How do I install Omnicord?

Omnicord is a local plugin. Install it using npm package: @orygn/omnicord and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

Is Omnicord safe to use?

Yes. Omnicord passed MCP Marketplace's automated security scan with a score of 10/10 (low risk). Every server on MCP Marketplace is security-scanned before it's listed; see the full security report on this page for the findings and permissions.

What credentials does Omnicord need?

Omnicord requires the following credentials or environment variables: DISCORD_TOKEN, OMNICORD_GUILD. You can find setup instructions on the server detail page.

What AI apps work with Omnicord?

Omnicord uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Omnicord MCP Server

by OrygnsCode

Developer ToolsLow Risk10.0MCP RegistryLocal

Free

Server data from the Official MCP Registry

Your AI runs your Discord server: chat, moderation, admin, even building it all from one brief.

About

Your AI runs your Discord server: chat, moderation, admin, even building it all from one brief.

Security Report

10.0

Low Risk10.0Low Risk

Valid MCP server (1 strong, 1 medium validity signals). No known CVEs in dependencies. Package registry verified. Imported from the Official MCP Registry.

4 files analyzed · 1 issue found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

file_system

Check that this permission is expected for this type of plugin.

HTTP Network Access

Connects to external APIs or services over the internet.

env_vars

Check that this permission is expected for this type of plugin.

Shell Command Execution

Runs commands on your machine. Be cautious — only use if you trust this plugin.

What You'll Need

Set these up before or after installing:

Bot token from the Discord Developer Portal. The init wizard sets this up.Required

Environment variable: DISCORD_TOKEN

Optional default server id so tools can omit the guild parameter.Optional

Environment variable: OMNICORD_GUILD

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-orygnscode-omnicord": {
      "env": {
        "DISCORD_TOKEN": "your-discord-token-here",
        "OMNICORD_GUILD": "your-omnicord-guild-here"
      },
      "args": [
        "-y",
        "@orygn/omnicord"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

Omnicord

Omnicord is an MCP server that gives your AI assistant full operational control of a Discord server. Day to day chat, moderation, administration, and at the top end: building out an entire community server from a one paragraph brief.

You describe what you want. Your AI decides how to do it. Omnicord makes sure it happens correctly, and that nothing destructive happens without your say so.

How it works

Your AI client (Claude Desktop, Cursor, Windsurf, Claude Code, or any other MCP client) is the brain. Omnicord is the hands: it talks to Discord through your own bot, enforces Discord's rules before they bite, queues politely behind rate limits, and gates every destructive action behind a preview you confirm. There is no LLM inside Omnicord and no cloud service behind it. Your bot token stays in a file on your machine.

Quick start

You need Node 20 or newer and a Discord account. One command:

npx @orygn/omnicord init

Or from source:

git clone https://github.com/OrygnsCode/Omnicord.git && cd Omnicord
npm install
npm run build
node dist/index.js init

Prefer to watch? Here is the full setup, start to finish:

The wizard goes from a bare Discord application to a working setup in about a minute. It takes the bot token with input hidden, verifies it live against Discord, checks the privileged intent toggles and waits while you fix any that are off, generates an invite link at the permission level you pick, saves the token locally (a gitignored .env for a source checkout, or .omnicord/.env in your user folder for an npx or global install), and writes the omnicord entry into your AI client's config (backing the file up first). Claude Desktop (including the Microsoft Store build), Cursor, Windsurf, and project level Claude Code are detected automatically; anything else gets a snippet to paste.

Then fully restart your AI client and ask it:

run a setup check on my Discord bot

Eight checks, plain English results, and the exact fix for anything that is wrong.

What it can do

Area	Examples
Server building	Plan and execute a full server build from a brief: roles, categories, channels, permissions, in one additive operation. Save, diff, and rebuild layouts as blueprints.
Messaging	Send, edit, pin, react, polls, scheduled messages, DMs, webhooks.
Reading	Channel history, search, members, roles, permissions, audit log.
Moderation	Timeouts, kicks, bans, bulk actions, prune, all preview first.
AutoMod	Discord's server side filters: keyword rules, Discord maintained preset lists (slurs, profanity), spam and mention flood limits.
Real time	Subscribe to live server events and ask "what did I miss?"
Structure	Channels, categories, permission overwrites, reordering, cloning.
Community	Events, stages, threads, forums, invites, welcome screen, onboarding.
Expression	Emojis, stickers, soundboard sounds.
Diagnostics	Setup check, bot info, rate limit status, permission explainers.

The full contract for every tool is in the tool catalog.

The safety model

Destructive operations (deleting, banning, kicking, timeouts, bulk actions) never execute on the first call. They return a human readable preview and a confirmation token bound to that exact action; repeating the call with the token executes it. Tokens are single use and expire after two minutes. Moderation additionally preflights Discord's hierarchy rules, owner protection, and self protection before the gate, so the failure mode is an explanation rather than a 403.

This is enforced by Omnicord itself, not by the model's judgment. A confused or compromised AI session cannot skip the gate.

