Metsuke Interview Guard

Before you review the code,
let Metsuke take a look.

That hiring "take-home assignment" may be bait. The moment you open a source file on GitHub, GitLab, or Bitbucket, Metsuke analyzes it locally in your browser and warns you when it shows traits of the DPRK fake-interview campaign (Contagious Interview). It only warns — never blocks, modifies, or uploads.

Add to Chrome (load unpacked) View the source
Backed by threat intel 100% local analysis Zero data collection
github.com/acme-trading/take-home/blob/main/trade-utils.js
No collection, no transmission, no selling No accounts · no tracking · no telemetry Read-only — never rewrites pages No remote code
What it detects

How attackers hide code in plain sight

Every detection maps to published threat intelligence on the Contagious Interview / DeceptiveDevelopment campaign. Nothing is guesswork.

Off-screen hidden code

Malicious loaders pushed past the right edge of the screen or buried after long runs of whitespace — invisible on the web page, executed the moment you clone and run.

family: hidden

Obfuscated C2 addresses

Spliced / encoded IP:port strings, and command-and-control ports 1224 / 1244 known to be abused by the campaign.

family: c2
ƒ

Decode-then-execute loaders

eval / Function / atob→eval chains — decode first, then run attacker-controlled code.

family: exec

Install scripts that download & run

package.json lifecycle hooks that download and execute code — or connect straight to a raw IP — during npm install.

family: install

Wallet & credential theft

Info-stealer paths touching crypto wallets (MetaMask, Phantom, Exodus…), keychains, browser login data — plus SSH public-key backdoors.

family: steal

"Run on open" config files

VS Code tasks (folderOpen), husky git hooks, Claude Code hooks — things that execute for you the moment a project opens.

family: agentic
𝚄+

Invisible injection in AI instruction files

Hidden characters in files that instruct AI coding assistants (CLAUDE.md, .cursorrules…) — invisible to you, but the AI follows them. Metsuke checks these right from the repo home page.

family: agentic

Full detection rules ↔ threat intel mapping →

How it warns

Two alert levels, built to minimize false positives

Every rule carries severity × confidence × family. A single, easily misjudged signal gets a quiet amber notice; a high-confidence signal or a multi-stage combination of ≥2 families escalates to the full coral frame.

Alarm — coral frame

High-confidence signals, or multi-stage combos

A known C2 port, a wallet path, invisible injection characters — or ≥2 distinct attack families in one file. That's almost never a coincidence.

Caution — amber notice

A single, easily misjudged signal

A legitimate postinstall can use curl; backup tools touch profile folders too. Here the tone stays low-key, with one click to copy a neutral summary for an AI assistant you trust — nothing is sent automatically.

Privacy

A tool that reads code
shouldn't read you.

All analysis happens locally in your browser. The only network request fetches the raw source of the file you are already viewing, from the same code host you are already on — because rendered pages often hide code off-screen, and accurate analysis needs the true source.

Read the full privacy policy →
Zero collection — no personal data, browsing history, page content, or analysis results
Zero upload — fetched source is analyzed in memory, never logged or persisted
Zero third parties — no third-party servers, no analytics, no telemetry
Only two stored settings — the on/off switch and your trusted-repo list (chrome.storage.sync)
No remote code — all rules and logic ship in the package; no external scripts
Languages

Speaks your browser's language

🇺🇸English 🇹🇼繁體中文 🇯🇵日本語