JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 587
  • Score
    100M100P100Q108029F
  • License MIT

URL safety checker for AI agents. Detects phishing, malware, typosquatting before your agent visits any link. BLOCK/ALLOW verdict in one call.

Package Exports

  • url-safety-validator-mcp
  • url-safety-validator-mcp/src/server.js

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (url-safety-validator-mcp) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

smithery badge

URL Safety Validator MCP

ToolRank

Stop your agent from fetching a dangerous URL before it's too late.

Agents that process emails, scrape pages, or consume API responses encounter URLs from untrusted sources constantly. This server gives your agent a single call to gate every URL before it proceeds — returning a SAFE/SUSPICIOUS/DANGEROUS verdict backed by Google Web Risk, Google Safe Browsing, and AI analysis.


What It Does

One tool: check_url. One call returns:

  • Verdict: SAFE / SUSPICIOUS / DANGEROUS
  • AI trust score: 0–100 (0 = definitely dangerous, 100 = definitely safe)
  • Threat categories: phishing, malware, unwanted_software, typosquatting, newly_registered, suspicious_redirect, brand_impersonation
  • SSL status: valid or not
  • Domain age: registration date and age in days
  • Redirect chain flag: detected from URL parameters
  • Database signals: raw results from Google Web Risk and Google Safe Browsing
  • AI reasoning: 2–3 sentence plain-English explanation
  • AI confidence: HIGH / MEDIUM / LOW

AI-powered analysis — NOT a simple database lookup.


When to Call This Tool

Call check_url BEFORE your agent:

  • Fetches content from a URL found in an email
  • Visits a link extracted from a scraped page or document
  • Passes a URL to a browser tool or web scraper
  • Stores or forwards a URL from any untrusted source
  • Approves any outbound link in a content pipeline

If the verdict is DANGEROUS — halt. If SUSPICIOUS — flag for review. If SAFE — proceed.


Data Sources

Source Type Coverage
Google Web Risk Commercial API Malware, phishing, unwanted software
Google Safe Browsing Free Malware, phishing, unwanted software (fallback when Web Risk key absent)
RDAP Free Domain registration date
Anthropic Claude AI Trust scoring and reasoning synthesis

Pricing

Tier Calls Price
Free 10/month No API key needed
Starter 500-call bundle $20
Pro 2,000-call bundle $70

Remote Usage (No Install)

https://url-safety-validator-mcp-production.up.railway.app

Add x-api-key: YOUR_KEY header for Pro/Enterprise tiers. Leave blank for free tier.


Local Install (stdio)

npm install -g url-safety-validator-mcp
{
  "mcpServers": {
    "url-safety-validator": {
      "command": "url-safety-validator-mcp",
      "env": {
        "ANTHROPIC_API_KEY": "your-key",
        "GOOGLE_WEB_RISK_API_KEY": "your-key"
      }
    }
  }
}

Harness Integration

Claude Code / Claude Desktop (.mcp.json)

{
  "mcpServers": {
    "url-safety-validator": {
      "type": "http",
      "url": "https://url-safety-validator-mcp-production.up.railway.app"
    }
  }
}

LangChain (Python)

from langchain_mcp_adapters.client import MultiServerMCPClient
client = MultiServerMCPClient({
    "url-safety-validator": {
        "url": "https://url-safety-validator-mcp-production.up.railway.app",
        "transport": "http"
    }
})
tools = await client.get_tools()

OpenAI Agents SDK (Python)

from agents import Agent, HostedMCPTool
agent = Agent(
    name="Assistant",
    tools=[HostedMCPTool(tool_config={
        "type": "mcp",
        "server_label": "url-safety-validator",
        "server_url": "https://url-safety-validator-mcp-production.up.railway.app",
        "require_approval": "never"
    })]
)

LangGraph

Same as LangChain above — langchain-mcp-adapters works with LangGraph natively.


Example Response

{
  "url": "https://suspicious-domain.xyz/login",
  "hostname": "suspicious-domain.xyz",
  "verdict": "DANGEROUS",
  "trust_score": 4,
  "ssl_valid": true,
  "domain_age_days": 12,
  "redirect_chain_detected": false,
  "threat_categories": ["phishing", "newly_registered"],
  "reasoning": "Domain registered 12 days ago and impersonates a financial institution's login page. Google Web Risk flags this as SOCIAL_ENGINEERING.",
  "ai_confidence": "HIGH",
  "analysis_type": "AI-powered -- NOT a simple database lookup"
}

Results are for informational purposes only. Verdict is a risk signal — not a guarantee of safety or danger. We do not log or store your query content. Full terms: kordagencies.com/terms.html

Provider: Kord Agencies Pte Ltd, Singapore.