← 返回 Skills 市场
canvinus

Mind Security

作者 Andrey Gruzdev · GitHub ↗ · v1.2.4 · MIT-0
cross-platform ⚠ suspicious
430
总下载
3
收藏
1
当前安装
7
版本数
在 OpenClaw 中安装
/install mind-security
功能描述
AI security toolkit — deepfake detection, prompt injection scanning, malware/phishing URL scanning, and AI text detection. Use when: (1) verifying if an imag...
安全使用建议
This package generally implements what it claims, but there are metadata and requirement inconsistencies you should resolve before installing or providing credentials. Things to consider: - Only provide API keys you intend to use. BitMind and GPTZero are needed for their respective modules; VirusTotal/URLScan/Google Safe Browsing are optional and should not be treated as mandatory. - The registry's requirement for curl/wget appears unnecessary — the scripts use Python's urllib. Ask the publisher why curl/wget are marked required and refuse to provide unrelated binaries or run in environments that don't need them. - The prompt-injection module includes real attack patterns in its docs; the pre-scan detection of injection strings is expected. This is not proof of maliciousness. - The optional llm-guard ML layer downloads a ~500MB model to the user's cache on first use — plan for disk and network usage and review that library if you enable it. - The skill sends user content to third-party APIs (BitMind, GPTZero, VirusTotal, URLScan, Google Safe Browsing). If you will analyze sensitive data, isolate network access, use dedicated API keys with limited scope, and confirm the vendors' privacy policies. - Recommended next steps: contact the skill publisher (repo homepage) to correct registry metadata (mark optional keys as optional, remove unnecessary curl/wget requirement), or inspect/modify the scripts locally before use. If you need higher assurance, prefer running the scripts in an isolated environment or review the full code paths for any truncated parts.
功能分析
Type: OpenClaw Skill Name: mind-security Version: 1.2.4 The mind-security skill bundle is a legitimate AI security toolkit providing deepfake detection, prompt injection scanning, malware URL scanning, and AI text detection. The scripts (check_ai_text.py, check_deepfake.py, check_malware.py, check_prompt_injection.py) are well-structured, use Python's standard library for network requests, and interact with reputable third-party APIs like BitMind, GPTZero, VirusTotal, and URLScan.io. The bundle is transparent about data handling, requires explicit API keys for external services, and contains no evidence of malicious intent, data exfiltration, or unauthorized execution.
能力评估
Purpose & Capability
The name/description (deepfake, prompt-injection, malware URL, AI-text detection) matches the included scripts and reference docs. Each script uses the API keys you'd expect (BitMind for deepfakes, GPTZero for AI-text, VirusTotal/URLScan/Google Safe Browsing for URL scans). However, the registry metadata claims all listed env vars are required, while the README and code indicate several (VirusTotal, URLScan, Google Safe Browsing) are optional. The metadata also demands one of curl/wget even though the Python scripts use urllib and do not call those binaries — that requirement is disproportionate.
Instruction Scope
SKILL.md instructs the agent to run the included Python scripts and documents which third-party APIs will be contacted. The scripts appear to only send the user-provided artifact (text, URL, or media) to the declared vendor endpoints. There are no instructions asking the agent to read unrelated system files or secrets. Example prompt-injection test strings (e.g., 'ignore all previous instructions') appear in the docs because the module is explicitly a prompt-injection detector; this is expected.
Install Mechanism
There is no install spec — instruction-only with code files (scripts) included. Core operation uses stdlib; optional dependency llm-guard is documented for Layer 2 (ML) of prompt-injection, and its model download (~500MB) is noted. No remote arbitrary downloads are performed by the skill itself during install. Overall low install risk, but users should expect optional large model downloads if they enable ML layer.
Credentials
Registry requires BITMIND_API_KEY, GPTZERO_API_KEY, VIRUSTOTAL_API_KEY, URLSCAN_API_KEY, GOOGLE_SAFE_BROWSING_KEY. The code and docs show BitMind and GPTZero are required for their respective features, but VirusTotal/URLScan/Google Safe Browsing are optional (local heuristics run without keys). Declaring all of them as required is disproportionate and could trick users into supplying unnecessary credentials. Primary credential set to BITMIND_API_KEY is plausible but not strictly justified as the 'primary' across all use cases.
Persistence & Privilege
The skill does not request always:true and is user-invocable. It does not modify other skills or system configs. No evidence of persistent background behavior beyond running the scripts. Optional llm-guard model caching uses user's ~/.cache/huggingface which is normal for that library.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install mind-security
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /mind-security 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.4
Declare third-party API secrets and telemetry in metadata; reword injection detection descriptions; add Security & Privacy section
v1.2.3
fix: use browser-compatible User-Agent headers to bypass Cloudflare bot protection on BitMind and GPTZero APIs
v1.2.2
Restore full deepfake detection with video support, --fps, --debug flags aligned with subnet API
v1.2.1
Revert deepfake detection to original image-only implementation
v1.2.0
Multi-layer prompt injection (regex + llm-guard ML), GPTZero AI text detection, VirusTotal/URLScan malware scanning, deepfake video detection with --fps and --debug flags
v1.1.0
Add video detection, absurdity analysis, any-URL support, Subnet 34 docs
v1.0.0
Initial release — deepfake detection via BitMind API
元数据
Slug mind-security
版本 1.2.4
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 7
常见问题

Mind Security 是什么?

AI security toolkit — deepfake detection, prompt injection scanning, malware/phishing URL scanning, and AI text detection. Use when: (1) verifying if an imag... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 430 次。

如何安装 Mind Security?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install mind-security」即可一键安装,无需额外配置。

Mind Security 是免费的吗?

是的,Mind Security 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Mind Security 支持哪些平台?

Mind Security 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Mind Security?

由 Andrey Gruzdev(@canvinus)开发并维护,当前版本 v1.2.4。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论