Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
DoubleCheck is positioned as a security-awareness tool that helps you “check before you reply, click, or run.” It covers two main scenarios: first, risk scanning for private messages on LinkedIn, Facebook Messenger, and Telegram Web, identifying fake jobs, phishing, cryptocurrency bait, impersonation, and payment manipulation; second, malware checks for public GitHub repositories or ZIP files, plus Secret Leak Check to detect exposed API keys, credential files, .env files, private keys, and leak traces in git history.
Deployment is mainly via a Chrome extension and web-based tools. Accounts are optional, and the extension and web tools share the same account. The free version requires users to manually trigger scans, while the Pro version can automatically scan chats when opened and provide instant alerts. Results are presented as risk scores, explanations of suspicious patterns, and basic or full reports. On the code side, it supports Repo Scanner and Secret Leak Check. According to the official description, secret detection uses static, deterministic rules: it does not run code, does not call vendor APIs to validate keys, and does not send raw secrets to AI. For DM message scanning, message text is sent to an AI service for analysis, but DoubleCheck states that it does not store full conversations or chat history.
Pricing is straightforward: Free costs $0 and includes 5 manual scans per day, basic warnings, limited job-risk scanning, and basic previews for Repo and Secret checks. Pro costs $12.99/month and includes automatic DM scanning, a soft limit of 200 scans/day, unlimited job-risk scanning, 5 full Repo scans per day, and 10 Secret Leak reports. Users can also pay $3.99 on demand to unlock a single full Repo or Secret report.
Its strengths are that it covers common personal risk scenarios: recruitment scams, DM phishing, running unfamiliar code, and secret leaks. It is easy to get started with and suitable for non-security users. Its privacy wording is also relatively clear, especially around the handling of raw secrets in Secret Leak checks. The downsides are that the official materials explicitly stress it is not a security guarantee, so both false positives and false negatives are possible. Platform support is limited, and there is no clear evidence yet of team management, centralized auditing, SIEM integration, SLA, or compliance certifications. The depth of its malware detection is also not explained in sufficient technical detail, so it cannot replace a professional code audit.
DoubleCheck is better suited to individuals, freelancers, developers, and small teams who frequently use overseas social and hiring platforms, and who want a quick pre-check before replying to suspicious offers or running unfamiliar repositories. For enterprise-grade anti-phishing, DLP, or code supply-chain governance needs, a more mature platform is still recommended. The main materials do not state its accessibility from China. Related services such as the Chrome Web Store, LinkedIn, Telegram, and Stripe may be affected by network and payment conditions in mainland China, so access is considered unknown here. Users should test network reachability and payment availability before relying on it.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on doublecheckhq.com official site.
doublecheckhq.com is an United States Security provider. TG4G tracks its product information, an overall rating of 8.0/10, and a China-accessibility score of Workable. Click "Visit Official Site" to reach doublecheckhq.com directly.