Running it

Stdio, the default, for desktop MCP clients:

node dist/index.js

Streamable HTTP, for remote capable clients and self hosting:

node dist/index.js --http              # 127.0.0.1:3414/mcp
node dist/index.js --http --port 8080

A bot token sits behind the HTTP endpoint, so the defaults are strict: binding beyond localhost without OMNICORD_HTTP_TOKEN refuses to start, bearer auth is compared in constant time, browser origins are rejected unless allowlisted, and the Host header is validated in loopback mode to close DNS rebinding. Details in self-hosting.

Docker

A published image is on Docker Hub (orygn/omnicord), or you can build your own. The image runs the HTTP transport as a non root user with the container health check wired to the health endpoint. It binds beyond loopback, so it requires OMNICORD_HTTP_TOKEN and exits with a clear message without one. The token never lives in the image; everything arrives through the environment at runtime.

docker run -d -p 3414:3414 \
  -e DISCORD_TOKEN=your-bot-token \
  -e OMNICORD_HTTP_TOKEN=a-strong-secret \
  orygn/omnicord

To build it yourself instead: docker build -t omnicord .. Or with compose, after exporting the two secrets: docker compose up -d.

Configuration

Environment variables, or a .env file (the wizard writes one for you; source checkouts use .env next to package.json, npx and global installs use .omnicord/.env in your user folder):

Variable	What it does
`DISCORD_TOKEN`	The bot token. Required for anything real; the server boots without it and the diagnostics explain what to fix.
`OMNICORD_GUILD`	Optional default server ID so tools can omit the guild parameter.
`OMNICORD_SAFE_MODE`	Default on. Destructive tools preview first and require a confirm token; set to `false` only for trusted automation.
`OMNICORD_GATEWAY`	Default on when a token is set: the bot shows as online and real time event subscriptions work. Set to `off` for REST only operation.
`OMNICORD_DATA_DIR`	Where saved blueprints and scheduled messages live. Default: `.omnicord` next to `package.json` for a source checkout, `.omnicord` in your user folder for an installed copy.
`OMNICORD_PORT`	HTTP port, default 3414.
`OMNICORD_HTTP_HOST`	HTTP bind address, default `127.0.0.1`.
`OMNICORD_HTTP_TOKEN`	Bearer token for HTTP mode. Required to bind beyond localhost.
`OMNICORD_HTTP_ORIGINS`	Comma separated browser origins allowed to call the HTTP endpoint. Empty means none.

Client config for stdio (Claude Desktop and compatible):

{
  "mcpServers": {
    "omnicord": {
      "command": "node",
      "args": ["/absolute/path/to/dist/index.js"]
    }
  }
}

No token goes in the client config. The server finds .env no matter where the client spawns it from: it checks the current directory, then the package root, then .omnicord in your user folder, and a real environment variable overrides all of them.

Documentation

Doc	What is in it
Getting started	Setup in a few minutes, wizard or by hand.
Connecting AI clients	Exact config for Claude Desktop, Claude Code, Cursor, Windsurf, ChatGPT, and anything else.
Self-hosting	HTTP transport, Docker, and the security model for networked deployments.
Troubleshooting	Common problems and their fixes.
Security whitepaper	Plain language: what Omnicord can and cannot touch, for whoever decides whether to install it.
SECURITY.md	The engineering level threat model and audit findings.
Tool catalog	The full contract of all 148 tools.

The docs are written to be read by AI assistants too: paste a page at your AI and have it walk you through.

Omnicord is also listed on the official MCP registry, Smithery, and Docker Hub.

Tests

node scripts/unit.mjs        # pure logic: resolver, permissions, planner, gate
node scripts/smoke.mjs       # stdio protocol session, no token needed
node scripts/smoke-http.mjs  # HTTP transport, sessions, auth, security gates
node scripts/acceptance.mjs  # live end-to-end against a real test server

The acceptance suite needs DISCORD_TOKEN and OMNICORD_GUILD pointing at a disposable test server, and cleans up after itself. scripts/smoke-docker.mjs builds and verifies the container image and needs a running Docker daemon.

License

Omnicord is source available under the Elastic License 2.0. In plain terms: anyone may read, use, modify, and self host it freely, including businesses running their own communities. The one thing the license forbids is offering Omnicord to third parties as a hosted or managed service. The code is public so it can be audited; it is not up for resale as a service.

Versioning

Semantic versioning, tracked in CHANGELOG.md. 1.0.0 marked the public launch; releases since follow semver, and the npm badge above shows the current version. The version in package.json flows everywhere automatically: the MCP server identity, the health endpoint, and the wizard.

Built by Orygn LLC. Security reports: security@orygn.tech.

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Fetch

Free

by Modelcontextprotocol · Developer Tools

Web content fetching and conversion for efficient LLM usage

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

Omnicord MCP Server

About

Security Report

Findings (1)

Permissions Required

What You'll Need

How to Install

Documentation

Omnicord

How it works

Quick start

What it can do

The safety model

Running it

Docker

Configuration

Documentation

Tests

License

Versioning

Reviews

No reviews yet

More Developer Tools MCP Servers

Fetch

Toleno

mcp-creator-python

MarkItDown

FinAgent

mcp-creator-typescript