Skip to content

ASROYAL/scam-shield

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

🛡️ Scam Shield — Is this message a scam?

Built for the Mesh API Hackathon (Dhruv Rathee × Mesh API, July 2026).

Every day, people in India get a fake "your KYC will expire," a "you've won ₹25 lakh," a "digital arrest" call, a courier-customs fee demand. Scam Shield tells you — in seconds — whether a message is a scam, why, exactly what to do, and gives you a warning you can forward so no one else in your family falls for it.

Paste any suspicious SMS / WhatsApp / email / UPI request →

  • Verdict + risk meter — 🔴 Scam / 🟡 Suspicious / 🟢 Likely safe (0–100).
  • The scam's name — "KYC phishing," "digital-arrest scam," "courier/customs fee," etc.
  • Red flags — the exact manipulation tactics it used.
  • What to do — clear steps, and a recovery mode ("already paid/shared OTP?" → call 1930, report at cybercrime.gov.in, freeze your card).
  • Teach-me — how to spot this kind of scam next time.
  • A one-tap "Warn your family" card — copy or WhatsApp-forward a ready-made warning.

It replies in the language of the message (English, Hindi, Hinglish, …).

How it uses Mesh (the one rule)

Every AI call routes through a single module — app/mesh_client.py — which points the OpenAI SDK at https://api.meshapi.ai/v1. Each scan is one chat completion: a scam-expert system prompt + your message → a structured JSON verdict. Nothing else in the code touches a model.

Cheap by design: default model is gpt-4o-mini and output tokens are capped, so a scan costs ~$0.0004 — thousands of scans per dollar.

Why it's accurate without live data

Scam detection is reasoning, not lookup. The system prompt in app/analyze.py encodes India-specific scam playbooks and the golden safety rules (banks never ask for OTP/PIN via links; "digital arrest" isn't real; a UPI PIN only sends money), so the model reasons like a cyber-crime expert on any message you paste.

Architecture

File Job
app/mesh_client.py The one door to Mesh. OpenAI SDK → Mesh gateway. One call per scan, token-capped.
app/analyze.py The scam-expert prompt + JSON parsing → a clean verdict.
app/main.py FastAPI. Serves the page; POST /api/check returns the verdict.
app/config.py Model + settings.
static/ Single-page UI: paste → verdict, red flags, actions, recovery, shareable warning.

Run it

python3 -m venv .venv && source .venv/bin/activate
pip install -r requirements.txt
cp .env.example .env        # paste your mesh_sk_... key into it
uvicorn app.main:app --reload --port 8000

Open http://localhost:8000. No key? It runs in demo mode (canned verdicts, zero cost) so you can explore the UI.

Deploy (free, public URL)

Ships with a Render Blueprint (render.yaml):

  1. Push this repo to GitHub (public).
  2. On render.comNew → Blueprint → pick the repo.
  3. Set the secret MESH_API_KEY in the Render dashboard (never in the repo).
  4. Deploy → you get a live https://…onrender.com URL.

A small in-memory rate limit and a hard output-token cap keep the deployed key cheap and abuse-resistant.

About

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors