Paste any link or weird message. Seclum's LLM agent reads it the way a careful person would — and tells you exactly why it trusts it, or doesn't. In seconds, with the receipts.
Every verdict comes from an agent that reads the input the way a careful person would, then shows you the signals it spotted — typosquatting, urgency pressure, suspicious redirects. No black box. No blacklists.
What you paste is hashed before it's written down. We keep the hash and the verdict — never the original. Delete your account and the trace is gone in 30 seconds, no email back-and-forth.
The free tier is real and stays real. No subscription, no auto-renew. Need more? Buy credits — $5, $20, $50 — that never expire.
A URL from a text. A weird email body. A QR-redirect destination. Whatever's making you hesitate — paste it in the box.
What you sent is hashed straight away — only the hash gets written down. The agent then reads what's safe to read (the domain, the redirect chain, the page text) and forms a view.
Safe, Suspicious, or Scam — with the specific signals the agent caught laid out in plain English. You decide what to do. You stay in control.
No subscription. No auto-renew. Buy credits when you want them; they never expire.
Five reasoned checks every 24 hours, no card. The free quota refills on a rolling 24-hour window — each check “expires” off your tally 24 hours after you made it. A free account takes ten seconds — email or social sign-in via Clerk, no payment details asked. If you need more, the smallest credit pack is $5 and credits never expire.
No. What you paste is hashed before it's written to any database. We keep the hash (so if you check the same link again, we recognise it) and the verdict text. The original input lives in memory for the call and then it's gone — there's no column in our database for raw URLs or messages.
Antivirus tools rely on blacklists — lists of known-bad domains. They miss anything new, which is most scams. Seclum reads the link itself, the way a careful person would, and tells you what it sees. It can spot a fresh phishing site that hasn't hit any list yet.
For URLs: domain age, registrar, redirect chain, certificate, and the page text if it's safely fetchable. For text: sender patterns, urgency cues, mentioned brands, link structure. We never run anything dangerous in your browser.
Yes — sometimes. We tell you the agent's confidence and reasoning so you can sanity-check. If something looks off, trust your gut and don't tap. We'd rather flag a real link as suspicious than miss a real scam.
Not yet. We're scoping a programmatic API for v1.5 — email us if you have a use case and we'll include you in the early-access list.
Paste it in. Get a real, reasoned answer — with the signals the agent caught — and decide for yourself. No card, no creep factor, no tracking. Just a free account and you're in.