Guardio Labs · Extension Sensor Lab

puppys.click KB Sensor Test Fixture

A controlled playground that fires positive and negative test cases for the eval_hook and shadow_dom_patch_puppys extension sensors — including inputs that should not match, to prove the filters are tight.

Scoped to internal test users only · uid_pattern: ^uid_fefe · no data is collected or sent by this page

green = sensor SHOULD fire red = sensor should NOT fire
event_tracker · window.eval · payloadMatcher + payloadExtractor

eval #1 — ClickFix payload should fire

>300 chars and malicious keywords (powershell, curl, iex, frombase64string, Win+R, ✅, "verify you are human").

eval #2 — short benign no fire

Fails both gates: <300 chars and no keywords.

eval #3 — long benign no fire

Passes the length gate (>300 chars) but has no malicious keyword → keyword gate blocks it.

eval #4 — malicious but short no fire

Has keywords (powershell/iex/curl) but <300 chars → length gate blocks it.

shadow_dom_patch · host telemetry + source filtering

shadow #1 — open + large collect · keep

Page-created (main-world) open shadow host with >500 chars of host content + a hidden ClickFix UI in the shadow root.

shadow #2 — nested open collect

Open shadow host containing another open shadow host (tests the depth walk).

shadow #3 — open + tiny drop downstream

Host telemetry is reported, but host content is <500 chars → filtered out by the downstream length rule.

shadow #4 — CLOSED root no collect

Closed shadow roots are invisible to the patch (only mode:"open" is tagged).

live fixture log