Safe Link Visual MCP
Provides URL safety checking and visual previews as an MCP server deployable on Kakao's PlayMCP platform.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Safe Link Visual MCPCheck the safety of https://example.com"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Safe Link Visual MCP
Safe Link Visual MCP(세이프 링크 비주얼 MCP)는 사용자가 URL을 열기 전에 링크의 피싱 위험을 보수적으로 분류하고, 필요한 경우 모바일 화면의 핵심 픽셀을 1024x1024 정사각형 이미지로 압축해 제공하는 Remote MCP 서버입니다.
이 서버는 PlayMCP 등록을 염두에 두고 Streamable HTTP, stateless 동작, 3개 도구 구성, 명시적 tool annotations, 정제된 응답 형식을 사용합니다.
What It Does
URL을
완전 안전하다또는위험할 수 있다로 2진 분류합니다.is_safety와safety_explain은 빠른 응답을 위해 URL, DNS, HTTP, HTML 신호만 사용합니다.site_image는 Playwright 모바일 렌더링을 사용해 실제 사이트 화면의 중요한 영역과 위험 근거를 하나의 PNG 이미지로 압축합니다.서버는 링크를 iframe으로 임베드하지 않고, 격리된 임시 브라우저 컨텍스트에서 관찰한 결과만 반환합니다.
Related MCP server: ScamVerify
Data And References
학습 데이터셋은 사용하지 않습니다. Safe Link Visual MCP는 외부 피싱 데이터셋이나 Safe Browsing API를 호출하지 않는 규칙 기반 휴리스틱 검사기입니다.
참고한 공개 문서:
OWASP Server-Side Request Forgery Prevention Cheat Sheet
IANA IPv4/IPv6 Special-Purpose Address Registries
IETF RFC 3986 URI Generic Syntax
IETF RFC 5890 Internationalized Domain Names for Applications
MDN URI authority and HTML password input references
Google Safe Browsing public documentation
PlayMCP Compatibility
Item | Value |
MCP transport | Streamable HTTP |
Server type | Remote MCP server |
Default endpoint |
|
Session model | Stateless HTTP enabled |
Auth | None. This server is read-only and does not require user account data. |
Tool count | 3 |
Disallowed server/tool name text | Does not use |
SDK | Official Python MCP SDK |
Verified protocol version |
|
PlayMCP URL example after deployment:
https://safelink-visual.playmcp-endpoint.kakaocloud.io/mcpPlayMCP Console Copy-Paste Fields
Use these values when registering the public endpoint in PlayMCP.
The full field-by-field Korean submission sheet is in PLAYMCP_SUBMISSION.md.
MCP identifier: safeLinkVisual
MCP display name: Safe Link Visual
Server name: Safe Link Visual MCP
Korean name: 세이프 링크 비주얼 MCP
Endpoint URL: https://safelink-visual.playmcp-endpoint.kakaocloud.io/mcp
Authentication: None
Transport: Streamable HTTPsafeLinkVisual is intentionally alphanumeric and 14 characters long because the PlayMCP identifier field allows only English letters/numbers and up to 16 characters.
Git source build fields:
MCP server name: safelink-visual
Description: 링크를 열기 전 안전 여부와 핵심 화면 요약 이미지를 제공하는 MCP 서버
Git URL: https://github.com/studyreadbook4ever/safe-link-visual-mcp.git
Branch/ref: main
Dockerfile path: Dockerfile
PAT: private repository onlyShort description:
학습 데이터셋은 사용하지 않습니다. URL·DNS·HTTP·HTML·모바일 렌더링 신호를 OWASP SSRF, IANA 특수 IP, IETF URI/IDNA, MDN, Google Safe Browsing 공개 문서를 참고한 규칙으로 검사해 '완전 안전하다/위험할 수 있다'로 판정하고 핵심 화면 요약 이미지를 제공합니다.Long description:
Safe Link Visual MCP(세이프 링크 비주얼 MCP)는 사용자가 낯선 링크를 누르기 전에 URL, DNS, HTTP, HTML, 모바일 렌더링 신호를 검사합니다. 결과는 '완전 안전하다' 또는 '위험할 수 있다'로 단순하게 나누고, 비전공자도 이해할 수 있는 한국어 근거와 추천 행동을 제공합니다. 사이트를 iframe으로 임베드하지 않고 임시 브라우저 컨텍스트에서 관찰한 정보만 사용하며, 느린 사이트는 제한 시간 안에서 보수적으로 위험 판정합니다.Tools
is_safety
Checks whether a URL is classified as safe by Safe Link Visual MCP(세이프 링크 비주얼 MCP). Returns true only for 완전 안전하다 and false for 위험할 수 있다.
