The Discord ecosystem has a malware problem.
Traditional bot lists rely on automated scripts that check two things:
- Is the bot online?
- Does the token work?
If yes -> Approved. 🚨
This lazy approach is why so many malicious bots infiltrate servers.
At DiscordForge, we decided to take a harder path. We combined manual verification with AI Reasoning Models (Gemini 3). Here is why purely algorithmic checks fail and how "Deep Thinking" models fix it.
The "Context" Problem
Imagine a bot with this description:
"A simple tool to help you backup your server channels."
A standard regex check sees keywords like "backup" and "channels" and tags it as a Utility Bot. ✅
However, a Reasoning Model looks at the Permissions Intent:
-
Permissions Requested:
Manage Webhooks,Mention Everyone. - Logic Analysis: Why does a backup bot need to mention everyone?
Gemini 3 Deep Think flags this mismatch immediately. It understands that while "backups" are a valid feature, the combination of mass-ping permissions with a backup tool is a high-probability heuristic for a Raid Bot.
Our Hybrid Pipeline
We built a pipeline that scores every submission:
- Static Analysis: Checks uptime and API response time.
- AI Audit: Scans the description, commands, and requested permissions for logical fallacies and social engineering vectors.
- Human Review: A real human (me or a trusted verifier) makes the final call based on the AI's report.
It’s slower than auto-approval, but the result is a directory where server owners can actually trust the "Add Bot" button.
Try to trick it?
We are currently beta-testing this verification flow. If you are a bot developer who cares about security, I invite you to list your bot on the Forge.
Top comments (0)