Command Palette

Search for a command to run...

UnylyUnyly
Весь каталог

PreClick — An MCP-native URL preflight scanning service for autonomous agents.

БесплатноНе проверен

PreClick scans links for threats and confirms intent match with high accuracy before agents click.

GitHubEmbed

Описание

PreClick scans links for threats and confirms intent match with high accuracy before agents click.

README

smithery badge

PreClick — An MCP-native URL preflight scanning service for autonomous agents. It scans links for threats and confirms they match the intended task before execution. Built for agentic workflows, it provides high-accuracy, context-aware browsing governance with adaptive learning.

Publisher: CybrLab.ai | Service: PreClick

Hosted Trial Tier: No API key required for up to 100 requests/day. For higher limits and stable quotas, use an API key (contact [email protected]).


Overview

PreClick is a URL security scanner and MCP server that enables AI agents and any client to analyze URLs for phishing, malware, and other security threats before navigation. Use it as a standalone URL scanner via the client libraries below, or connect directly via the MCP protocol.

Integrations

Client Libraries (Recommended)

The fastest way to add URL security scanning to any AI agent, automation pipeline, or application. These standalone URL scanner clients handle connection, polling, and error recovery out of the box — no MCP protocol knowledge or conformance required:

Package Language Install Repository
preclick Python (async, 3.10+) pip install preclick preclick-python
@cybrlab/preclick-mcp-client JavaScript/Node.js (20+) npm install @cybrlab/preclick-mcp-client preclick-mcp-client

Both libraries provide a simple scan-oriented URL security scanning API (scan(url) / scanWithIntent(url, intent)) that returns results directly — phishing detection, threat analysis, and intent alignment in a single call. No protocol vocabulary, no connect() boilerplate, no manual polling for the common case.

Framework Adapters

Integration Repository
OpenClaw plugin preclick-openclaw

Manual MCP Configuration

For MCP-native clients that speak the protocol directly, see Quick Start below.

Authentication Modes

Deployment X-API-Key Requirement Notes
Hosted (https://preclick.ai/mcp) Optional up to 100 requests/day API key recommended for higher limits
Hosted (https://preclick.ai/mcp) Required above trial quota Contact support for provisioned keys

Important Notice

This tool is intended for authorized security assessment only. Use it solely on systems or websites that you own or for which you have got explicit permission to assess. Any unauthorized, unlawful, or malicious use is strictly prohibited. You are responsible for ensuring compliance with all applicable laws, regulations, and contractual obligations.

Use Cases

  • Pre-flight URL validation for AI agents
  • Automated URL security scanning in workflows
  • Malicious link detection in emails/messages

Quick Start

1. Configure Your MCP Client

Choose one option:

Trial (hosted, up to 100 requests/day without API key):

{
  "mcpServers": {
    "preclick-mcp": {
      "transport": "streamable-http",
      "url": "https://preclick.ai/mcp"
    }
  }
}

Authenticated (recommended for stable and higher-volume usage):

{
  "mcpServers": {
    "preclick-mcp": {
      "transport": "streamable-http",
      "url": "https://preclick.ai/mcp",
      "headers": {
        "X-API-Key": "YOUR_API_KEY"
      }
    }
  }
}

2. Optional: Initialize Session (stateful mode only)

Default hosted usage is stateless. Clients send JSON-RPC messages with POST /mcp. Some Streamable HTTP clients may also probe GET /mcp for an SSE stream. On the stateless hosted deployment, /mcp does not offer an SSE stream and returns HTTP 405 Method Not Allowed. Clients should treat 405 as "no SSE stream on this endpoint" and continue using POST /mcp.

Clients should still send the standard MCP HTTP headers:

  • Accept: application/json, text/event-stream on POST
  • MCP-Protocol-Version on all non-initialize requests

The hosted deployment currently normalizes missing or incomplete POST Accept headers for compatibility. It also allows missing MCP-Protocol-Version on discovery-only POST list requests (tools/list, resources/list, prompts/list) for registry compatibility. Clients should not rely on either behavior.