Input:
{
"url": "https://example.com"
}Output:
trueAnnotations:
{
"title": "Check Link Safety",
"readOnlyHint": true,
"destructiveHint": false,
"openWorldHint": true,
"idempotentHint": true
}safety_explain
Returns a compact Korean evidence report from Safe Link Visual MCP(세이프 링크 비주얼 MCP) explaining the binary safety decision. Large image data is excluded.
Input:
{
"url": "https://example.com"
}Output shape:
{
"decision": {
"label": "완전 안전하다",
"is_safety": true,
"plain_summary": "자동 검사에서 바로 보이는 피싱 위험 신호는 찾지 못했습니다...",
"action_advice": "주소가 예상한 사이트와 맞다면 열어도 됩니다..."
},
"input_url": "https://example.com",
"final_url": "https://example.com/",
"is_safety": true,
"verdict": "완전 안전하다",
"risk_score": 0,
"confidence": 0.72,
"summary": "명확한 위험 신호를 찾지 못했습니다...",
"signals": [],
"report": "# 링크 안전 브리핑..."
}Annotations:
{
"title": "Explain Link Safety",
"readOnlyHint": true,
"destructiveHint": false,
"openWorldHint": true,
"idempotentHint": true
}site_image
Creates a 1024x1024 PNG visual digest with key mobile-page pixels and safety cues from Safe Link Visual MCP(세이프 링크 비주얼 MCP). Use this when the user needs a compressed visual preview before opening a URL.
The renderer visits the URL with a mobile Safari-like User-Agent, ignores tiny decorative elements, and crops around larger headings, forms, buttons, images, and other high-signal blocks.
Input:
{
"url": "https://example.com"
}Output:
image/pngAnnotations:
{
"title": "Create Site Image",
"readOnlyHint": true,
"destructiveHint": false,
"openWorldHint": true,
"idempotentHint": true
}Ensemble Signals
The current MVP works without external API keys.
URL lexical signals: HTTPS, long URL,
@/userinfo, IP literal, punycode, excessive subdomains, suspicious terms, brand-domain mismatchNetwork/HTTP signals: SSRF-safe DNS check, redirects, final-domain change, status code, content type
HTML signals: password forms, sensitive input fields, executable download links, brand impersonation terms, urgency terms
Visual signals: used only by
site_image, based on a mobile Playwright render
The classifier is intentionally conservative. Unknown, unreachable, private-network, or suspicious login-like targets are more likely to become 위험할 수 있다.
HTTP Demo Endpoints
These endpoints are not required for MCP clients, but they are useful for deployment smoke tests.
curl "http://localhost:8000/healthz"
curl "http://localhost:8000/inspect?url=https://example.com"
curl "http://localhost:8000/site-image?url=https://example.com" --output site-image.pngTo include the image in /inspect, pass include_image=true.
curl "http://localhost:8000/inspect?url=https://example.com&include_image=true"Run Locally
python3 -m venv .venv
. .venv/bin/activate
pip install -e ".[dev]"
python -m playwright install chromium
uvicorn safelink_mcp.asgi:app --host 0.0.0.0 --port 8000MCP endpoint:
http://localhost:8000/mcpFull local verification:
scripts/verify_local.shIf your Python binary is not python3:
PYTHON_BIN=.venv/bin/python scripts/verify_local.shDocker
docker build -t safe-link-visual-mcp:latest .
docker run --rm -p 8000:8000 safe-link-visual-mcp:latestIf you prefer Podman:
podman build -t safe-link-visual-mcp:latest .
podman run --rm -p 8000:8000 safe-link-visual-mcp:latestArch Linux quick install:
sudo pacman -S docker docker-buildx
sudo systemctl enable --now docker
sudo usermod -aG docker "$USER"Log out and back in after usermod, then run:
scripts/build_image.shDocker Compose:
docker compose up --build -d
docker compose logs -f safe-link-visual-mcpGit / CI Image Build
.github/workflows/container.yml runs tests, Playwright smoke tests, and Docker image builds.
mainbranch orv*tag push: pushesghcr.io/<owner>/safe-link-visual-mcpworkflow_dispatch: creates asafe-link-visual-mcp.tarimage artifact for manual upload
Source bundle without local virtualenv/cache files:
scripts/create_submission_bundle.shThe archive is written to dist/safe-link-visual-mcp-source.tar.gz.
