mind-security
AI security toolkit with four active modules.
Quick Reference
python3 scripts/check_prompt_injection.py "<text>" |
prompt-injection.md |
| Malware/phishing scan |
python3 scripts/check_malware.py "https://..." |
malware-scanning.md |
| AI text detection |
python3 scripts/check_ai_text.py "<text>" |
ai-text-detection.md |
Modules
Deepfake detection — BitMind API (Bittensor Subnet 34) for images and videos. Supports YouTube, Twitter/X, TikTok URLs. EXIF/metadata fallback for local images. Set BITMIND_API_KEY (get key).
Prompt injection detection — Multi-layer scanner: 50+ regex patterns (instant, zero-dep) + LLM Guard ML model (optional, pip install llm-guard). Identifies known injection signatures, role-override attempts, and instruction-bypass patterns.
Malware/phishing scanning — VirusTotal (70+ engines), URLScan.io (1500+ brands), Google Safe Browsing, plus local heuristics (typosquatting, suspicious TLDs, phishing patterns). Works with no keys via heuristics.
AI text detection — GPTZero API with per-sentence scoring and ~99% accuracy across GPT-4/5, Claude, Gemini, LLaMA. Requires GPTZERO_API_KEY (get key).
API Keys
AI text detection |
Yes |
gptzero.me/dashboard |
|
VIRUSTOTAL_API_KEY | Malware scanner | Optional |
virustotal.com |
|
URLSCAN_API_KEY | Malware scanner | Optional |
urlscan.io |
|
GOOGLE_SAFE_BROWSING_KEY | Malware scanner | Optional |
console.cloud.google.com |
Script Conventions
- - �INLINECODE12
- Core: zero pip dependencies (stdlib only)
- Optional ML:
pip install llm-guard for prompt injection Layer 2 - JSON to stdout, errors to stderr
- Exit 0 success, exit 1 failure
Security & Privacy
External endpoints — this skill sends user-provided data to the following third-party APIs for analysis. No data is stored or logged by the skill itself:
| API | Used By | Data Sent |
|---|
| BitMind | Deepfake detection | Image/video files or URLs |
| GPTZero |
AI text detection | Text content |
|
VirusTotal | Malware scanner | URLs (not file contents) |
|
URLScan.io | Malware scanner | URLs |
|
Google Safe Browsing | Malware scanner | URLs |
Trust statement — All modules use Python stdlib only (no pip dependencies for core). API calls use urllib.request with explicit timeouts (10–120s). No telemetry, no analytics, no phone-home beyond the declared API calls above.
mind-security
包含四个活跃模块的AI安全工具包。
快速参考
python3 scripts/check
promptinjection.py <文本> |
prompt-injection.md |
| 恶意软件/钓鱼扫描 | python3 scripts/check
malware.py https://... | malware-scanning.md |
| AI文本检测 | python3 scripts/checkaitext.py <文本> | ai-text-detection.md |
模块
深度伪造检测 — 用于图像和视频的BitMind API(Bittensor子网34)。支持YouTube、Twitter/X、TikTok网址。本地图像使用EXIF/元数据回退。设置BITMINDAPIKEY(获取密钥)。
提示注入检测 — 多层扫描器:50+正则表达式模式(即时,零依赖)+ LLM Guard机器学习模型(可选,pip install llm-guard)。识别已知注入特征、角色覆盖尝试和指令绕过模式。
恶意软件/钓鱼扫描 — VirusTotal(70+引擎)、URLScan.io(1500+品牌)、Google安全浏览,以及本地启发式检测(域名仿冒、可疑顶级域、钓鱼模式)。无需密钥即可通过启发式检测工作。
AI文本检测 — GPTZero API,支持逐句评分,在GPT-4/5、Claude、Gemini、LLaMA上准确率约99%。需要GPTZEROAPIKEY(获取密钥)。
API密钥
AI文本检测 | 是 | gptzero.me/dashboard |
| VIRUSTOTALAPIKEY | 恶意软件扫描器 | 可选 | virustotal.com |
| URLSCANAPIKEY | 恶意软件扫描器 | 可选 | urlscan.io |
| GOOGLESAFEBROWSINGKEY | 恶意软件扫描器 | 可选 | console.cloud.google.com |
脚本约定
- - python3 scripts/<脚本>.py --help
- 核心:零pip依赖(仅标准库)
- 可选机器学习:pip install llm-guard用于提示注入第二层
- JSON输出到标准输出,错误输出到标准错误
- 退出码0表示成功,退出码1表示失败
安全与隐私
外部端点 — 此技能将用户提供的数据发送至以下第三方API进行分析。技能本身不存储或记录任何数据:
AI文本检测 | 文本内容 |
| VirusTotal | 恶意软件扫描器 | 网址(非文件内容) |
| URLScan.io | 恶意软件扫描器 | 网址 |
| Google安全浏览 | 恶意软件扫描器 | 网址 |
信任声明 — 所有模块仅使用Python标准库(核心功能无pip依赖)。API调用使用urllib.request并设置显式超时(10-120秒)。无遥测、无分析、除上述声明的API调用外无任何回传。
