url-safety-validator-mcp
This server lets you validate the safety of URLs before your agent acts on them, combining commercial threat databases with AI-powered analysis via the check_url tool.
With this server, you can:
Check any URL for safety before fetching, visiting, forwarding, or storing it (from emails, scraped pages, user input, documents, API responses, or redirects)
Receive a clear verdict —
SAFE/SUSPICIOUS/DANGEROUS— to gate agent actions (block, flag for human review, or proceed)Get an AI trust score (0–100) indicating how safe or dangerous the URL is
Detect specific threat categories including phishing, malware, unwanted software, typosquatting, newly registered domains, suspicious redirects, and brand impersonation
Check SSL certificate validity and retrieve domain age (registration date and age in days)
Detect redirect chains embedded in URL parameters
Query Google Web Risk and Google Safe Browsing databases for known malicious URLs
Get plain-English AI reasoning explaining the verdict, along with an AI confidence level (HIGH / MEDIUM / LOW)
Integrate with agent frameworks such as Claude Desktop, LangChain, LangGraph, and OpenAI Agents SDK, via HTTP (free tier: 10 calls/month) or locally via stdio
Integrates with URLhaus (abuse.ch) to check URLs against active malware distribution lists.
Integrates with Google Web Risk API to check URLs against malware, phishing, and unwanted software threats.
Provides tools for integrating the URL safety validator into LangChain-based agents.
Provides tools for integrating the URL safety validator into LangGraph workflows.
Provides integration for using the URL safety validator with the OpenAI Agents SDK.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@url-safety-validator-mcpCheck safety of https://tinyurl.com/abc123"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
URL Safety Validator MCP
Stop your agent from fetching a dangerous URL before it's too late.
Agents that process emails, scrape pages, or consume API responses encounter URLs from untrusted sources constantly. This server gives your agent a single call to gate every URL before it proceeds — returning a SAFE/SUSPICIOUS/DANGEROUS verdict backed by Google Web Risk, Google Safe Browsing, and AI analysis.
What It Does
One tool: check_url. One call returns:
Verdict: SAFE / SUSPICIOUS / DANGEROUS
AI trust score: 0–100 (0 = definitely dangerous, 100 = definitely safe)
Threat categories: phishing, malware, unwanted_software, typosquatting, newly_registered, suspicious_redirect, brand_impersonation
SSL status: valid or not
Domain age: registration date and age in days
Redirect chain flag: detected from URL parameters
Database signals: raw results from Google Web Risk and Google Safe Browsing
AI reasoning: 2–3 sentence plain-English explanation
AI confidence: HIGH / MEDIUM / LOW
AI-powered analysis — NOT a simple database lookup.
Related MCP server: SkillAudit
When to Call This Tool
Call check_url BEFORE your agent:
Fetches content from a URL found in an email
Visits a link extracted from a scraped page or document
Passes a URL to a browser tool or web scraper
Stores or forwards a URL from any untrusted source
Approves any outbound link in a content pipeline
If the verdict is DANGEROUS — halt. If SUSPICIOUS — flag for review. If SAFE — proceed.
Data Sources
Source | Type | Coverage |
Google Web Risk | Commercial API | Malware, phishing, unwanted software |
Google Safe Browsing | Free | Malware, phishing, unwanted software (fallback when Web Risk key absent) |
RDAP | Free | Domain registration date |
Anthropic Claude | AI | Trust scoring and reasoning synthesis |
Pricing
Tier | Calls | Price |
Free | 10/month | No API key needed |
Starter | 500-call bundle | $20 |
Pro | 2,000-call bundle | $70 |
Remote Usage (No Install)
https://url-safety-validator-mcp-production.up.railway.appAdd x-api-key: YOUR_KEY header for Pro/Enterprise tiers. Leave blank for free tier.
Local Install (stdio)
npm install -g url-safety-validator-mcp{
"mcpServers": {
"url-safety-validator": {
"command": "url-safety-validator-mcp",
"env": {
"ANTHROPIC_API_KEY": "your-key",
"GOOGLE_WEB_RISK_API_KEY": "your-key"
}
}
}
}Harness Integration
Claude Code / Claude Desktop (.mcp.json)
{
"mcpServers": {
"url-safety-validator": {
"type": "http",
"url": "https://url-safety-validator-mcp-production.up.railway.app"
}
}
}LangChain (Python)
from langchain_mcp_adapters.client import MultiServerMCPClient
client = MultiServerMCPClient({
"url-safety-validator": {
"url": "https://url-safety-validator-mcp-production.up.railway.app",
"transport": "http"
}
})
tools = await client.get_tools()OpenAI Agents SDK (Python)
from agents import Agent, HostedMCPTool
agent = Agent(
name="Assistant",
tools=[HostedMCPTool(tool_config={
"type": "mcp",
"server_label": "url-safety-validator",
"server_url": "https://url-safety-validator-mcp-production.up.railway.app",
"require_approval": "never"
})]
)LangGraph
Same as LangChain above — langchain-mcp-adapters works with LangGraph natively.
Example Response
{
"url": "https://suspicious-domain.xyz/login",
"hostname": "suspicious-domain.xyz",
"verdict": "DANGEROUS",
"trust_score": 4,
"ssl_valid": true,
"domain_age_days": 12,
"redirect_chain_detected": false,
"threat_categories": ["phishing", "newly_registered"],
"reasoning": "Domain registered 12 days ago and impersonates a financial institution's login page. Google Web Risk flags this as SOCIAL_ENGINEERING.",
"ai_confidence": "HIGH",
"analysis_type": "AI-powered -- NOT a simple database lookup"
}Legal
Results are for informational purposes only. Verdict is a risk signal — not a guarantee of safety or danger. We do not log or store your query content. Full terms: kordagencies.com/terms.html
Provider: Kord Agencies Pte Ltd, Singapore.
Maintenance
Tools
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/OjasKord/url-safety-validator-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server