Windshock Lens

Windshock Lens triages suspicious links and pages directly inside Chrome — before you click, before the page steals credentials, before a malicious download lands on disk. It is built for the gray zone that Chrome Safe Browsing and standard endpoint security tools miss: zero-hour brand-impersonation pages on free hosting platforms (workers.dev, pages.dev, firebaseapp.com, vercel.app, …), AI-client lookalikes, fake software download pages, and ClickFix shell-payload tricks.

How it works

Windshock Lens combines four independent signal layers:

1. Browser-side page extraction — the DOM, forms, links, clipboard writes, and downloads triggered by the target page are collected without sending the page anywhere.

2. On-device Gemini Nano LLM — Chrome's built-in language model evaluates the extracted signals locally. Page content, URLs, and OCR text never reach an external LLM API.

3. Deterministic security rules — hard evidence (shell payload on clipboard, dangerous URI schemes, auto-downloads, phishing-kit fingerprints) yields a verdict without the LLM. Brand-to-domain mismatch overrides catch impersonation patterns the LLM misses.