Making Slack safe for ICO communities.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


  • Clone the repository
  • Run composer update
  • Log into your Slack team
  • Go here and generate a legacy token for you:
  • Run cp config.ini.template config.ini and put your legacy token into app[token].
  • Run php -f index.php
  • Start chatting in Slack


To set up some things, you need to know things that aren't publicly viewable. Below is a table of things you can run

Command Example Response Description
+userid COMMAND Userid: XXXXXXXX Gives your slack user id for admin[userid] setting
+update COMMAND Updated domains: 2,141 Updates the blacklist of domains provided by ESD

What does it do?

This is not the finished piece - still working on it! Currently it's protecting the users who are running it with their legacy token. I'm looking at putting it into a Slack app to run it on behalf of all users automatically so every user is protected. If an admin is running it, then all public channels will be protected.

  • Disables use of people using Slackbot to remind channels.
  • Disables people from sending messages as anyone through the open legacy tokens api.
    • You can whitelist the bot_ids in config.ini that are allowed to post messages.
    • This will also reduce the attack vector of people creating apps and messaging everyone to look more legit.
  • Periodically remind admin users who don't have 2fa enabled to enable it.
  • Look at URLS in messages and see if they're in the EtherScamDb database.
  • Archive deleted messages to an archive private channel for admins to look at.
  • Deploy to Heroku button


Donations of ETH & ERC20 are accepted: 0x661b5dc032bedb210f225df4b1aa2bdd669b38bc