# Only required if the server is running in stateful mode
curl -X POST https://preclick.ai/mcp \
  -H "Content-Type: application/json" \
  -H "Accept: application/json, text/event-stream" \
  -H "X-API-Key: YOUR_API_KEY" \
  -d '{
    "jsonrpc": "2.0",
    "id": 1,
    "method": "initialize",
    "params": {
      "protocolVersion": "2025-06-18",
      "capabilities": {},
      "clientInfo": {"name": "my-client", "version": "1.0"}
    }
  }'
# Response includes Mcp-Session-Id header - save it for subsequent requests

3. Start a Scan

url_scanner_scan supports two execution modes (the same modes apply to url_scanner_scan_with_intent):

  • Task-augmented (recommended): Include the task parameter for async execution
  • Direct: Omit the task parameter for synchronous execution
curl -X POST https://preclick.ai/mcp \
  -H "Content-Type: application/json" \
  -H "Accept: application/json, text/event-stream" \
  -H "MCP-Protocol-Version: 2025-06-18" \
  -H "X-API-Key: YOUR_API_KEY" \
  -d '{
    "jsonrpc": "2.0",
    "id": 2,
    "method": "tools/call",
    "params": {
      "name": "url_scanner_scan",
      "arguments": {
        "url": "https://example.com"
      },
      "task": {
        "ttl": 720000
      }
    }
  }'
# If stateful mode is enabled, include: -H "Mcp-Session-Id: YOUR_SESSION_ID"

Response (task submitted):

{
  "jsonrpc": "2.0",
  "id": 2,
  "result": {
    "task": {
      "taskId": "550e8400-e29b-41d4-a716-446655440000",
      "status": "working",
      "statusMessage": "Queued for processing",
      "createdAt": "2026-01-18T12:00:00Z",
      "lastUpdatedAt": "2026-01-18T12:00:00Z",
      "ttl": 720000,
      "pollInterval": 2000
    }
  }
}

Optional: Provide an url visiting intent for additional context (recommended but not required):

curl -X POST https://preclick.ai/mcp \
  -H "Content-Type: application/json" \
  -H "Accept: application/json, text/event-stream" \
  -H "MCP-Protocol-Version: 2025-06-18" \
  -H "X-API-Key: YOUR_API_KEY" \
  -d '{
    "jsonrpc": "2.0",
    "id": 3,
    "method": "tools/call",
    "params": {
      "name": "url_scanner_scan_with_intent",
      "arguments": {
        "url": "https://example.com",
        "intent": "Book a hotel room"
      },
      "task": {
        "ttl": 720000
      }
    }
  }'

Recommendation: Use url_scanner_scan_with_intent when you can state your purpose (login, purchase, booking, payments, file download) so intent/content mismatch can be considered as an additional signal. Otherwise use url_scanner_scan. Max intent length: 248 characters. Low-information or instruction-like intent strings are treated as not provided. Result includes intent_alignment (misaligned, no_mismatch_detected, inconclusive, or not_provided). no_mismatch_detected is only returned when intent analysis had sufficient evidence; if intent analysis is unavailable or evidence is limited, result is inconclusive. When intent_alignment is misaligned and confirmed by successful high-confidence analysis, the response directive is DENY with reason intent_inconsistent_destination (policy gate; risk score is unchanged). When high-confidence analysis confirms an unverified high-impact service claim with weak identity corroboration in a low-confidence context, the response directive is also DENY with reason insufficient_service_verification (policy gate; risk score is unchanged). In additional contextual low-evidence policy cases, responses may return DENY with reasons such as insufficient_service_verification or insufficient_trust_signals (policy gate; risk score is unchanged).

Direct-call timeout note: synchronous tool calls use a bounded server wait window sized for direct-only clients (hosted default 90s). If timeout is reached, the server returns JSON-RPC -32603 with error.data.taskId and error.data.pollInterval so you can continue via tasks/get / tasks/result.

Compatibility note: if your MCP client cannot call native Tasks methods (tasks/get / tasks/result), use url_scanner_async_scan or url_scanner_async_scan_with_intent to submit work and then poll with url_scanner_async_task_status / url_scanner_async_task_result. Call these compatibility tools as ordinary tools only; do not include a native MCP task parameter.

