# How does it work?

When you enter a Web3 site, Sentinel3 will analyze it in two different stages:

## Initial Analysis

When it detects the initial Web3 interaction, aka the wallet connection, it will perform a light and quick scan. Only some scam sites will be detected at this stage.

## Deep Analysis

When it detects a transaction or signature request, it will perform a deep scan. It will be very quick for most legitimate sites, but if we detect anything unusual, it will take only a couple of seconds.

## What happens after a Sentinel3 scan?

{% hint style="success" %}
**Legit Detection:**
{% endhint %}

If it doesn't detect anything malicious, your wallet will proceed with the intended action (connecting, transacting, or signing).

{% hint style="danger" %}
**Malicious Detection:**
{% endhint %}

If it detects something malicious, it will stop the transaction or signature request and display an [**alert**](/kerberus/sentinel3/alert-types.md).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.kerberus.com/kerberus/sentinel3/how-does-it-work.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.