Windshock Lens

Name: Windshock Lens
Author: windshock

Private, on-device scam and phishing analysis for your browser. Chrome built-in Gemini Nano + deterministic security rules.

As of June 2026, Windshock Lens has — users in the Privacy & Security category.

windshock Privacy & Security

Chrome Web Store ↗.crx

Users0%

—

Rating0%

—

— reviews

Reviews0%

—

Version

0.2.3

Manifest V3

History

1 snapshots

Tracking since Jun 5, 2026.

Not enough history yet for this metric — the chart fills in as we collect more snapshots.

View as table

Date	Users	Rating	Reviews	Version
Jun 5, 2026	—	—	—	0.2.3
Now	—	—	—	0.2.3

Permissions & access

Permissions: contextMenustabsscriptingstoragenotificationsoffscreendownloadsactiveTabbookmarkshistorytopSites
Host access: <all_urls>

Screenshots

About

Windshock Lens triages suspicious links and pages directly inside Chrome — before you click, before the page steals credentials, before a malicious download lands on disk. It is built for the gray zone that Chrome Safe Browsing and standard endpoint security tools miss: zero-hour brand-impersonation pages on free hosting platforms (workers.dev, pages.dev, firebaseapp.com, vercel.app, …), AI-client lookalikes, fake software download pages, and ClickFix shell-payload tricks.

How it works

Windshock Lens combines four independent signal layers:

1. Browser-side page extraction — the DOM, forms, links, clipboard writes, and downloads triggered by the target page are collected without sending the page anywhere.
2. On-device Gemini Nano LLM — Chrome's built-in language model evaluates the extracted signals locally. Page content, URLs, and OCR text never reach an external LLM API.
3. Deterministic security rules — hard evidence (shell payload on clipboard, dangerous URI schemes, auto-downloads, phishing-kit fingerprints) yields a verdict without the LLM. Brand-to-domain mismatch overrides catch impersonation patterns the LLM misses.
4. Ownership corroboration — RDAP + Certificate Transparency lookups for the target domain confirm or contradict the LLM's brand identification.

What it actually catches

- Brand-mimic pages on workers.dev / pages.dev / firebaseapp.com / appspot.com hosting
- ClickFix attacks that paste curl ... | sh into your clipboard via fake "verify you are human" buttons
- AppleScript / ms-msdt / vbscript URI scheme abuse
- Phishing kits using clearbit logos, screenshotmachine, atob() URL hiding, Telegram/Discord webhook exfiltration
- Auto-downloads of executable installers from phishing-hosted pages — the download is paused, the host is scanned, then cancelled and erased if phishing

What stays on your device

- Page content, URLs, OCR text — processed only by the local Gemini Nano model
- Bookmarks, history, top sites — read only, never transmitted (used to mark sites you already trust)
- Verdicts and denylist hashes — stored in chrome.storage local to your profile

What leaves your device

- The bare domain name of each scanned host goes to public WHOIS / RDAP / Certificate Transparency services (yesnic / rdap.org / crt.sh) to verify domain ownership. No page content, no path, no query string, no user identity.

Requirements

- Chrome 138 or later
- Gemini Nano on-device model (~2 GB, one-time download). Enable at chrome://on-device-internals.

Full privacy policy: https://github.com/windshock/lens/blob/main/docs/privacy.md
Source code and issue tracker: https://github.com/windshock/lens

Technical

Version: 0.2.3
Manifest: V3
Size: 19.07MiB
Min Chrome: 138
Languages: 1
Featured: No

Metadata

ID: onoidkggfajnhmhmfhdkbohcapmflmma
Developer ID: ued45d2fa4ce3b9519f4e8a20672d02e2
Developer Email: [email protected]
Created: Jun 4, 2026
Last Updated (Store): Jun 4, 2026
Last Scraped: Jun 11, 2026
Website: https://windshock.github.io/
Support URL: https://github.com/windshock/lens/issues
Privacy Policy: https://github.com/windshock/lens/blob/main/docs/privacy.md

Data sourced from the Chrome Web Store · last verified Jun 11, 2026.