← 返回 Skills 市场
Csam Shield
作者
raghulpasupathi
· GitHub ↗
· v1.0.0
516
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install csam-shield
功能描述
Detects, blocks, and reports Child Sexual Abuse Material using AI-driven image, video, and behavior analysis with automatic NCMEC reporting and evidence pres...
使用说明 (SKILL.md)
CSAM Shield
Metadata
- ID: csam-shield
- Version: 1.0.0
- Category: safety
- Priority: CRITICAL
- Installation: npm
- Package:
@raghulpasupathi/csam-shield
Description
CRITICAL SAFETY SYSTEM for detecting and preventing Child Sexual Abuse Material (CSAM). Uses advanced computer vision, hash matching, age estimation, and behavior analysis to identify illegal content. Includes automatic NCMEC reporting, law enforcement coordination, and evidence preservation.
⚠️ CRITICAL WARNING
This skill handles the most serious form of online abuse. Implementation requires:
- Zero tolerance policy - immediate action on detection
- Legal compliance - mandatory reporting to NCMEC/law enforcement
- Evidence preservation - secure logging for legal proceedings
- Staff protection - mental health support for reviewers
- Privacy protection - strict handling of detected content
Features
- Hash Database Matching: PhotoDNA, PDQ, perceptual hashing against known CSAM
- Age Estimation: AI-powered age detection with high accuracy
- Anatomical Detection: Identify inappropriate imagery of minors
- Context Analysis: Distinguish legitimate from exploitative content
- Behavioral Analysis: Detect grooming patterns and predatory behavior
- NCMEC Integration: Automatic CyberTipline reporting
- Evidence Preservation: Secure storage for law enforcement
- User Flagging: Immediate account suspension and investigation
- Network Analysis: Identify distribution rings and patterns
- Real-time Blocking: Prevent upload/distribution instantly
Installation
Via ClawHub
https://clawhub.ai/raghulpasupathi/csam-shield
Via npm
npm install @raghulpasupathi/csam-shield
Configuration
{
"enabled": true,
"settings": {
"mode": "maximum-protection",
"zeroTolerance": true,
"thresholds": {
"ageEstimation": {
"childThreshold": 13,
"teenThreshold": 18,
"confidence": 0.85
},
"hashMatch": {
"exactMatch": 0.95,
"nearMatch": 0.85
},
"anatomicalDetection": {
"sensitivity": "maximum",
"blockThreshold": 0.70
},
"contextAnalysis": {
"enabled": true,
"legitimateExceptions": ["family", "medical", "educational"]
}
},
"databases": {
"photoDNA": {
"enabled": true,
"provider": "microsoft",
"updateFrequency": "hourly"
},
"pdqHash": {
"enabled": true,
"provider": "facebook",
"updateFrequency": "hourly"
},
"ncmec": {
"enabled": true,
"hashList": true,
"updateFrequency": "hourly"
},
"custom": {
"enabled": true,
"path": "/secure/csam-hashes/"
}
},
"detection": {
"imageAnalysis": true,
"videoAnalysis": true,
"textAnalysis": true,
"metadataAnalysis": true,
"networkAnalysis": true,
"behaviorAnalysis": true
},
"reporting": {
"ncmec": {
"enabled": true,
"endpoint": "https://report.cybertip.org/",
"apiKey": "${NCMEC_API_KEY}",
"automatic": true
},
"lawEnforcement": {
"enabled": true,
"contacts": ["fbi_tips", "local_police"],
"automatic": false,
"requiresReview": true
},
"preserveEvidence": true,
"evidenceRetention": "indefinite",
"encryptEvidence": true
},
"actions": {
"onDetection": [
"block_content",
"suspend_user",
"preserve_evidence",
"report_ncmec",
"alert_security_team",
"block_ip",
"flag_related_accounts"
],
"onHashMatch": [
"immediate_block",
"auto_report_ncmec",
"permanent_ban",
