Built for the Mesh API Hackathon (Dhruv Rathee × Mesh API, July 2026).
Every day, people in India get a fake "your KYC will expire," a "you've won ₹25 lakh," a "digital arrest" call, a courier-customs fee demand. Scam Shield tells you — in seconds — whether a message is a scam, why, exactly what to do, and gives you a warning you can forward so no one else in your family falls for it.
Paste any suspicious SMS / WhatsApp / email / UPI request →
- Verdict + risk meter — 🔴 Scam / 🟡 Suspicious / 🟢 Likely safe (0–100).
- The scam's name — "KYC phishing," "digital-arrest scam," "courier/customs fee," etc.
- Red flags — the exact manipulation tactics it used.
- What to do — clear steps, and a recovery mode ("already paid/shared OTP?" → call 1930, report at cybercrime.gov.in, freeze your card).
- Teach-me — how to spot this kind of scam next time.
- A one-tap "Warn your family" card — copy or WhatsApp-forward a ready-made warning.
It replies in the language of the message (English, Hindi, Hinglish, …).
Every AI call routes through a single module — app/mesh_client.py —
which points the OpenAI SDK at https://api.meshapi.ai/v1. Each scan is one
chat completion: a scam-expert system prompt + your message → a structured JSON
verdict. Nothing else in the code touches a model.
Cheap by design: default model is gpt-4o-mini and output tokens are capped,
so a scan costs ~$0.0004 — thousands of scans per dollar.
Scam detection is reasoning, not lookup. The system prompt in
app/analyze.py encodes India-specific scam playbooks and the
golden safety rules (banks never ask for OTP/PIN via links; "digital arrest"
isn't real; a UPI PIN only sends money), so the model reasons like a cyber-crime
expert on any message you paste.
| File | Job |
|---|---|
app/mesh_client.py |
The one door to Mesh. OpenAI SDK → Mesh gateway. One call per scan, token-capped. |
app/analyze.py |
The scam-expert prompt + JSON parsing → a clean verdict. |
app/main.py |
FastAPI. Serves the page; POST /api/check returns the verdict. |
app/config.py |
Model + settings. |
static/ |
Single-page UI: paste → verdict, red flags, actions, recovery, shareable warning. |
python3 -m venv .venv && source .venv/bin/activate
pip install -r requirements.txt
cp .env.example .env # paste your mesh_sk_... key into it
uvicorn app.main:app --reload --port 8000Open http://localhost:8000. No key? It runs in demo mode (canned verdicts, zero cost) so you can explore the UI.
Ships with a Render Blueprint (render.yaml):
- Push this repo to GitHub (public).
- On render.com → New → Blueprint → pick the repo.
- Set the secret
MESH_API_KEYin the Render dashboard (never in the repo). - Deploy → you get a live
https://…onrender.comURL.
A small in-memory rate limit and a hard output-token cap keep the deployed key cheap and abuse-resistant.