Browser extension · Chrome / Brave / Arc / Edge

See what you're signing.We don't.

The whole verdict engine ships inside the extension. When a dApp asks your wallet to sign, the check happens in your browser — your transactions never reach our server. The wallet still has the final say.

Download v1.0.0See it in action

ZIP, ~50 KB. Pre-built; works out of the box with a default Solana RPC. No accounts, no API keys, no setup.

SHA256: 286de3e9e8b9b1e21a91437f3a16f3e77028580350b65bd261c9bb39640fecc9
Verify locally: shasum -a 256 txguardian-extension.zip

What it does

Intercept

Catches every signing request the moment a Solana dApp asks for one — before Phantom, Solflare, Backpack, or any other wallet shows you its prompt.

Check in your browser

The full engine ships in the extension. It inspects the transaction against six rules + a live on-chain blocklist, all on your device. Your transactions never reach our server — we can't see them.

Decide

Shows you the verdict in plain English. Approve and the request flows through to your wallet normally. Reject and the dApp sees a standard cancellation — same as if you'd hit cancel yourself.

Install in 3 steps

Manifest V3 — works in Chrome, Brave, Arc, and Edge. Chrome Web Store listing in progress; load unpacked in the meantime.

  1. 01

    Download and extract

    Grab the zip and unzip it anywhere — the extracted folder is what you'll point Chrome at in the next step.

    txguardian-extension.zip · v1.0.0
  2. 02

    Open the extensions page and enable Developer mode

    Visit chrome://extensions (or brave://extensions, arc://extensions, edge://extensions). Toggle Developer mode in the top-right.

  3. 03

    Load unpacked, then test it

    Click Load unpacked and select the folder you extracted in step 1. TxGuardian appears in your extensions list, active on every page.

    Run the signing test

The extension defaults to the analyzer running on this site — zero configuration. Self-hosters can override the endpoint from the toolbar popup.

What it covers (and doesn't)

Source of transactionIntercepted?
Any dApp on a web page using PhantomYes
Any dApp using a Wallet Standard wallet (Solflare, Backpack, Glow…)Yes
Iframes inside web dAppsYes
One-click sign-and-send from a dApp (Phantom shorthand)Yes
Phantom's built-in Send / Swap / StakeNo
Mobile Phantom / in-app browsersNo

Phantom's internal flows can't be intercepted by any extension — architectural limit of the browser sandbox. Same constraint Wallet Guard, Pocket Universe, and Blowfish hit. Closing that gap requires Phantom's Blocks partner program.

What we send (and don't)

On every signing request, the extension serializes the transaction to base64 and POSTs it to the analyzer endpoint. Nothing else leaves your browser. Specifically:

  • Sent: the base64-encoded transaction bytes and the dApp's origin host.
  • Never sent: your private keys, your seed phrase, your wallet's full pubkey list, your browsing history, or any cookies / localStorage from the dApp.
  • Never stored: the analyzer doesn't persist transactions. Each request is processed and discarded.
  • Never signs: the extension cannot sign transactions. It can only intercept and forward to your wallet (or throw a rejection). The wallet remains the sole keyholder.

How it works

dApp page
  ↓ calls window.phantom.solana.signTransaction(tx)
  ↓
[ src/page.ts ]      ← MAIN world, document_start
  ↓ patched method intercepts
  ↓ serializes tx → base64
  ↓ window.postMessage
  ↓
[ src/content.ts ]   ← ISOLATED world (bridge)
  ↓ chrome.runtime.sendMessage
  ↓
[ background.ts ]    ← service worker
  ↓ POST /api/analyze
  ↓
[ in-page modal ]    ← Shadow DOM overlay
  ↓ user decides
  ↓
  Approve → original signTransaction → wallet's prompt appears
  Reject  → throws code 4001 → dApp sees standard rejection

Source under apps/extension. ~30 KB minified, no React, no framework deps. Vanilla TypeScript + @crxjs/vite-plugin.

Build from source

For development, custom analyzer endpoints, or auditing the build:

git clone https://github.com/Omar-Elhorbity/TxGuardian
cd TxGuardian
pnpm install
pnpm --filter @txguardian/extension package
# → produces apps/extension/dist/ and apps/web/public/txguardian-extension.zip

Then load apps/extension/dist unpacked. Endpoint can be overridden from the toolbar popup, or edit apps/extension/src/config.ts and rebuild.

Open source under the MIT license. Source, issues, and contributions welcome.

Read the source