"preserve_all_user_content",
"notify_authorities"
]
},
"security": {
"accessControl": "restricted",
"auditLogging": "complete",
"encryption": "aes-256",
"staffProtection": true,
"limitedExposure": true
}
}
}
API / Methods
const CSAMShield = require('@raghulpasupathi/csam-shield');
// Initialize with strict security
const shield = new CSAMShield({
mode: 'maximum-protection',
ncmecApiKey: process.env.NCMEC_API_KEY,
encryptionKey: process.env.EVIDENCE_ENCRYPTION_KEY
});
// ⚠️ CRITICAL: Analyze content (use with extreme caution)
const result = await shield.analyze('/path/to/content.jpg');
console.log(result);
/* Output:
{
threat: 'CRITICAL',
action: 'IMMEDIATE_BLOCK',
detectionType: 'hash_match',
confidence: 0.98,
details: {
hashMatch: {
matched: true,
database: 'photoDNA',
matchConfidence: 0.99
},
ageEstimation: {
estimatedAge: 10,
confidence: 0.94,
isMinor: true
},
anatomicalDetection: {
inappropriate: true,
severity: 'extreme'
},
context: {
isLegitimate: false,
category: 'exploitative'
}
},
actions: {
contentBlocked: true,
userSuspended: true,
evidencePreserved: true,
ncmecReported: true,
reportId: 'NCMEC-2026-xxxxx',
authoritiesNotified: true
},
evidence: {
caseId: 'CASE-2026-xxxxx',
preservedData: [
'content_hash',
'user_info',
'upload_metadata',
'ip_address',
'device_info'
],
encryptedStorage: '/secure/evidence/CASE-2026-xxxxx/'
},
timestamp: '2026-02-20T10:30:00Z'
}
*/
// Check hash against known CSAM databases
const hashCheck = await shield.checkHash(contentHash);
console.log(hashCheck);
/* Output:
{
isKnownCSAM: true,
matchedDatabases: ['photoDNA', 'pdqHash', 'ncmec'],
matchConfidence: 0.99,
action: 'IMMEDIATE_BLOCK',
reportRequired: true
}
*/
// Estimate age in image
const ageEstimation = await shield.estimateAge('/path/to/image.jpg');
console.log(ageEstimation);
/* Output:
{
estimatedAge: 12,
confidence: 0.91,
ageRange: [10, 14],
isMinor: true,
certaintyLevel: 'high'
}
*/
// Analyze user behavior for grooming patterns
const behaviorAnalysis = await shield.analyzeBehavior(userId, {
messages: userMessages,
interactions: userInteractions,
timeline: activityTimeline
});
console.log(behaviorAnalysis);
/* Output:
{
isGrooming: true,
confidence: 0.87,
patterns: [
'age_inquiries',
'isolation_attempts',
'gift_offering',
'secrecy_requests',
'progressive_boundary_crossing'
],
riskLevel: 'extreme',
recommendedAction: 'immediate_investigation'
}
*/
// Report to NCMEC CyberTipline
const ncmecReport = await shield.reportToNCMEC({
content: contentDetails,
user: userDetails,
evidence: preservedEvidence
});
console.log(ncmecReport);
/* Output:
{
success: true,
reportId: 'NCMEC-2026-xxxxx',
timestamp: '2026-02-20T10:30:00Z',
status: 'submitted',
followUp: 'pending_review'
}
*/
// Preserve evidence for legal proceedings
const evidence = await shield.preserveEvidence({
contentId: 'content-123',
userId: 'user-456',
includeMetadata: true,
includeRelatedContent: true,
includeUserHistory: true
});
// Suspend user and related accounts
await shield.suspendUser(userId, {
reason: 'CSAM_DETECTION',
permanent: true,
blockRelatedAccounts: true,
preserveEvidence: true
});
// Network analysis to find related accounts
const network = await shield.analyzeNetwork(userId);
console.log(network);
/* Output:
{
suspiciousAccounts: [
{ userId: 'user-789', riskScore: 0.92, connection: 'frequent_messages' },
{ userId: 'user-012', riskScore: 0.85, connection: 'content_sharing' }
],
distributionRing: {
detected: true,
size: 7,
accounts: [...]
},
recommendedActions: [
'investigate_all_accounts',
'preserve_all_evidence',
'notify_authorities'
]
}
*/
// Secure hash generation (for reporting only)
const secureHash = await shield.generateSecureHash('/path/to/content.jpg');
// Update hash databases
await shield.updateHashDatabases();
// Event listeners (CRITICAL - requires immediate response)
shield.on('csam_detected', async (detection) => {
console.error('🚨 CRITICAL: CSAM DETECTED');
// Immediate actions
await shield.blockContent(detection.contentId);
await shield.suspendUser(detection.userId);
await shield.preserveEvidence(detection);
await shield.reportToNCMEC(detection);
await shield.notifySecurityTeam(detection);
await shield.alertAuthorities(detection);
});
shield.on('hash_match', async (match) => {
console.error('🚨 CRITICAL: Known CSAM hash matched');
// Automatic immediate actions
await shield.executeEmergencyProtocol(match);
});
shield.on('grooming_detected', async (behavior) => {
console.warn('⚠️ WARNING: Potential grooming behavior detected');
// Investigation and monitoring
await shield.flagForInvestigation(behavior.userId);
await shield.enhanceMonitoring(behavior.userId);
});
// Secure audit logging
const auditLog = await shield.getAuditLog({
type: 'csam_detection',
timeRange: 'last_30_days',
includeReports: true
});
// Staff protection - limited exposure mode
shield.enableStaffProtection({
blurContent: true,
limitedDetails: true,
rotationSchedule: true,
mentalHealthSupport: true
});
// Compliance reporting
const complianceReport = await shield.generateComplianceReport({
period: 'monthly',
includeStatistics: true,
includeActions: true,
format: 'legal'
});
Dependencies
- @microsoft/photodna: ^2.0.0 - PhotoDNA hashing
- pdq-hash: ^1.0.0 - Facebook PDQ hashing
- @tensorflow/tfjs-node-gpu: ^4.0.0 - Age estimation models
- opencv4nodejs: ^6.0.0 - Image analysis
- ncmec-reporter: ^1.0.0 - NCMEC CyberTipline integration
- crypto: Built-in - Evidence encryption
Performance
- Hash Matching: \x3C10ms (database lookup)
- Age Estimation: 100-200ms per image
- Full Analysis: 200-500ms per image
- Video Analysis: Real-time frame scanning
- Accuracy:
- Hash matching: 99.9% (known CSAM)
- Age estimation: 92% accuracy (±2 years)
- Context analysis: 89% accuracy
- False positive rate: \x3C0.01% (strict to prevent abuse)
Legal Requirements
- Mandatory Reporting: Report all detected CSAM to NCMEC (18 USC § 2258A)
- Evidence Preservation: Retain evidence for law enforcement (90+ days minimum)
- No Distribution: Never distribute detected CSAM, even internally
- User Notification: Do NOT notify user of detection (obstruction warning)
- Law Enforcement Cooperation: Full cooperation with investigations
- International Compliance: Comply with local laws (IWF, INHOPE, etc.)
Use Cases
- Social media platforms
- Messaging applications
- File sharing services
- Cloud storage providers
- Dating applications
- Gaming platforms with UGC
- Forum and community sites
- Any platform allowing user uploads
Troubleshooting
False Positives
Problem: Legitimate content flagged as CSAM Solution:
- Review context analysis results
- Check for family/medical/educational context
- Manual review by trained staff ONLY
- Document false positive for model improvement
- NEVER automatically ignore - always review
- Consider legitimate use cases in detection logic
Missing Known CSAM
Problem: Hash databases not catching known content Solution:
- Verify database updates are running hourly
- Check all hash databases enabled
- Ensure proper API keys configured
- Test hash generation process
- Verify network connectivity to update servers
- Contact database providers for troubleshooting
NCMEC Reporting Failures
Problem: Reports not submitting to NCMEC Solution:
- Verify API credentials
- Check network connectivity
- Queue reports for retry
- Manual submission if automatic fails
- Contact NCMEC technical support
- Keep local evidence regardless of submission status
Age Estimation Inaccuracy
Problem: Age estimation giving unreliable results Solution:
- Use as one signal, not sole determinant
- Combine with other detection methods
- Lower confidence threshold for safety
- Update age estimation models regularly
- Consider edge cases (appearing older/younger)
- When in doubt, err on side of caution
Evidence Storage Issues
Problem: Evidence not being preserved correctly Solution:
- Verify encryption keys configured
- Check storage permissions and space
- Test evidence retrieval process
- Implement redundant storage
- Regular backup verification
- Consult legal team on retention requirements
Integration Example
// ⚠️ CRITICAL SYSTEM INTEGRATION
const express = require('express');
const multer = require('multer');
const CSAMShield = require('@raghulpasupathi/csam-shield');
const app = express();
const upload = multer({ dest: '/secure/temp/' });
const shield = new CSAMShield({
mode: 'maximum-protection',
ncmecApiKey: process.env.NCMEC_API_KEY
});
// Critical: Pre-upload hash check
app.post('/api/upload', upload.single('file'), async (req, res) => {
const tempPath = req.file.path;
try {
// Generate hash immediately
const contentHash = await shield.generateSecureHash(tempPath);
// Check against known CSAM databases FIRST
const hashCheck = await shield.checkHash(contentHash);
if (hashCheck.isKnownCSAM) {
// CRITICAL: Known CSAM detected
console.error('🚨 CRITICAL: Known CSAM hash matched');
// Preserve evidence
await shield.preserveEvidence({
contentHash,
userId: req.user.id,
ip: req.ip,
uploadAttempt: true,
timestamp: new Date()
});
// Automatic NCMEC report
await shield.reportToNCMEC({
type: 'known_csam_upload',
hash: contentHash,
user: req.user,
ip: req.ip
});
// Suspend user immediately
await shield.suspendUser(req.user.id, {
reason: 'CSAM_UPLOAD',
permanent: true
});
// Delete file securely
await shield.secureDelete(tempPath);
// DO NOT reveal reason to user
return res.status(400).json({
success: false,
error: 'Upload failed. Please contact support.'
