relayshield-mcp
OfficialServer Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| RELAYSHIELD_API_KEY | No | RapidAPI subscription key (subscription mode) | |
| RELAYSHIELD_API_URL | Yes | API Gateway base URL (required) | |
| RELAYSHIELD_X_PAYMENT | No | x402 payment proof — USDC on Base (pay-as-you-go mode) |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": false
} |
| experimental | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| check_breachA | Check whether an email address appears in known data breaches. Uses Have I Been Pwned (HIBP) — 13 billion+ compromised accounts. Returns breach count and details (breach name, date, exposed data classes). Use before allowing high-risk actions that depend on credential integrity. Pay-as-you-go: $0.10 USDC per check (x402 on Base). Subscription: rapidapi.com/relayshield |
| check_sim_swapA | Detect whether a SIM swap or eSIM provisioning event has occurred on a phone number in the last 24 hours. Uses Twilio Lookup v2 with live carrier data. Returns swapped (bool), swap timestamp, and current carrier. Use when a user reports losing mobile service, or before completing a high-risk action that depends on SMS-based authentication. Pay-as-you-go: $0.25 USDC per check (x402 on Base). Subscription: rapidapi.com/relayshield |
| check_domain_lookalikesA | Detect typosquat and lookalike domains impersonating a brand. Generates hundreds of permutations (TLD swaps, character typos, homoglyphs, phishing prefixes/suffixes), resolves them in parallel via DNS, and enriches live results with Certificate Transparency data (cert count, recent issuance). Returns all lookalike domains that are currently registered and resolving. Use to find domains impersonating your brand, or before an employee clicks a link that resembles a company domain. Pay-as-you-go: $0.50 USDC per scan (x402 on Base). Subscription: rapidapi.com/relayshield |
| check_oauth_watchlistA | Check whether any high-risk OAuth-capable SaaS apps connected to an email account have appeared in recent data breaches. Monitors a curated watchlist of apps (Slack, Notion, GitHub, Zapier, Vercel, Loom, HubSpot, AI tools, and more). An attacker who breaches these services may obtain OAuth tokens granting access to your Google Workspace or Microsoft 365 without touching your password. Returns matched breached apps and recommended revocation steps. Pay-as-you-go: $0.15 USDC per check (x402 on Base). Subscription: rapidapi.com/relayshield |
| check_infostealerA | Check whether an email address appears in infostealer malware logs. Uses Hudson Rock Cavalier — a database of credentials harvested directly from infected computers by infostealer malware (RedLine, Raccoon, Vidar, etc.). Returns found (bool), stealer count, and per-infection details: date compromised, operating system, malware path, and number of corporate/personal credentials stolen. Unlike breach databases (HIBP), infostealer hits mean the device itself was compromised — all stored passwords, session cookies, and crypto keys are at risk. Pay-as-you-go: $0.15 USDC per check (x402 on Base). Subscription: rapidapi.com/relayshield |
| scan_urlA | Submit a URL for malware and phishing analysis across 70+ security engines. Returns an analysis_id immediately (async). Call check_scan_result with the analysis_id every 5 seconds until verdict is returned. Verdicts: malicious | suspicious | clean | timeout. Use before navigating to an unfamiliar URL or when a user forwards a suspicious link. Pay-as-you-go: $0.05 USDC per scan (x402 on Base). Subscription: rapidapi.com/relayshield |
| scan_fileA | Submit a file for binary malware analysis across 70+ AV engines. Provide a publicly accessible download URL — RelayShield handles the download. Returns an analysis_id immediately (async). Call check_scan_result with the analysis_id every 5 seconds until verdict is returned. Verdicts: malicious | suspicious | clean | timeout. Use when a user receives an email attachment and forwards the download link. Pay-as-you-go: $0.10 USDC per scan (x402 on Base). Subscription: rapidapi.com/relayshield |
| scan_walletA | Check an EVM wallet address for on-chain risk signals using GoPlus Security. Detects blacklisted addresses, contract risk flags, malicious activity, phishing associations, and other on-chain threat indicators. Returns risk_level (LOW/MEDIUM/HIGH), risk_flags list, and raw GoPlus data. Supports Ethereum mainnet (default) and other EVM chains via chain_id. Use before sending funds to an unknown address or in DeFi due-diligence flows. Pay-as-you-go: $0.10 USDC per scan (x402 on Base). Subscription: rapidapi.com/relayshield |
| check_mcp_registry_riskA | Check an MCP server URL or package name for red flags: known-malicious IOC match, typosquat/near-miss against well-known MCP ecosystem domains, and domain registration age. Part of RelayShield's Agentic Attack Surface bundle — early coverage for an ecosystem with minimal dedicated security tooling as of 2026. Use before an agent connects to or installs a new, unfamiliar MCP server. Absence of findings means 'unknown,' not 'verified safe.' Pay-as-you-go: $0.35 USDC per check (x402 on Base). Subscription: rapidapi.com/relayshield |
| check_prompt_injection_breachA | Check whether an email address has exposure in a criminal dump whose own announcement text suggests an AI agent — rather than a traditional phishing or malware campaign — was involved in obtaining it. Heuristic v1 classifier over Telegram dump-announcement text, not a confirmed-attribution guarantee. Use as an early signal that an AI agent workflow may have been the breach vector. Pay-as-you-go: $0.35 USDC per check (x402 on Base). Subscription: rapidapi.com/relayshield |
| check_scan_resultA | Poll for the result of a previously submitted URL or file scan. Call every 5 seconds after scan_url or scan_file until status is 'completed'. Returns verdict (malicious/suspicious/clean) and engine vote counts, or {status: pending} if the scan is still running. Free with a paid scan (no additional charge). |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/relayshield/relayshield-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server