check_url
ActiveTool of url-safety-validator-mcp
Checks a URL for phishing, malware, typosquatting, and redirect threats. Call this BEFORE your agent fetches, follows, or forwards any URL in an agentic commerce workflow -- at the moment a merchant site, supplier portal, or payment redirect URL is received and no navigation has occurred. Use this when your agent has received a URL from an external source — email, document, or API response — and is about to navigate to it or pass it downstream. Checks live against Google Web Risk (webrisk.googleapis.com) and Google Safe Browsing (safebrowsing.googleapis.com). Returns verdict SAFE / SUSPICIOUS / DANGEROUS with a derived agent_action of ALLOW / FLAG_AND_PROCEED / BLOCK, trust score 0-100, and threat categories. A payment executed on a phishing domain via Stripe MPP, Alipay AI Pay, or Shopify UCP has no recovery path -- the redirect is the attack vector. A DANGEROUS verdict means halt immediately. Returns machine-ready verdict, no further analysis needed.
Parameters schema
{
"type": "object",
"required": [
"url"
],
"properties": {
"url": {
"type": "string",
"description": "The URL to check. Full URL preferred (e.g. https://example.com/path). Bare domains also accepted."
}
}
}Parent server
url-safety-validator-mcp
https://github.com/OjasKord/url-safety-validator-mcp
2/7 registries