});
}
// Perform full analysis
const analysis = await shield.analyze(tempPath);
if (analysis.threat === 'CRITICAL') {
// New CSAM detected
console.error('🚨 CRITICAL: Potential CSAM detected');
// Execute emergency protocol
await shield.executeEmergencyProtocol({
content: tempPath,
user: req.user,
analysis: analysis
});
// DO NOT reveal reason to user
return res.status(400).json({
success: false,
error: 'Upload failed. Please contact support.'
});
}
// Content passed all checks
const url = await uploadToStorage(tempPath);
res.json({
success: true,
url: url
});
} catch (error) {
console.error('CSAM Shield error:', error);
// Fail closed - reject upload
res.status(500).json({
success: false,
error: 'Upload failed. Please try again.'
});
} finally {
// Always clean up temp file
if (fs.existsSync(tempPath)) {
await shield.secureDelete(tempPath);
}
}
});
// Background monitoring of existing content
async function scanExistingContent() {
console.log('Starting periodic content scan...');
const contentBatch = await getContentForScanning(1000);
for (const content of contentBatch) {
try {
const hash = await shield.generateSecureHash(content.url);
const check = await shield.checkHash(hash);
if (check.isKnownCSAM) {
console.error(`🚨 CRITICAL: Known CSAM found in existing content: ${content.id}`);
// Execute emergency protocol
await shield.executeEmergencyProtocol({
contentId: content.id,
userId: content.userId,
discoveryMethod: 'periodic_scan'
});
}
} catch (error) {
console.error(`Error scanning content ${content.id}:`, error);
}
}
}
// Run hourly scans
setInterval(scanExistingContent, 60 * 60 * 1000);
// Admin dashboard (RESTRICTED ACCESS)
app.get('/admin/csam/dashboard', requireSecurityClearance, async (req, res) => {
const stats = await shield.getStats({
period: '30d',
includeReports: true
});
res.json({
success: true,
stats: stats,
warning: 'RESTRICTED: Security clearance required'
});
});
// Compliance reporting (LEGAL TEAM ONLY)
app.get('/legal/csam/compliance-report', requireLegalAccess, async (req, res) => {
const report = await shield.generateComplianceReport({
period: req.query.period || 'monthly',
format: 'legal'
});
res.json({
success: true,
report: report
});
});
Best Practices (CRITICAL)
- Zero Tolerance: No exceptions, immediate action on detection
- Report Everything: When in doubt, report to NCMEC
- Preserve Evidence: Secure storage for law enforcement
- Staff Protection: Mental health support, limited exposure
- Never Distribute: Don't share detected content internally
- Legal Compliance: Follow all mandatory reporting laws
- User Privacy: Balance detection with legitimate user privacy
- Regular Updates: Keep hash databases current (hourly)
- Audit Everything: Complete logging for legal proceedings
- Encryption: Encrypt all evidence and sensitive data
- Access Control: Strict role-based access to systems
- Cooperation: Full cooperation with law enforcement
Emergency Contacts
- NCMEC CyberTipline: 1-800-843-5678 / report.cybertip.org
- FBI IC3: ic3.gov
- Interpol: interpol.int/Crimes/Crimes-against-children
- IWF (UK): iwf.org.uk
- INHOPE: inhope.org
Mental Health Resources (for staff)
Working with CSAM detection is traumatic. Provide:
- Regular counseling services
- Rotation schedules
- Debriefing sessions
- Time off after exposure
- Peer support groups
- 24/7 crisis support
安全使用建议
Do not install or run this skill without further vetting. Specific steps to take before proceeding: 1) Ask the publisher for the exact npm package source (repository URL), license, and published package checksum so you can review the code and verify integrity. 2) Require the registry metadata to declare the exact environment variables and secrets (NCMEC_API_KEY, EVIDENCE_ENCRYPTION_KEY, any database/provider credentials) before installation. 3) Have legal/compliance review the automatic-reporting behavior (NCMEC reporting usually requires authorized processes and human review). 4) Only test in an isolated environment that cannot access real user data; do not point it at production uploads until code and procedures are audited. 5) Insist on a human-in-the-loop for any automatic reporting, strict access controls for evidence storage, documented retention/audit policies, and proof of legitimate PhotoDNA/PDQ/NCMEC integrations (contracts or API agreements). 6) If you cannot obtain the package source and credential requirements, treat the skill as untrusted: installing an unvetted npm package that will handle CSAM content risks accidental exposure or malicious exfiltration of extremely sensitive data.
