Mind Security
AI security toolkit — deepfake detection, prompt injection scanning, malware/phishing URL scanning, and AI text detection. Use when: (1) verifying if an imag...
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 3 · 213 · 1 current installs · 1 all-time installs
byAndrey Gruzdev@Canvinus
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (deepfake, prompt-injection, malware URL, AI-text detection) matches the included scripts and reference docs. Each script uses the API keys you'd expect (BitMind for deepfakes, GPTZero for AI-text, VirusTotal/URLScan/Google Safe Browsing for URL scans). However, the registry metadata claims all listed env vars are required, while the README and code indicate several (VirusTotal, URLScan, Google Safe Browsing) are optional. The metadata also demands one of curl/wget even though the Python scripts use urllib and do not call those binaries — that requirement is disproportionate.
Instruction Scope
SKILL.md instructs the agent to run the included Python scripts and documents which third-party APIs will be contacted. The scripts appear to only send the user-provided artifact (text, URL, or media) to the declared vendor endpoints. There are no instructions asking the agent to read unrelated system files or secrets. Example prompt-injection test strings (e.g., 'ignore all previous instructions') appear in the docs because the module is explicitly a prompt-injection detector; this is expected.
Install Mechanism
There is no install spec — instruction-only with code files (scripts) included. Core operation uses stdlib; optional dependency llm-guard is documented for Layer 2 (ML) of prompt-injection, and its model download (~500MB) is noted. No remote arbitrary downloads are performed by the skill itself during install. Overall low install risk, but users should expect optional large model downloads if they enable ML layer.
Credentials
Registry requires BITMIND_API_KEY, GPTZERO_API_KEY, VIRUSTOTAL_API_KEY, URLSCAN_API_KEY, GOOGLE_SAFE_BROWSING_KEY. The code and docs show BitMind and GPTZero are required for their respective features, but VirusTotal/URLScan/Google Safe Browsing are optional (local heuristics run without keys). Declaring all of them as required is disproportionate and could trick users into supplying unnecessary credentials. Primary credential set to BITMIND_API_KEY is plausible but not strictly justified as the 'primary' across all use cases.
Persistence & Privilege
The skill does not request always:true and is user-invocable. It does not modify other skills or system configs. No evidence of persistent background behavior beyond running the scripts. Optional llm-guard model caching uses user's ~/.cache/huggingface which is normal for that library.
Scan Findings in Context
[ignore-previous-instructions] expected: The SKILL.md and prompt-injection references include explicit injection examples like 'ignore all previous instructions' to demonstrate detection. The detection of this pattern by the scanner is expected and not on its own evidence of malicious intent.
What to consider before installing
This package generally implements what it claims, but there are metadata and requirement inconsistencies you should resolve before installing or providing credentials. Things to consider:
- Only provide API keys you intend to use. BitMind and GPTZero are needed for their respective modules; VirusTotal/URLScan/Google Safe Browsing are optional and should not be treated as mandatory.
- The registry's requirement for curl/wget appears unnecessary — the scripts use Python's urllib. Ask the publisher why curl/wget are marked required and refuse to provide unrelated binaries or run in environments that don't need them.
- The prompt-injection module includes real attack patterns in its docs; the pre-scan detection of injection strings is expected. This is not proof of maliciousness.
- The optional llm-guard ML layer downloads a ~500MB model to the user's cache on first use — plan for disk and network usage and review that library if you enable it.
- The skill sends user content to third-party APIs (BitMind, GPTZero, VirusTotal, URLScan, Google Safe Browsing). If you will analyze sensitive data, isolate network access, use dedicated API keys with limited scope, and confirm the vendors' privacy policies.
- Recommended next steps: contact the skill publisher (repo homepage) to correct registry metadata (mark optional keys as optional, remove unnecessary curl/wget requirement), or inspect/modify the scripts locally before use. If you need higher assurance, prefer running the scripts in an isolated environment or review the full code paths for any truncated parts.references/prompt-injection.md:9
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.2.4
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🛡️ Clawdis
Binspython3
Any bincurl, wget
EnvBITMIND_API_KEY, GPTZERO_API_KEY, VIRUSTOTAL_API_KEY, URLSCAN_API_KEY, GOOGLE_SAFE_BROWSING_KEY
Primary envBITMIND_API_KEY
SKILL.md
mind-security
AI security toolkit with four active modules.
Quick Reference
| Task | Command | Docs |
|---|---|---|
| Deepfake detection | python3 scripts/check_deepfake.py <path_or_url> | deepfake-detection.md |
| Prompt injection scan | python3 scripts/check_prompt_injection.py "<text>" | prompt-injection.md |
| Malware/phishing scan | python3 scripts/check_malware.py "https://..." | malware-scanning.md |
| AI text detection | python3 scripts/check_ai_text.py "<text>" | ai-text-detection.md |
Modules
Deepfake detection — BitMind API (Bittensor Subnet 34) for images and videos. Supports YouTube, Twitter/X, TikTok URLs. EXIF/metadata fallback for local images. Set BITMIND_API_KEY (get key).
Prompt injection detection — Multi-layer scanner: 50+ regex patterns (instant, zero-dep) + LLM Guard ML model (optional, pip install llm-guard). Identifies known injection signatures, role-override attempts, and instruction-bypass patterns.
Malware/phishing scanning — VirusTotal (70+ engines), URLScan.io (1500+ brands), Google Safe Browsing, plus local heuristics (typosquatting, suspicious TLDs, phishing patterns). Works with no keys via heuristics.
AI text detection — GPTZero API with per-sentence scoring and ~99% accuracy across GPT-4/5, Claude, Gemini, LLaMA. Requires GPTZERO_API_KEY (get key).
API Keys
| Env Var | Used By | Required | Get It |
|---|---|---|---|
BITMIND_API_KEY | Deepfake detection | For API mode | app.bitmind.ai/api/keys |
GPTZERO_API_KEY | AI text detection | Yes | gptzero.me/dashboard |
VIRUSTOTAL_API_KEY | Malware scanner | Optional | virustotal.com |
URLSCAN_API_KEY | Malware scanner | Optional | urlscan.io |
GOOGLE_SAFE_BROWSING_KEY | Malware scanner | Optional | console.cloud.google.com |
Script Conventions
python3 scripts/<script>.py --help- Core: zero pip dependencies (stdlib only)
- Optional ML:
pip install llm-guardfor prompt injection Layer 2 - JSON to stdout, errors to stderr
- Exit 0 success, exit 1 failure
Security & Privacy
External endpoints — this skill sends user-provided data to the following third-party APIs for analysis. No data is stored or logged by the skill itself:
| API | Used By | Data Sent |
|---|---|---|
| BitMind | Deepfake detection | Image/video files or URLs |
| GPTZero | AI text detection | Text content |
| VirusTotal | Malware scanner | URLs (not file contents) |
| URLScan.io | Malware scanner | URLs |
| Google Safe Browsing | Malware scanner | URLs |
Trust statement — All modules use Python stdlib only (no pip dependencies for core). API calls use urllib.request with explicit timeouts (10–120s). No telemetry, no analytics, no phone-home beyond the declared API calls above.
Files
9 totalSelect a file
Select a file to preview.
Comments
Loading comments…