URL Safety Validator MCP

Stop your agent from fetching a dangerous URL before it's too late.

Agents that process emails, scrape pages, or consume API responses encounter URLs from untrusted sources constantly. This server gives your agent a single call to gate every URL before it proceeds — returning a SAFE/SUSPICIOUS/DANGEROUS verdict backed by Google Web Risk, URLhaus, PhishTank, and AI analysis.

What It Does

One tool: check_url. One call returns:

• Verdict: SAFE / SUSPICIOUS / DANGEROUS

• AI trust score: 0–100 (0 = definitely dangerous, 100 = definitely safe)

• Threat categories: phishing, malware, unwanted_software, typosquatting, newly_registered, suspicious_redirect, brand_impersonation

• SSL status: valid or not

• Domain age: registration date and age in days

• Redirect chain flag: detected from URL parameters

• Database signals: raw results from Google Web Risk, URLhaus, PhishTank

• AI reasoning: 2–3 sentence plain-English explanation

• AI confidence: HIGH / MEDIUM / LOW

AI-powered analysis — NOT a simple database lookup.

Related MCP server: urlDNA MCP Server

When to Call This Tool

Call check_url BEFORE your agent:

• Fetches content from a URL found in an email

• Visits a link extracted from a scraped page or document

• Passes a URL to a browser tool or web scraper

• Stores or forwards a URL from any untrusted source

• Approves any outbound link in a content pipeline

If the verdict is DANGEROUS — halt. If SUSPICIOUS — flag for review. If SAFE — proceed.

Data Sources

Pricing

Remote Usage (No Install)

https://url-safety-validator-mcp-production.up.railway.app

Add x-api-key: YOUR_KEY header for Pro/Enterprise tiers. Leave blank for free tier.

Local Install (stdio)

npm install -g url-safety-validator-mcp

{
  "mcpServers": {
    "url-safety-validator": {
      "command": "url-safety-validator-mcp",
      "env": {
        "ANTHROPIC_API_KEY": "your-key",
        "GOOGLE_WEB_RISK_API_KEY": "your-key"
      }
    }
  }
}

Harness Integration

Claude Code / Claude Desktop (.mcp.json)

{
  "mcpServers": {
    "url-safety-validator": {
      "type": "http",
      "url": "https://url-safety-validator-mcp-production.up.railway.app"
    }
  }
}

LangChain (Python)

from langchain_mcp_adapters.client import MultiServerMCPClient
client = MultiServerMCPClient({
    "url-safety-validator": {
        "url": "https://url-safety-validator-mcp-production.up.railway.app",
        "transport": "http"
    }
})
tools = await client.get_tools()

OpenAI Agents SDK (Python)

from agents import Agent, HostedMCPTool
agent = Agent(
    name="Assistant",
    tools=[HostedMCPTool(tool_config={
        "type": "mcp",
        "server_label": "url-safety-validator",
        "server_url": "https://url-safety-validator-mcp-production.up.railway.app",
        "require_approval": "never"
    })]
)

LangGraph

Same as LangChain above — langchain-mcp-adapters works with LangGraph natively.

Example Response

{
  "url": "https://suspicious-domain.xyz/login",
  "hostname": "suspicious-domain.xyz",
  "verdict": "DANGEROUS",
  "trust_score": 4,
  "ssl_valid": true,
  "domain_age_days": 12,
  "redirect_chain_detected": false,
  "threat_categories": ["phishing", "newly_registered"],
  "reasoning": "Domain registered 12 days ago and confirmed in PhishTank as an active phishing site impersonating a financial institution. Google Web Risk flags this as SOCIAL_ENGINEERING.",
  "ai_confidence": "HIGH",
  "analysis_type": "AI-powered -- NOT a simple database lookup"
}

Legal

Results are for informational purposes only. Verdict is a risk signal — not a guarantee of safety or danger. We do not log or store your query content. Full terms: kordagencies.com/terms.html

Provider: Kord Agencies Pte Ltd, Singapore.