4. Poll for Results

tasks/result uses a shorter hosted blocking wait (default 30s). If this wait is exceeded, the server returns JSON-RPC -32603 with error.data.taskId and error.data.pollInterval. Native Tasks clients should prefer polling with tasks/get until status is completed, then call tasks/result to retrieve the final result immediately.

curl -X POST https://preclick.ai/mcp \
  -H "Content-Type: application/json" \
  -H "Accept: application/json, text/event-stream" \
  -H "MCP-Protocol-Version: 2025-06-18" \
  -H "X-API-Key: YOUR_API_KEY" \
  -d '{
    "jsonrpc": "2.0",
    "id": 3,
    "method": "tasks/result",
    "params": {
      "taskId": "550e8400-e29b-41d4-a716-446655440000"
    }
  }'
# If stateful mode is enabled, include: -H "Mcp-Session-Id: YOUR_SESSION_ID"

Response (completed task — CallToolResult shape, same as synchronous tools/call):

{
  "jsonrpc": "2.0",
  "id": 3,
  "result": {
    "content": [
      {
        "type": "text",
        "text": "{\"risk_score\":0.05,\"confidence\":0.95,\"analysis_complete\":true,\"agent_access_directive\":\"ALLOW\",\"agent_access_reason\":\"no_immediate_risk_detected\",\"intent_alignment\":\"not_provided\"}"
      }
    ],
    "isError": false
  }
}

Available Tools

Tool Description Execution Modes
url_scanner_scan Analyze URL for security threats Direct (sync), Task (async)
url_scanner_scan_with_intent Analyze URL with optional intent context Direct (sync), Task (async)
url_scanner_async_scan Compatibility async submit tool Tool-based async
url_scanner_async_scan_with_intent Compatibility async submit with intent Tool-based async
url_scanner_async_task_status Compatibility status polling tool Tool-based async
url_scanner_async_task_result Compatibility result polling tool Tool-based async

See Full API Documentation for detailed schemas and examples.


Authentication

Authentication requirements depend on deployment mode:

  • Hosted endpoint (https://preclick.ai/mcp): API key is optional for up to 100 requests/day.
  • Hosted endpoint above trial quota: API key required.

See Authentication Guide for details on getting API keys.


Technical Specifications

Property Value
Registry ID ai.preclick/preclick-mcp
MCP Spec 2025-06-18
Client Protocol 2025-06-18
Transport Streamable HTTP
Endpoint https://preclick.ai/mcp
Typical Scan Time Varies by target
Supported Schemes HTTP, HTTPS
Max URL Length Enforced by server

Support


License

Apache License 2.0 - See LICENSE for details.

Copyright CybrLab.ai

from github.com/cybrlab-ai/preclick-mcp

Установка PreClick — An MCP-native URL preflight scanning service for autonomous agents.

У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.

▸ github.com/cybrlab-ai/preclick-mcp

FAQ

PreClick — An MCP-native URL preflight scanning service for autonomous agents. MCP бесплатный?

Да, PreClick — An MCP-native URL preflight scanning service for autonomous agents. MCP бесплатный — установка в пару кликов через Unyly без оплаты.

Нужен ли API-ключ для PreClick — An MCP-native URL preflight scanning service for autonomous agents.?

Нет, PreClick — An MCP-native URL preflight scanning service for autonomous agents. работает без API-ключей и переменных окружения.

PreClick — An MCP-native URL preflight scanning service for autonomous agents. — hosted или self-hosted?

Доступен hosted-вариант: Unyly запускает сервер в облаке, локальная установка не обязательна.

Как установить PreClick — An MCP-native URL preflight scanning service for autonomous agents. в Claude Desktop, Claude Code или Cursor?

Открой PreClick — An MCP-native URL preflight scanning service for autonomous agents. на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.

Похожие MCP

Compare PreClick — An MCP-native URL preflight scanning service for autonomous agents. with

Не уверен что выбрать?

Найди свой стек за 60 секунд

Автор?

Embed-бейдж для README

Похожее

Все в категории development