Free preview. Full report $3.99.

Scan a GitHub repo before you run it.

DoubleCheck audits any GitHub repo or ZIP for malicious install scripts, hidden payloads, and obfuscated code. Get a free preview, then unlock the full report for $3.99.

Built for code you didn't fully write yourself — exports from Cursor, Lovable, Bolt, v0, Replit, and ChatGPT-generated repos.

What we check before you run it

Install scripts that run before you even open the app

Custom startup files that execute hidden logic

Dynamic execution like eval(), Function(), or encoded payloads

Hidden payloads in assets, including SVG comments

Browser profile, token, cookie, and credential access patterns

Suspicious downloads, hardcoded IPs, or remote command chains

Private repo?

Export a ZIP from your machine and upload it here.

We only read files statically — no install, no build, no execution.

Pricing

Free preview:
Risk level, warning counts, and a preview of what was found

Full report:
Affected files, exact lines, snippets, and AI explanation

$3.99 one-time

FAQ

Do you run my code?

No. The scanner only reads text from the repo or ZIP.

We never run npm, node, Python, shell scripts, binaries, builds, or installs.

Do you store secrets?

Secrets are redacted before anything is saved or sent to AI.

What are the limits?

ZIPs are capped at 50 MB. Free scans are limited to 3 per day per IP. Large files and binary files are skipped.

What is the refund policy?

Email us and we refund. No questions asked.