LinkLens

A privacy-first Chrome extension (Manifest V3) that warns you when a link or website is impersonating a trusted brand — paypaI.com (capital “i”), gogle.com, login-paypal.com — and lets you check any link’s reputation against 90+ security engines on demand.

All detection runs locally. Nothing leaves your browser unless you explicitly ask for a reputation check.

tests manifest license

What it does

1. Page-level impersonation warning. When you land on a site whose domain imitates a known brand, a banner warns you and offers to take you back.

2. Link-hover safety read (instant, local). Hover any link and a tooltip shows, with no network call:

3. On-demand reputation check (opt-in, your own key). A “Check security of this link” button queries VirusTotal for that one link and shows a band (Low / Medium / High / Extremely high). Lookups happen only when you click, are cached, and are rate-limited — so the free API quota is never spent automatically.

Detection logic (highlights)

Where it works / doesn’t

Context Works?
Regular web pages (search, articles, social feeds) ✅ Yes
Outlook web email message bodies ✅ Yes
Non-sandboxed ad / embed frames ✅ Partial
Gmail message bodies ❌ No — Gmail sandboxes its message iframes; Chrome blocks all content scripts there
Cross-origin sandboxed ad frames (e.g. SafeFrame) ❌ No — sandbox blocks injection
chrome:// pages, Web Store, PDF viewer, error pages ❌ No — Chrome blocks all extensions

The single root cause of every “no” is the same: cross-origin sandboxed iframes deliberately block script injection. This is a browser security feature, not a bug in the extension.

Project structure

manifest.json     Manifest V3 config (permissions: storage; optional: virustotal.com host)
background.js     Service worker: per-tab state, badge, tooltip text, gated reputation calls
content.js        Top-frame page banner + risk-signal scan
linkhover.js      Link-hover tooltip (local read + on-demand reputation button)
lookalike.js      Pure detection engine (brand matching, normalization, risk signals)
reputation.js     Opt-in VirusTotal provider (BYO key, caching, rate-limit accounting)
popup.html/.css/.js   Toolbar UI: status, watched brands, trusted sites, key entry
icons/            16 / 48 / 128 px shield icons
test/run-tests.js Dependency-free unit tests (57 cases)
PRIVACY.md        Privacy policy (host this publicly for the store listing)
STORE_LISTING.md  Copy-paste text + privacy answers for the Web Store form

Load and test locally

  1. chrome://extensions → enable Developer mode (top-right).
  2. Load unpacked → select this folder.
  3. Visit a normal site, then hover links to see the tooltip. To see a warning safely, see test/ notes or hover a known typosquat-style demo link.
  4. After any code change: click reload (↻) on the card, then hard-refresh the page (Ctrl+Shift+R). After a manifest change, remove + load unpacked again.

Run the unit tests

node test/run-tests.js     # expect: 57 passed, 0 failed

Reputation feature (optional)

Reputation checks require your own free VirusTotal API key (https://www.virustotal.com/gui/my-apikey). Paste it into the extension popup; it is stored only in chrome.storage.local on your device and is sent only to VirusTotal when you initiate a check. VirusTotal’s public API is for non-commercial use; this extension uses your personal key under their terms.

Privacy

No analytics, no tracking, no remote code, no developer-operated server. The only outbound network call is the optional, user-initiated VirusTotal lookup (domain name only). See PRIVACY.md.

License

Apache-2.0 — see LICENSE.

Developed by Apoorva Kumar.

This site is open source. Improve this page.