NSFW Detector

Not safe for work (NSFW) detector check and scans videos and images to checks and removes explicit images off the form.
Reason it protect minors on the internet to the best of our ability.

Note: This isn't going to be 100% accurate, but it does pretty good. Also note this is ALL Machine Learning algorithm CNN and NLP

Please also, don't go accessing the dataset or in the network of inspect element unless you want to add more data for more efficient scans AND you're a legal adult. This does contain sensitive imagery that may not be good for some user, but this is for training of the AI purpose ONLY. So please don't sue me.

Update log

• 1.0.0 - Fully Released
• 1.0.1 - Fix the configuration settings to appropriate input.

How it works

The script will be loaded onto the website which will automatically blur everything out and will create a buffer so it makes it impossible to un-blur the image while it's being scanned and deleted, if the image goes above the threshold, it will be removed from the frontend, but NOT in the backend. It will also blur and remove bad words off the list

What images/Videos does it remove

• Pornographic imagery
• Children exploitation/Underage children
• Inappropriate Weapons (guns, bombs, and etc)
• Sexual acts and "toys"
• Sexual assault(SA)/Domestic violence(DV)
• Nudity

Feature updates

1. More datasets, but I also want to keep this lightweight.
2. Other things like bug fixes and/or user requests.
3. Detect uploaded Videos (Right now I believe Flatboard only supports image uploads and embedded 3rd party videos)

Internet safety laws

• COPPA (Children's Online Privacy Protection Act)
• ECPA (Electronic Communications Privacy Act)
• CIPA (Children's Internet Protection Act)
• GDPR (European Union’s General Data Protection Regulation)
• DSA (Digital Services Act)
• CCPA (California Consumer Privacy Act)

Download

Download the project here NSFWDetector - Github

📝 License

Copyright © 2025 Flatboard Team
This project is GPL3 licensed.

Download

Download the project here NSFWDetector - Github

Saving a topic description doesn't work, so here is the download link

Your resource has been approved and is now available in the resource center. Always useful! :)

Fred

I saw thank you. I have more ideas coming up.

@Fred
Are you able to fix the download it downloading a zip folder with a folder inside, are you able to modify the ZIP where only the files are inside so I'm not having Plugin_id/PluginName/assets_here just Plugin_name/assets_here

I don't understand, the archive only contains the plugin name as you can see in the screenshot.

If I understood your request correctly, you want the ZIP archive to not contain an extra folder (like Plugin_id/PluginName/), but only the plugin files in the root folder. To fix this, here’s what you can do:

1. Extract the ZIP file.
2. Move the files directly into the root folder (instead of keeping them in a subfolder like Plugin_id/PluginName/).
3. Recompress the files into a new ZIP archive without the extra folder.

I don't want the folder in the zip, so once it's unzip it should be a folder inside another fole then then the assets, just folder/assets

I don't want NSFW_Dectector.zip/NSFWDectector/assets just NSFWDectector.zip/assets

Why the Current Structure is the Correct Method

The current structure Plugin_id/PluginName/assets_here follows standard conventions for plugin and project archives. Here's why you should keep it this way:

Reasons to Keep the Parent Folder

1. Clear Identification: The outer Plugin_id folder immediately identifies which plugin was downloaded, especially when downloading multiple plugins.

2. Prevents Conflicts: Without this parent folder, extracting multiple plugins to the same directory could overwrite files or mix contents from different plugins.

3. Industry Standards: Most archive managers (GitHub, GitLab, npm, etc.) automatically create a root folder with the project name. This is a universally accepted practice across software development.

4. Security: This structure prevents accidental extraction of files directly to the root directory, which could cause security issues or system disorganization.

5. Professional Distribution: All professional software packages follow this pattern - it shows proper packaging practices.

The Standard Workflow

The expected user workflow is:

1. Download the ZIP file
2. Extract it once
3. Navigate into the folder structure
4. Access the plugin files

This is how software distribution works across the industry.

