Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.This project is not covered by Drupal’s security advisory policy.
A powerful Drupal module that protects your site from toxic language and spam by scanning user submissions using customizable local keywords and external AI moderation APIs. Built with community safety in mind, it provides a pluggable architecture to evaluate and intercept content before it is saved to your database.
Features
- Dual-Scanner Engine: Combine simple, case-insensitive prohibited keyword matching with advanced AI toxicity scanning.
- Pluggable Architecture: Built on Drupal's Plugin API, allowing developers to easily write custom plugins for new AI providers (e.g., Hugging Face, OpenAI).
- Form Interception: Securely blocks toxic submissions during entity form validation and provides graceful messenger warnings.
- Granular Targeting: Select exactly which entity types (e.g., Nodes, Comments) and specific fields (e.g., Body) should be scanned.
- Smart Bypass: Includes a dedicated bypass permission for administrators and trusted roles.
Post-Installation
Once the module is installed, it will not block content until configured. Navigate to Configuration > Content authoring > Toxic Spam Detector (/admin/config/content/toxic-spam-detector). Add your comma-separated list of prohibited keywords, select the target entity types/fields, and optionally enable AI scanning by providing an external API endpoint and toxicity threshold. Ensure normal users do not have the bypass permission.
Additional Requirements
This module is designed for Drupal 10.3+ and Drupal 11. It relies on Drupal Core's HTTP Client (Guzzle) to make outbound requests to external APIs. No external PHP libraries are required.
Recommended modules/libraries
- Key Module: Highly recommended for securely managing and storing your AI API tokens, rather than saving them in plain text configuration.
Similar projects
While modules like Honeypot and Antibot focus on preventing automated bot submissions via invisible form fields, Toxic Spam Detector differs by analyzing the actual semantic meaning and toxicity of the submitted text, catching human trolls and sophisticated AI-generated spam.
Supporting this Module
This project was initially developed as part of Google Summer of Code (GSoC) 2026 in collaboration with the Drupal Association. Contributions, issue reports, and patches are highly welcomed in the issue queue!
Community Documentation
Further documentation regarding API contracts and JSON payloads for external AI integrations can be found in the module's README.txt file.
Project information
- Project categories: Artificial Intelligence (AI)
- Created by talhaa on , updated
This project is not covered by the security advisory policy.
Use at your own risk! It may have publicly disclosed vulnerabilities.