Environment
SAFE_LINK_FAST_BUDGET=2.4
SAFE_LINK_VISUAL_BUDGET=2.8
SAFE_LINK_TIMEOUT=2
SAFE_LINK_RENDER_TIMEOUT=2
SAFE_LINK_MAX_REDIRECTS=5
MCP_TRANSPORT=streamable-http
SAFE_LINK_MCP_ALLOWED_HOSTS=safelink-visual.playmcp-endpoint.kakaocloud.io,safelink-visual.playmcp-endpoint.kakaocloud.io:*,127.0.0.1:*,localhost:*,[::1]:*
SAFE_LINK_MCP_ALLOWED_ORIGINS=https://playmcp.kakao.com,https://playmcp.kakaocloud.io,https://safelink-visual.playmcp-endpoint.kakaocloud.io,http://127.0.0.1:*,http://localhost:*,http://[::1]:*SAFE_LINK_FAST_BUDGET is the full wall-clock budget for is_safety and safety_explain. SAFE_LINK_VISUAL_BUDGET is the full wall-clock budget for site_image. When a URL is too slow, the server returns a conservative 위험할 수 있다 result instead of a raw timeout error.
MCP_TRANSPORT=stdio is available for local debugging only. PlayMCP deployment should use Streamable HTTP.
SAFE_LINK_MCP_ALLOWED_HOSTS must include the public KakaoCloud endpoint host. The MCP SDK rejects unknown Host headers with 421 Invalid Host header to reduce DNS rebinding risk.
Security Notes
file://,localhost, private IPs, link-local addresses, reserved IPs, and metadata-like targets are blocked before fetching.user:pass@hoststyle URLs are blocked because they can hide the real destination.The browser context is temporary, mobile-sized, and download-disabled.
No OAuth flow is implemented because this service does not access user accounts or store user-private data.
The result is a risk-reduction aid, not an absolute security guarantee.
PlayMCP Registration Checklist
Deploy the container to a public HTTPS domain.
Register the MCP endpoint as
https://safelink-visual.playmcp-endpoint.kakaocloud.io/mcp.Confirm the server name is
Safe Link Visual MCP.Confirm the PlayMCP identifier is
safeLinkVisual.Confirm tool names are exactly
is_safety,safety_explain, andsite_image.Upload the representative image from
assets/playmcp-cover.png.Run MCP Inspector against the public endpoint before submission.
Verify
/healthzreturns{"ok": true, "service": "safe-link-visual-mcp"}.
AGENTIC PLAYER 10 Submission Notes
Official public pages checked on 2026-07-07:
Contest page:
https://b.kakao.com/views/PlayMCP/AGENTIC_PlAYER_10Kakao press release:
https://www.kakaocorp.com/page/detail/12059
Current contest flow:
Create an MCP server endpoint on KakaoCloud.
Register that endpoint in PlayMCP Developer Console using
새로운 MCP 서버 등록.Use
임시 등록while testing. Do not submit review from a temporary server.When final, use
등록 및 심사 요청.After approval, change visibility from
나에게만 공개to전체 공개.Return to the contest page and press
Player 예선 참여.
Published schedule:
Step | Period |
Preliminary registration | 2026-06-15 ~ 2026-07-14 |
Preliminary result | 2026-07-30 |
Finalist development | 2026-07-30 ~ 2026-08-27 |
User voting | 2026-08-31 ~ 2026-09-28 |
Final award ceremony | 2026-10-23 |
Judging emphasis from the official contest page:
Creativity: Does the idea solve a problem in a new way?
Convenience: Does the UI/UX give practical everyday value?
Stability: Does it run reliably, provide accurate data, and avoid security issues?
This project is positioned for that rubric as a link safety briefing tool for non-CS users:
is_safety: quick yes/no safety decision.safety_explain: plain Korean reason and next action.site_image: compressed square visual evidence card.
PlayMCP Inspector Smoke
With dependencies installed:
PYTHON_BIN=.venv/bin/python scripts/inspect_playmcp.shThis starts the Streamable HTTP server on 127.0.0.1:8765, runs MCP Inspector tools/list, calls all three tools, and verifies site_image returns image/png.
It also opens a Python SDK Streamable HTTP session and checks protocolVersion is between 2025-03-26 and 2025-11-25.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/studyreadbook4ever/safe-link-visual-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server