If You Still Want to Change It

If you absolutely prefer PluginName/assets_here directly, the proper solution is to adjust your extraction process on your end, not modify the archive structure. You could:

• Extract and manually reorganize
• Use a script to restructure after download
• Extract only the inner contents

However, I strongly recommend keeping the current structure as it follows best practices for software distribution and will be familiar to all users.

Fred

Alright, that's fine.

Updated 1.0.2

• Added German Language: Thanks @JPRuehmann

https://github.com/XHiddenProjects/Flatboard/blob/master/Downloads/v5/plugins/NSFWDectector.zip

If I Try to Download I get only a blank Screen or a 404 Error.

Hi @Gavin, I went through the NSFWDectector code there's a fair amount to fix.

Security

Critical

• XSS via JS injection The forbidden words list and replacement character are interpolated raw into a <script> block with no escaping (NSFWDetector.php:214-216). A word containing ' or </script> executes arbitrary JavaScript for every visitor. Use json_encode() instead of string interpolation.
• XSS via innerHTML (index.js:7) The replacement string goes directly into the DOM. If it contains <, >, or ", it renders arbitrary HTML. Use textContent or escape it first.
• Synchronous XHR (spell_checker.js:208) xhr.open('GET', url, false) fires a blocking Wikipedia request for every word token on every page load. The browser tab freezes until all requests finish or time out. Synchronous XHR is also deprecated.

  High

• ReDoS / crash (index.js:6) Banned words go straight into new RegExp(w) with no metacharacter escaping. Something like c++ or c# throws a SyntaxError that kills the whole script, image detection included. Fix: run w.replace(/[.*+?^${}()|[\]\\]/g, '\\$&') before passing to RegExp.
• Wrong settings key (NSFWDetector.php:216) The code reads text_forbidden_word_replace but plugin.json defines it as forbidden_word_replace. The replacement is always empty.
• ReferenceError when word filter is off — With switch_enable_filter_words disabled, nsfwbannedWords and nsfwbannedWordsReplace are never declared. index.js still references them unconditionally, throws, and takes image detection down with it.
• CSS blurs the whole site index.css applies img, video { filter: blur(50px); } globally from initial paint. That's the logo, avatars, admin UI, everything — blurred until the ML comparison resolves, which may never happen for some images. Scope it to post content only.

  Medium

• Plugin::get()['data'] instead of Plugin::getData() not null-safe, fatal error if plugin data is absent.
• == null instead of === null can silently overwrite admin config with defaults if the value is an empty array.
• scandir() filenames injected raw into JS a crafted filename in the datasets folder injects JavaScript.

The JS payload

The plugin ships a full custom ML library but uses almost none of it. Here's what actually loads at runtime:

index.js
 └── artificial_intelligence.class.js  (1778 lines)
      └── spell_checker.js             (229 lines, used by NLP not CNN)

And what gets shipped but never imported:

artificial_intelligence.class.js has three classes: NLP, CNN, and VoiceMimic. Only CNN is used. The actual comparison logic (MSE, SSIM, pHash, histogram) is around 150–200 lines. Everything else NLP pipeline, voice mimic, spell checker, the entire reinforcement learning library — loads on every page for every visitor and does nothing.
The whole mljs/ folder can be replaced with a single small cnn.js.

Smaller things

• Folder typo: the directory is NSFWDect**e**tor but plugin.json and the class say NSFWDetector.
• Missing languages: pt.json and zh.json are absent (5 required).
• Flat JSON in language files — project requires nested format.
• Key mismatch in saveData: defaults say forbidden_word_replace, plugin.json says text_forbidden_word_replace.
• O(N⁴) DCT (artificial_intelligence.class.js:663) — runs synchronously on the main thread. 20 images on a page means roughly 126 million iterations before the tab can do anything else.

Can you please fix the archive in resource manager please.