url-safety-validator-mcp
Enables AI agents to check URL safety before fetching content, using Google Web Risk, URLhaus, PhishTank, and AI analysis to return SAFE/SUSPICIOUS/DANGEROUS verdicts.
README
URL Safety Validator MCP
Stop your agent from fetching a dangerous URL before it's too late.
Agents that process emails, scrape pages, or consume API responses encounter URLs from untrusted sources constantly. This server gives your agent a single call to gate every URL before it proceeds — returning a SAFE/SUSPICIOUS/DANGEROUS verdict backed by Google Web Risk, URLhaus, PhishTank, and AI analysis.
What It Does
One tool: check_url. One call returns:
- Verdict: SAFE / SUSPICIOUS / DANGEROUS
- AI trust score: 0–100 (0 = definitely dangerous, 100 = definitely safe)
- Threat categories: phishing, malware, unwanted_software, typosquatting, newly_registered, suspicious_redirect, brand_impersonation
- SSL status: valid or not
- Domain age: registration date and age in days
- Redirect chain flag: detected from URL parameters
- Database signals: raw results from Google Web Risk, URLhaus, PhishTank
- AI reasoning: 2–3 sentence plain-English explanation
- AI confidence: HIGH / MEDIUM / LOW
AI-powered analysis — NOT a simple database lookup.
When to Call This Tool
Call check_url BEFORE your agent:
- Fetches content from a URL found in an email
- Visits a link extracted from a scraped page or document
- Passes a URL to a browser tool or web scraper
- Stores or forwards a URL from any untrusted source
- Approves any outbound link in a content pipeline
If the verdict is DANGEROUS — halt. If SUSPICIOUS — flag for review. If SAFE — proceed.
Data Sources
| Source | Type | Coverage |
|---|---|---|
| Google Web Risk | Commercial API | Malware, phishing, unwanted software |
| URLhaus (abuse.ch) | Free | Active malware distribution URLs |
| PhishTank | Free | Community-verified phishing URLs |
| RDAP | Free | Domain registration date |
| Anthropic Claude | AI | Trust scoring and reasoning synthesis |
Pricing
| Tier | Calls | Price |
|---|---|---|
| Free | 10/month | No API key needed |
| Starter | 500-call bundle | $20 |
| Pro | 2,000-call bundle | $70 |
Remote Usage (No Install)
https://url-safety-validator-mcp-production.up.railway.app
Add x-api-key: YOUR_KEY header for Pro/Enterprise tiers. Leave blank for free tier.
Local Install (stdio)
npm install -g url-safety-validator-mcp
{
"mcpServers": {
"url-safety-validator": {
"command": "url-safety-validator-mcp",
"env": {
"ANTHROPIC_API_KEY": "your-key",
"GOOGLE_WEB_RISK_API_KEY": "your-key"
}
}
}
}
Harness Integration
Claude Code / Claude Desktop (.mcp.json)
{
"mcpServers": {
"url-safety-validator": {
"type": "http",
"url": "https://url-safety-validator-mcp-production.up.railway.app"
}
}
}
LangChain (Python)
from langchain_mcp_adapters.client import MultiServerMCPClient
client = MultiServerMCPClient({
"url-safety-validator": {
"url": "https://url-safety-validator-mcp-production.up.railway.app",
"transport": "http"
}
})
tools = await client.get_tools()
OpenAI Agents SDK (Python)
from agents import Agent, HostedMCPTool
agent = Agent(
name="Assistant",
tools=[HostedMCPTool(tool_config={
"type": "mcp",
"server_label": "url-safety-validator",
"server_url": "https://url-safety-validator-mcp-production.up.railway.app",
"require_approval": "never"
})]
)
LangGraph
Same as LangChain above — langchain-mcp-adapters works with LangGraph natively.
Example Response
{
"url": "https://suspicious-domain.xyz/login",
"hostname": "suspicious-domain.xyz",
"verdict": "DANGEROUS",
"trust_score": 4,
"ssl_valid": true,
"domain_age_days": 12,
"redirect_chain_detected": false,
"threat_categories": ["phishing", "newly_registered"],
"reasoning": "Domain registered 12 days ago and confirmed in PhishTank as an active phishing site impersonating a financial institution. Google Web Risk flags this as SOCIAL_ENGINEERING.",
"ai_confidence": "HIGH",
"analysis_type": "AI-powered -- NOT a simple database lookup"
}
Legal
Results are for informational purposes only. Verdict is a risk signal — not a guarantee of safety or danger. We do not log or store your query content. Full terms: kordagencies.com/terms.html
Provider: Kord Agencies Pte Ltd, Singapore.
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.