fraudshield-knowledge-graph-empowered

Installation
SKILL.md

FraudShield: Knowledge Graph Empowered Fraud Defense for LLM Inputs

This skill enables Claude to detect and defend against fraudulent content embedded in text that will be processed by LLMs. It implements the FraudShield framework (WWW 2026), which constructs a weighted bipartite knowledge graph linking suspicious keywords to four canonical fraud tactics, prunes low-confidence and ambiguous associations, then augments the original input with XML-tagged keywords and supporting evidence. This structured augmentation guides any downstream LLM toward fraud-aware, interpretable responses rather than blindly trusting manipulative content.

When to Use

  • When the user asks to analyze an email, message, or document for scam indicators or fraudulent intent
  • When building an automated pipeline (contract review, job application screening, customer support) that needs fraud resilience
  • When the user wants to understand why specific text is suspicious, not just whether it is
  • When reviewing job postings, service offers, relationship messages, or phishing attempts for red flags
  • When implementing a defense layer that wraps LLM inputs with fraud-detection metadata before inference
  • When the user asks to build a content moderation or trust-and-safety filter for text inputs

Key Technique

FraudShield categorizes fraud manipulation into four canonical tactics: Urgency Pressure (time constraints, scarcity, fear-based imperatives), Suspicious Information (malformed URLs, unrealistic offers, geographic anomalies), Sensitive Requests (credential harvesting, disguised verification, data inconsistencies), and Credibility Claims (authority assertions, professional jargon, real-event name-dropping). Every piece of fraudulent text employs one or more of these tactics, and the framework's power comes from systematically mapping keywords to them.

The core innovation is a weighted bipartite graph connecting keyword clusters to fraud tactics. Keywords are extracted from the input and scored 0-10 for association strength with each tactic, along with a rationale explaining the association. Overlapping keywords are clustered (e.g., "jdfinance.cn" and "jdfinance" collapse into one cluster). Edges with confidence below a threshold (default tau=5) are pruned, and each keyword cluster is disambiguated to its single strongest tactic. This eliminates false positives on benign text while retaining high-signal associations.

Installs
1
GitHub Stars
6
First Seen
14 days ago
fraudshield-knowledge-graph-empowered — ndpvt-web/arxiv-claude-skills