AI-Powered Security Scanner

Know if code is safe
before you run it.

Analyze any GitHub repository in seconds. Detect malware, exposed secrets, and suspicious patterns.

3 free scans. No signup required.

See how it works

Trusted by developers from

GitHubVercelSeedify

You've cloned a repo. Now what?

Every day, developers unknowingly run malicious code. Don't be one of them.

Fake Technical Tests

Job offers that look legitimate but contain hidden malware targeting developers.

Exposed Secrets

API keys, private wallets, and credentials accidentally committed to public repos.

Malicious Scripts

postinstall hooks that silently exfiltrate your data or compromise your system.

Simple Process

Three steps to safer code

Paste

Enter any public GitHub repository URL

Scan

AI analyzes every file, dependency, and script

Know

Get a risk score and detailed findings report

What SIGIL detects

Comprehensive security analysis powered by AI

Exposed Secrets

API keys, private keys, tokens, and credentials

Suspicious Dependencies

Known malicious packages and typosquatting

Dangerous Scripts

postinstall, preinstall, and lifecycle hooks

Obfuscation Patterns

eval(), base64 encoding, hex strings

Hidden Files

Suspicious dotfiles and directories

External URLs

Data exfiltration endpoints and suspicious links

Ready to scan your first contract?

Analyze smart contracts by address or paste your Solidity code directly.

Know if code is safebefore you run it.

You've cloned a repo. Now what?

Fake Technical Tests

Exposed Secrets

Malicious Scripts

Three steps to safer code

Paste

Scan

Know

What SIGIL detects

Exposed Secrets

Suspicious Dependencies

Dangerous Scripts

Obfuscation Patterns

Hidden Files

External URLs

Ready to scan your first contract?

Know if code is safe
before you run it.