home / mcp / urlcheck mcp server
Provides an MCP endpoint to analyze URLs for security threats before navigation, with optional API key-based authentication for higher usage.
Configuration
View docs{
"mcpServers": {
"cybrlab-ai-urlcheck-mcp": {
"url": "https://urlcheck.ai/mcp"
}
}
}URLCheck is an MCP server that helps you analyze URLs for malicious content and security threats before your AI agents or MCP-compatible clients navigate them. It protects workflows by validating that URLs align with the agent’s intended goals and by detecting unsafe links in security-conscious pipelines.
You use URLCheck by configuring your MCP client to point at the hosted MCP endpoint and, if needed, supplying an API key for higher usage. Your client can submit URL analysis requests to determine risk, confidence, and agent directives before taking actions. Use the intent-aware endpoint when you want the analysis to consider the stated purpose of visiting a URL (for example, logging in, making a purchase, or downloading a file). You can run synchronous scans for immediate results or asynchronous scans when you want to queue work and poll for results.
No local server installation is required to use URLCheck. You can leverage the hosted MCP endpoint directly from your MCP client. If you prefer to integrate via an MCP client, set the transport to streamable HTTP and configure the endpoint URL as shown in the Quick Start examples.
Important usage notes to keep in mind as you integrate URLCheck: the hosted endpoint supports up to 100 requests per day without an API key. For higher limits, obtain an API key and include it in your requests. Ensure you pass the X-API-Key header when you need to authenticate. Always follow your security policies and obtain proper authorization before scanning URLs.
Typical use cases include pre-flight URL validation for AI agents, automated URL security scanning within workflows, and malicious link detection in emails or messages. When you need to provide context about the action you plan to take with a URL, you can include an intent to improve detection of mismatches between stated purpose and the target site.
Deployment is hosted at the URL URLCheck provides. You can access the endpoint with or without an API key depending on your quota needs. If you exceed the trial quota, obtain an API key from the service provider to continue making requests.
Use of URLCheck is restricted to authorized environments. You are responsible for complying with all applicable laws, regulations, and contractual obligations when conducting URL assessments. Do not use this tool on systems or websites for which you do not have explicit permission.
Supported actions include analyzing a URL for security threats, optionally including intent context for more precise evaluation, and returning a risk score, confidence, and an agent directive that indicates whether to ALLOW or BLOCK the URL. The service is designed to integrate with any MCP-compatible client.
Configure your MCP client to target the hosted endpoint and, if needed, supply an API key in the request headers. Use the direct scan workflow for immediate results or the task workflow to process scans asynchronously and poll for results later.
The hosted endpoint is identified as urlcheck-mcp, and you can reference it in your MCP client configuration. If you need higher request quotas, contact the provider to provision API keys and set appropriate rate limits.
If you encounter rate limit issues, verify whether you are within the trial quota or whether your API key is correctly configured. Check that you are sending the required MCP protocol headers and that your client is targeting the correct hosted URL.
Use of the service is restricted to authorized deployments. Misuse or unauthorized scanning may violate laws or contractual obligations. Always ensure you have explicit permission to analyze any URL.
Analyze a URL for security threats with direct (sync) or task-based (async) execution modes.
Analyze a URL with optional intent context to detect mismatches between stated purpose and target site, available in direct or task-based execution modes.