← Back to Skills Marketplace
Mind Security
by
Andrey Gruzdev
· GitHub ↗
· v1.2.4
· MIT-0
430
Downloads
3
Stars
1
Active Installs
7
Versions
Install in OpenClaw
/install mind-security
Description
AI security toolkit — deepfake detection, prompt injection scanning, malware/phishing URL scanning, and AI text detection. Use when: (1) verifying if an imag...
Usage Guidance
This package generally implements what it claims, but there are metadata and requirement inconsistencies you should resolve before installing or providing credentials. Things to consider:
- Only provide API keys you intend to use. BitMind and GPTZero are needed for their respective modules; VirusTotal/URLScan/Google Safe Browsing are optional and should not be treated as mandatory.
- The registry's requirement for curl/wget appears unnecessary — the scripts use Python's urllib. Ask the publisher why curl/wget are marked required and refuse to provide unrelated binaries or run in environments that don't need them.
- The prompt-injection module includes real attack patterns in its docs; the pre-scan detection of injection strings is expected. This is not proof of maliciousness.
- The optional llm-guard ML layer downloads a ~500MB model to the user's cache on first use — plan for disk and network usage and review that library if you enable it.
- The skill sends user content to third-party APIs (BitMind, GPTZero, VirusTotal, URLScan, Google Safe Browsing). If you will analyze sensitive data, isolate network access, use dedicated API keys with limited scope, and confirm the vendors' privacy policies.
- Recommended next steps: contact the skill publisher (repo homepage) to correct registry metadata (mark optional keys as optional, remove unnecessary curl/wget requirement), or inspect/modify the scripts locally before use. If you need higher assurance, prefer running the scripts in an isolated environment or review the full code paths for any truncated parts.
Capability Analysis
Type: OpenClaw Skill
Name: mind-security
Version: 1.2.4
The mind-security skill bundle is a legitimate AI security toolkit providing deepfake detection, prompt injection scanning, malware URL scanning, and AI text detection. The scripts (check_ai_text.py, check_deepfake.py, check_malware.py, check_prompt_injection.py) are well-structured, use Python's standard library for network requests, and interact with reputable third-party APIs like BitMind, GPTZero, VirusTotal, and URLScan.io. The bundle is transparent about data handling, requires explicit API keys for external services, and contains no evidence of malicious intent, data exfiltration, or unauthorized execution.
Capability Assessment
Purpose & Capability
The name/description (deepfake, prompt-injection, malware URL, AI-text detection) matches the included scripts and reference docs. Each script uses the API keys you'd expect (BitMind for deepfakes, GPTZero for AI-text, VirusTotal/URLScan/Google Safe Browsing for URL scans). However, the registry metadata claims all listed env vars are required, while the README and code indicate several (VirusTotal, URLScan, Google Safe Browsing) are optional. The metadata also demands one of curl/wget even though the Python scripts use urllib and do not call those binaries — that requirement is disproportionate.
Instruction Scope
SKILL.md instructs the agent to run the included Python scripts and documents which third-party APIs will be contacted. The scripts appear to only send the user-provided artifact (text, URL, or media) to the declared vendor endpoints. There are no instructions asking the agent to read unrelated system files or secrets. Example prompt-injection test strings (e.g., 'ignore all previous instructions') appear in the docs because the module is explicitly a prompt-injection detector; this is expected.
Install Mechanism
There is no install spec — instruction-only with code files (scripts) included. Core operation uses stdlib; optional dependency llm-guard is documented for Layer 2 (ML) of prompt-injection, and its model download (~500MB) is noted. No remote arbitrary downloads are performed by the skill itself during install. Overall low install risk, but users should expect optional large model downloads if they enable ML layer.
Credentials
Registry requires BITMIND_API_KEY, GPTZERO_API_KEY, VIRUSTOTAL_API_KEY, URLSCAN_API_KEY, GOOGLE_SAFE_BROWSING_KEY. The code and docs show BitMind and GPTZero are required for their respective features, but VirusTotal/URLScan/Google Safe Browsing are optional (local heuristics run without keys). Declaring all of them as required is disproportionate and could trick users into supplying unnecessary credentials. Primary credential set to BITMIND_API_KEY is plausible but not strictly justified as the 'primary' across all use cases.
Persistence & Privilege
The skill does not request always:true and is user-invocable. It does not modify other skills or system configs. No evidence of persistent background behavior beyond running the scripts. Optional llm-guard model caching uses user's ~/.cache/huggingface which is normal for that library.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install mind-security - After installation, invoke the skill by name or use
/mind-security - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.4
Declare third-party API secrets and telemetry in metadata; reword injection detection descriptions; add Security & Privacy section
v1.2.3
fix: use browser-compatible User-Agent headers to bypass Cloudflare bot protection on BitMind and GPTZero APIs
v1.2.2
Restore full deepfake detection with video support, --fps, --debug flags aligned with subnet API
v1.2.1
Revert deepfake detection to original image-only implementation
v1.2.0
Multi-layer prompt injection (regex + llm-guard ML), GPTZero AI text detection, VirusTotal/URLScan malware scanning, deepfake video detection with --fps and --debug flags
v1.1.0
Add video detection, absurdity analysis, any-URL support, Subnet 34 docs
v1.0.0
Initial release — deepfake detection via BitMind API
Metadata
Frequently Asked Questions
What is Mind Security?
AI security toolkit — deepfake detection, prompt injection scanning, malware/phishing URL scanning, and AI text detection. Use when: (1) verifying if an imag... It is an AI Agent Skill for Claude Code / OpenClaw, with 430 downloads so far.
How do I install Mind Security?
Run "/install mind-security" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Mind Security free?
Yes, Mind Security is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Mind Security support?
Mind Security is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Mind Security?
It is built and maintained by Andrey Gruzdev (@canvinus); the current version is v1.2.4.
More Skills