URL Safety Validator MCP
Server Details
AI URL safety validator: SAFE/SUSPICIOUS/DANGEROUS verdict, trust score, threat intel.
- Status
- Healthy
- Last Tested
- Transport
- Streamable HTTP
- URL
- Repository
- OjasKord/url-safety-validator-mcp
- GitHub Stars
- 1
- Server Listing
- url-safety-validator-mcp
Glama MCP Gateway
Connect through Glama MCP Gateway for full control over tool access and complete visibility into every call.
Full call logging
Every tool call is logged with complete inputs and outputs, so you can debug issues and audit what your agents are doing.
Tool access control
Enable or disable individual tools per connector, so you decide what your agents can and cannot do.
Managed credentials
Glama handles OAuth flows, token storage, and automatic rotation, so credentials never expire on your clients.
Usage analytics
See which tools your agents call, how often, and when, so you can understand usage patterns and catch anomalies.
Tool Definition Quality
Average 4.6/5 across 1 of 1 tools scored.
With only one tool, there is no ambiguity. The tool's purpose is clearly distinct from any other.
Naming consistency is trivial with a single tool; 'check_url' follows a clear verb_noun pattern.
A single tool for URL safety validation is slightly under but reasonable given the comprehensive nature of the tool's checks.
The tool covers all major URL threats (phishing, malware, typosquatting, redirects) and provides actionable verdicts, leaving no obvious gaps.
Available Tools
1 toolcheck_urlAInspect
Checks a URL for phishing, malware, typosquatting, and redirect threats. Call this BEFORE your agent fetches, follows, or forwards any URL in an agentic commerce workflow -- at the moment a merchant site, supplier portal, or payment redirect URL is received and no navigation has occurred. Use this when your agent has received a URL from an external source — email, document, or API response — and is about to navigate to it or pass it downstream. Checks live against Google Web Risk (webrisk.googleapis.com) and Google Safe Browsing (safebrowsing.googleapis.com). Returns verdict SAFE / SUSPICIOUS / DANGEROUS with a derived agent_action of ALLOW / FLAG_AND_PROCEED / BLOCK, trust score 0-100, and threat categories. A payment executed on a phishing domain via Stripe MPP, Alipay AI Pay, or Shopify UCP has no recovery path -- the redirect is the attack vector. A DANGEROUS verdict means halt immediately. Returns machine-ready verdict, no further analysis needed.
| Name | Required | Description | Default |
|---|---|---|---|
| url | Yes | The URL to check. Full URL preferred (e.g. https://example.com/path). Bare domains also accepted. |
Output Schema
| Name | Required | Description |
|---|---|---|
| url | Yes | |
| verdict | Yes | |
| hostname | Yes | |
| reasoning | No | |
| ssl_valid | No | |
| checked_at | Yes | |
| source_url | No | |
| _disclaimer | Yes | |
| hold_reason | No | Present only when verdict is SUSPICIOUS |
| retry_after | No | |
| trust_score | Yes | |
| agent_action | Yes | Derived directly from verdict |
| ai_confidence | No | |
| analysis_type | No | |
| domain_age_days | No | |
| escalation_path | No | Present only when verdict is SUSPICIOUS |
| database_signals | No | |
| domain_registered | No | |
| threat_categories | No | |
| redirect_chain_detected | No |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
With no annotations provided, the description carries the full burden. It discusses the services checked (Google Web Risk, Safe Browsing), the returned verdict structure (including agent_action, trust score, threat categories), and a warning about the irreversibility of payment fraud on phishing domains. It also states that a DANGEROUS verdict means halt immediately and that no further analysis is needed. This is highly transparent.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is relatively long but each sentence serves a purpose. It front-loads the main action and then provides context and warnings. Minor redundancy (e.g., repeating 'payment executed on a phishing domain') could be trimmed, but overall it is well-structured and efficient.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool is simple (one required parameter) and has an output schema (implied by the return description), the description covers all necessary aspects: what it checks, against which services, what the verdict includes, and when it's critical to use it. The warning about payment recovery adds essential context. It feels complete.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The schema description coverage is 100% (single 'url' parameter with a clear description). The description does not add additional semantic details beyond what the schema provides (e.g., it mentions 'Full URL preferred' but the schema already states that). Therefore, baseline score of 3 is appropriate.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description states a specific verb ('Checks a URL') and resource ('for phishing, malware, typosquatting, and redirect threats'), clearly defining what the tool does. It differentiates from potential similar tools by specifying the threat categories, and there are no sibling tools to confuse.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description explicitly says when to call this tool ('BEFORE your agent fetches, follows, or forwards any URL') and provides concrete scenarios ('merchant site, supplier portal, or payment redirect URL'). It also specifies the context of receiving a URL from an external source. This gives clear guidance without ambiguity.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
Claim this connector by publishing a /.well-known/glama.json file on your server's domain with the following structure:
{
"$schema": "https://glama.ai/mcp/schemas/connector.json",
"maintainers": [{ "email": "your-email@example.com" }]
}The email address must match the email associated with your Glama account. Once published, Glama will automatically detect and verify the file within a few minutes.
Control your server's listing on Glama, including description and metadata
Access analytics and receive server usage reports
Get monitoring and health status updates for your server
Feature your server to boost visibility and reach more users
For users:
Full audit trail – every tool call is logged with inputs and outputs for compliance and debugging
Granular tool control – enable or disable individual tools per connector to limit what your AI agents can do
Centralized credential management – store and rotate API keys and OAuth tokens in one place
Change alerts – get notified when a connector changes its schema, adds or removes tools, or updates tool definitions, so nothing breaks silently
For server owners:
Proven adoption – public usage metrics on your listing show real-world traction and build trust with prospective users
Tool-level analytics – see which tools are being used most, helping you prioritize development and documentation
Direct user feedback – users can report issues and suggest improvements through the listing, giving you a channel you would not have otherwise
The connector status is unhealthy when Glama is unable to successfully connect to the server. This can happen for several reasons:
The server is experiencing an outage
The URL of the server is wrong
Credentials required to access the server are missing or invalid
If you are the owner of this MCP connector and would like to make modifications to the listing, including providing test credentials for accessing the server, please contact support@glama.ai.
Discussions
No comments yet. Be the first to start the discussion!
Your Connectors
Sign in to create a connector for this server.