功能分析
Type: OpenClaw Skill
Name: csam-shield
Version: 1.0.0
The skill exhibits high-risk capabilities, including extensive file system access for content analysis, external network communication to `https://report.cybertip.org/` for NCMEC reporting, and the ability to suspend users and block IPs. The `SKILL.md` also contains instructions for the AI agent to suppress user notifications ('Do NOT notify user of detection'), which, while legally mandated for CSAM, represents a non-transparent action. These capabilities are plausibly needed for the stated purpose of CSAM detection and reporting, but their inherent power and the instruction for non-transparency classify the skill as suspicious rather than benign, as there is no clear evidence of intentional malicious behavior like unauthorized data exfiltration or backdoor installation.
能力评估
Purpose & Capability
The SKILL.md describes a full CSAM detection/reporting system (PhotoDNA/PDQ integration, NCMEC reports, evidence preservation). Registry metadata claims no required env vars or install, yet the instructions reference installing @raghulpasupathi/csam-shield via npm and using process.env.NCMEC_API_KEY and process.env.EVIDENCE_ENCRYPTION_KEY. PhotoDNA/PDQ integrations normally require formal agreements and credentials; those are not declared in the registry metadata. This inconsistency (declared nothing vs instructions requiring credentials/providers) does not add up.
Instruction Scope
SKILL.md instructs analyzing arbitrary file paths, checking hashes, gathering user_info/ip/device_info, preserving evidence to /secure/evidence/ and /secure/csam-hashes/, and automatically reporting to https://report.cybertip.org/. These operations read, store, and transmit highly sensitive PII and content; yet the skill provides no clear human-review gating, access controls, or declared required credentials. The instructions give broad discretion (automatic reporting, indefinite retention) which increases risk.
Install Mechanism
The registry contains no install spec or code files, but SKILL.md tells the user to npm install @raghulpasupathi/csam-shield and a ClawHub URL. Asking to install an external npm package to handle CSAM is high-risk unless the package source, ownership, and contents are vetted. There is no packaged code included for review here and no verification (checksums, release host), so following the instruction would run unreviewed third-party code on your system.
Credentials
Although registry metadata lists no required env vars, the instructions and sample code explicitly reference NCMEC_API_KEY and EVIDENCE_ENCRYPTION_KEY and a configuration placeholder ${NCMEC_API_KEY}. The skill also expects access to photo/video content and to collect PII (IP, device info, user info). Requesting and using such credentials and data is proportionate to the stated purpose only if declared up front and legally authorized; here those credentials are not declared or justified in metadata, which is a mismatch and a red flag.
Persistence & Privilege
The skill calls for preserving evidence indefinitely, encrypted storage, and writing to fixed secure paths. While retention is relevant to the purpose, the SKILL.md provides no guidance on access controls, where keys are stored, retention policy governance, or who reviews reports before automatic submission. The skill does not request 'always: true', which is good, but indefinite on-disk retention of sensitive material without controls is problematic.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install csam-shield - 安装完成后,直接呼叫该 Skill 的名称或使用
/csam-shield触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial public release of CSAM Shield — a critical safety system for detecting and preventing CSAM.
- Provides advanced computer vision, hash matching, age estimation, anatomical and behavioral analysis to identify child sexual abuse material.
- Automates NCMEC CyberTipline reporting, evidence preservation, law enforcement notifications, and user account actions.
- Offers configurable thresholds, extensive API methods, and strict security controls (encryption, audit logging, access restriction).
- Delivers real-time content blocking, automatic user suspension, and detection of grooming or distribution networks.
- Strong emphasis on legal compliance, privacy, staff mental health, and evidence management.
元数据
常见问题
Csam Shield 是什么?
Detects, blocks, and reports Child Sexual Abuse Material using AI-driven image, video, and behavior analysis with automatic NCMEC reporting and evidence pres... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 516 次。
如何安装 Csam Shield?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install csam-shield」即可一键安装,无需额外配置。
Csam Shield 是免费的吗?
是的,Csam Shield 完全免费(开源免费),可自由下载、安装和使用。
Csam Shield 支持哪些平台?
Csam Shield 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Csam Shield?
由 raghulpasupathi(@raghulpasupathi)开发并维护,当前版本 v1.0.0。
推荐 Skills