I would think maybe this could be integrated with AbuseFilter somehow or maybe the IRC feeds (though those don't cover private wikis)

I don't think AbuseFilter can trigger on blocks, scanning IRC feeds is more feasible for this. As they follow a standardized format (<databasename> * [[Special:Log/block]] block * <blockingadmin> * blocked [[User:<blockeduser>]] with an expiration time of <expirationtime> (<blockparameters>): <reason>), you could have an IRC bot listening on #miraheze-feed scanning for block messages, extract the reason, use regex to look for keywords in the block reason (like those given by Owen), then flag them for review at TSPortal if the regex matches.

This should be implemented via a Hook not via IRC scanning as private wikis aren't on IRC.

https://github.com/wikimedia/mediawiki/blob/master/includes/specials/Hook/BlockIpCompleteHook.php

Nevermind my previous comment, it had a mistake, gimme a second

This could be done by using $wgHooks then, or perhaps a fancy extension that has a special page that allows modifying the list of keywords on-wiki, if you really want to.

Anyway, I quickly hacked up a $wgHooks version, completely untested and dirty code though, should be good to test the idea out before developing more heavy stuff like extensions, if T&S ever decides to go that route.

use MediaWiki\Http\HttpRequestFactory;

$wi = new MirahezeFunctions();
$efTSPortalWriteKey = 'PutTheWriteKeyHere';
$efTSPortalUrl = 'https://reports.miraheze.org'
$efTSPortalUsername = 'MediaWiki-BlockAlert';
$efBlockKeywordsArray = ['underage', 'death threats'];

function efBlockKeywords($block, $user, $priorblock) {
	//https://doc.wikimedia.org/mediawiki-core/master/php/classMediaWiki_1_1Block_1_1DatabaseBlock.html
	foreach ($efBlockKeywordsArray as $needle) {
		if (strpos($block->getReason(), $needle) !== false) { //str_contains in PHP8, getReason is deprecated
			//https://doc.wikimedia.org/mediawiki-core/master/php/classMediaWiki_1_1Http_1_1HttpRequestFactory.html
			$TSPortalPostData = ["writekey" => $efTSPortalWriteKey, "subjectuser" => "BlockAlert-dummy", type => "people-other", "reportinguser" => $efTSPortalUsername, "text" => "This is an automatic report by BlockAlert. An user was blocked at " . $wi->dbname . ", and the block contains a keyword. The block ID at the wiki is " . $block->getId() . ", and the block reason is: " . $block->getReason()];
			httprequest = new HttpRequestFactory();
			httprequest->post($efTSPortalUrl . '/api/report', ["postData" => $TSPortalPostData]);
		};
	};
};

$wgHooks['BlockIpComplete'][] = 'efBlockKeywords';

I've been reading the documentation of DatabaseBlock, and as far as I understand it, there's no way to get the username of the blocked user, only the username of the admin. You're supposed to use the ID of the blocked user to query the database and retrieve the username, apparently.

Also, this would need to import whatever script Miraheze has that defines the MirahezeFunctions() function, as that's what this uses to get the database name of the wiki where the block happened.

It should be put on a file that isn't public, unless you want to reveal the writekey to the world.

@OrangeStar it should be done using https://github.com/miraheze/MirahezeMagic/tree/master/includes/MirahezeMagicHooks.php, or similar, using $wmgTSPortalWriteKey for the write key, as we can add that to PrivateSettings.php. Database can be retrieved with global configuration variable, DBname in MirahezeMagicHooks also. But that is very helpful of you to put that draft together. Thank you very much for that. I can probably turn that into something usable at some point now.

So something like this in MirahezeMagicHooks:

public static function onBlockIpComplete( $block, $user, $priorBlock ) {
	$config = MediaWikiServices::getInstance()->getConfigFactory()->makeConfig( 'mirahezemagic' );

	$reportsUsername = $config->get( 'MirahezeReportsBlockAlertUsername' );
	$reportsBlockAlertKeywords = $config->get( 'MirahezeReportsBlockAlertKeywords' );

	foreach ( $reportsBlockAlertKeywords as $keyword ) {
		if ( str_contains( $block->getReasonComment()->text, $keyword ) ) {
			$reportsPostData = [
				'writekey' => $config->get( 'MirahezeReportsWriteKey' ),
				'subjectuser' => $block->getTargetName(),
				'type' => 'people-other',
				'reportinguser' => $reportsUsername,
				'text' => 'This is an automatic report by BlockAlert. A user was blocked on ' . $config->get( 'DBname' ) . ', and the block matched keyword "' . $keyword . '." The block ID at the wiki is ' . $block->getId() . ', and the block reason is: ' . $block->getReasonComment()->text
			];
			$httpRequestFactory = MediaWikiServices::getInstance()->getHttpRequestFactory();
			$httpRequestFactory->post( 'https://reports.miraheze.org/api/report', [ 'postData' => $reportsPostData ] );
		}
	}
}

Again, that is untested, I didn't even look at code, just modified to adjust for usage in MirahezeMagicHooks.

https://github.com/miraheze/MirahezeMagic/pull/380

That looks like real production code now. I also see you found a way to get the username of the blocked user, nice.

edit: I see I used the PHP variable names as parameters instead of the POST parameters TSPortal was looking for, big oops.