1. Acceptance of terms
By using the ClickFix Mitigator extension, web platform, demos or related documentation, you agree to these terms and conditions.
2. Scope of the service
ClickFix Mitigator is a defensive security project focused on prevention, visibility, triage, investigation and evidence handling around ClickFix-style social-engineering activity.
The service is intended for defensive, analytical, educational and operational security use.
3. Defensive telemetry and private baseline
The service may process defensive telemetry required to detect suspicious flows, generate alerts, operate investigations and improve false-positive handling.
The browser extension may maintain a private baseline by installation to recognize habitual hostnames. This feature is designed around a pseudonymous client identifier rather than a real-world identity.
- The baseline is intended to reduce false positives, not to identify a person.
- Baseline sharing, when enabled, is limited to aggregated hostname-level summaries.
- The user can disable the private baseline feature from the extension options.
Baseline logic, allowlists, score reductions and other workflow aids do not guarantee that a given event is benign or malicious. Strong malicious signals may still trigger alerts even on habitual hosts.
4. Responsible use
- You must not use the platform to facilitate unauthorized access, offensive intrusion, malware deployment or unlawful surveillance.
- You are responsible for configuring policies, allowlists, blocklists, baseline settings and operational workflows in line with your environment and legal obligations.
- You must review detections, enrichments and investigations before taking business or security action with external impact.
Security signals, enrichment results, score components and analyst views are operational aids. They are not automatic attribution, legal conclusions or guaranteed malware determinations.
5. Availability and changes
The project may evolve continuously. Features, workflows, interfaces or integrations may be modified, improved, limited or removed to improve security, reliability or operational value.
6. Evidence, reports and public content
Reports, screenshots, investigation summaries and public featured investigations may contain defensive security context. Public sharing should only be enabled by authorized administrators after review.
You remain responsible for ensuring that any data you publish or distribute through the platform is lawful, proportionate and appropriate.
7. Accounts and access control
Access to authenticated areas may be restricted by role. You are responsible for keeping your credentials secure and for actions performed under your account.
Administrative capabilities must only be granted to trusted operators.
8. Liability and warranties
The project is provided on an as-available basis. No guarantee is made that the platform will detect every malicious flow, classify every event correctly, prevent every false positive or remain continuously available without interruption.
Operational decisions remain the responsibility of the user or organization deploying the platform.
9. Changes to these terms
These terms may be updated over time. The latest published version in this document should be treated as the current reference.
10. Contact
Official site: jordiserrano.me