openclaw-skills/workspace-security/vt-monitor/scripts/scan-thread.sh

#!/bin/bash
# Create a Discord forum thread for a VT file scan event
# Usage: scan-thread.sh "filename" "risk_category" ["hash"]
set -e

FILENAME="$1"
RISK_CAT="$2"
HASH="${3:-unknown}"
CHANNEL_ID="1470849667737714851"

TOKEN=$(printenv DISCORD_BOT_TOKEN)
[ -z "$TOKEN" ] && echo '{"ok":false,"error":"no token"}' && exit 1

CONTENT=$(printf '🛡️ **VT-Sentinel File Scan**\n\n**File:** `%s`\n**Category:** %s\n**Status:** ⏳ PENDING — uploaded to VirusTotal for analysis\n**Hash:** `%s`\n\n---\n*Will update when verdict is available.*' \
    "$FILENAME" "$RISK_CAT" "$HASH")

THREAD_NAME=$(printf '[%s] %s — ⏳ PENDING' "$RISK_CAT" "$FILENAME")

PAYLOAD=$(jq -n \
    --arg name "$THREAD_NAME" \
    --arg content "$CONTENT" \
    '{name: $name, message: {content: $content}, auto_archive_duration: 1440}')

RESULT=$(curl -s -X POST \
    -H "Authorization: Bot $TOKEN" \
    -H "Content-Type: application/json" \
    -d "$PAYLOAD" \
    "https://discord.com/api/v10/channels/${CHANNEL_ID}/threads")

THREAD_ID=$(echo "$RESULT" | jq -r '.id // empty')
if [ -n "$THREAD_ID" ]; then
    echo "{\"ok\":true,\"threadId\":\"$THREAD_ID\"}"
else
    echo "{\"ok\":false,\"error\":$(echo "$RESULT" | jq -c '.')}"
fi