
Review this skill before use if you do not want autonomous recovery behavior. Use dedicated Discord webhooks, secure `config/webhooks.json`, require manual approval for healing/backlog re-sends, set rate limits, and make sure any scheduled task is easy to audit and disable.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A bad recovery decision or incorrect queue could create duplicate, stale, or unwanted Discord notifications.
The skill tells the dispatcher to override a normal safety control and send webhook messages. That is aligned with recovery, but it is high-impact and the artifact does not specify an explicit approval or dry-run gate before delivery.
The dispatcher reads this queue and **force-delivers** the alerts, bypassing the standard duplicate filter for these specific IDs.
Require user approval for healing sends, add dry-run previews, rate limits, and batch caps, and log exactly which messages will be resent before posting.
State corruption or a mistaken reset could cause a surge of repeated notifications across channels.
A local state-file problem can automatically propagate into external Discord/webhook activity by re-sending a backlog. The caveat is disclosed, but containment and confirmation are not clearly defined.
it will **automatically delete and re-initialize** the file... This may trigger a one-time "Recovery Surge" where the system re-sends notifications from the last 24 hours
Back up state before deletion, require confirmation before backlog re-sync, and bound recovery by channel, time window, and maximum message count.
Anyone who can read the config file may be able to post to the configured webhooks.
Webhook URLs function like credentials because they can authorize posting to Discord or other messaging endpoints. This is expected for a webhook dispatcher, but users should protect the local file.
All webhook URLs and configuration secrets are stored locally in `config/webhooks.json`. No external credential managers are used.
Restrict file permissions, use dedicated low-privilege webhooks, rotate webhook URLs if exposed, and avoid storing broader account tokens.
The dispatcher may continue sending or updating messages on a schedule until the scheduled task is disabled.
Persistent scheduled execution is disclosed and fits a notification dispatcher, but it means the workflow can keep running after the initial setup.
Run the orchestrator as a **Background Task** (`schtasks`) to ensure persistence across reboots.
Install scheduled tasks only intentionally, document how to disable them, and run them under a restricted account with scoped webhook access.