Stay safe in your job search

Community-powered platform for checking suspicious job offers and malicious coding test repositories. Submit a case — get an evidence-backed risk verdict you can share.

Report suspicious contact Browse cases

<2 min

to verdict

50+

signal rules

Open

appeal path

malicious

Score 87 / 100

Suspicious install scripts

+30

Exfiltration pattern: wallet paths

+30

Off-platform redirect

+20

package.json

"postinstall": "node ./setup.js"→ child_process.exec()

LinkedIn DMEmailTelegramWhatsAppDiscordGitHubPhoneOther

What happens on each submission

Automation handles intake, scanning, and scoring. Analysts step in for edge cases and appeals.

Repository scan

Clone and analyze public GitHub / Bitbucket repos for install hooks, obfuscated code, exfiltration patterns, and risky scripts.

Interaction signals

Detect urgency, off-platform redirects, domain mismatches, and other observable red flags using transparent, rule-based scoring.

AI-powered summary

Get a plain-language explanation of findings — grounded in evidence, never hallucinated.

How it works

Three steps from suspicious message to shareable, evidence-backed case page.

Paste the conversation

Drop the full recruiting thread into the form. We auto-extract repo links, persona names, companies, and contact channels — no manual field-filling needed.

Automated analysis

The worker clones the repo, runs static checks against 50+ malicious patterns, and applies rule-based signal scoring. Your narrative is anonymized before storage.

Shareable case page

Get a public, evidence-backed page with the risk verdict, signal breakdown, AI summary, and a clear path to appeal if the outcome looks wrong.

Got a sketchy DM or repo invite?

File it once. The case stays anchored to verifiable evidence — scan artifacts, risk signals, and the parts of the thread you choose to share.

Open the report form