PreClick — An MCP-native URL preflight scanning service for autonomous agents.

PreClick scans links for threats and confirms intent match with high accuracy before agents click.

6Apache-2.0other

Install

Config snippet generator goes here (5 client tabs)

README

# PreClick MCP Server

[![smithery badge](https://smithery.ai/badge/cybrlab-ai/urlcheck-mcp)](https://smithery.ai/server/cybrlab-ai/urlcheck-mcp)

> **PreClick — An MCP-native URL preflight scanning service for autonomous agents. It scans links for threats and confirms they match the intended task before execution. Built for agentic workflows, it provides high-accuracy, context-aware browsing governance with adaptive learning.**

**Publisher:** [CybrLab.ai](https://cybrlab.ai) | **Service:** [PreClick](https://preclick.ai)

**Hosted Trial Tier:** No API key required for up to 100 requests/day. For higher limits and stable quotas, use an API key (contact [contact@cybrlab.ai](mailto:contact@cybrlab.ai)).

---

## Overview

PreClick is an MCP server that enables AI agents and any MCP-compatible client to analyze URLs for malicious content and security threats before navigation.

## Integrations

PreClick works with any MCP-compatible client. For framework-specific adapters:

| Integration           | Repository                                                             |
|-----------------------|------------------------------------------------------------------------|
| LangChain / LangGraph | [langchain-urlcheck](https://github.com/cybrlab-ai/langchain-urlcheck) |
| OpenClaw plugin       | [urlcheck-openclaw](https://github.com/cybrlab-ai/urlcheck-openclaw)   |

For manual MCP bridge configuration (any client), see [Quick Start](#quick-start) below.

## Authentication Modes

| Deployment                         | `X-API-Key` Requirement         | Notes                                 |
|------------------------------------|---------------------------------|---------------------------------------|
| Hosted (`https://preclick.ai/mcp`) | Optional up to 100 requests/day | API key recommended for higher limits |
| Hosted (`https://preclick.ai/mcp`) | Required above trial quota      | Contact support for provisioned keys  |

## Important Notice

This tool is intended for authorized security assessment only. Use it solely on systems or websites that you own or for which you have got explicit permission to assess. Any unauthorized, unlawful, or malicious use is strictly prohibited. You are responsible for ensuring compliance with all applicable laws, regulations, and contractual obligations.

### Use Cases

- Pre-flight URL validation for AI agents
- Automated URL security scanning in workflows
- Malicious link detection in emails/messages

---

## Quick Start

### 1. Configure Your MCP Client

Choose one option:

Trial (hosted, up to 100 requests/day without API key):

```json
{
  "mcpServers": {
    "preclick-mcp": {
      "transport": "streamable-http",
      "url": "https://preclick.ai/mcp"
    }
  }
}
```

Authenticated (recommended for stable and higher-volume usage):

```json
{
  "mcpServers": {
    "preclick-mcp": {
      "transport": "streamable-http",
      "url": "https://preclick.ai/mcp",
      "headers": {
        "X-API-Key": "YOUR_API_KEY"
      }
    }
  }
}
```

### 2. Optional: Initialize Session (stateful mode only)

Default hosted usage is stateless and works with POST `/mcp` only. Some Streamable HTTP clients may still probe `GET /mcp`; in stateless mode the server correctly returns `405 Method Not Allowed` and the client should continue with POST.

```bash
# Only required if the server is running in stateful mode
curl -X POST https://preclick.ai/mcp \
  -H "Content-Type: application/json" \
  -H "Accept: application/json, text/event-stream" \
  -H "X-API-Key: YOUR_API_KEY" \
  -d '{
    "jsonrpc": "2.0",
    "id": 1,
    "method": "initialize",
    "params": {
      "protocolVersion": "2025-06-18",
      "capabilities": {},
      "clientInfo": {"name": "my-client", "version": "1.0"}
    }
  }'
# Response includes Mcp-Session-Id header - save it for subsequent requests
```

### 3. Start a Scan

`url_scanner_scan` supports two execution modes (the same modes apply to `url_scanner_scan_with_intent`):
- **Task-augmented (recommended)**: Include the `task` parameter for async execution
- **Direct**: Omit the `task` parameter for synchronous execution

```bash
curl -X POST https://preclick.ai/mcp \
  -H "Content-Type: application/json" \
  -H "Accept: application/json, text/event-stream" \
  -H "MCP-Protocol-Version: 2025-06-18" \
  -H "X-API-Key: YOUR_API_KEY" \
  -d '{
    "jsonrpc": "2.0",
    "id": 2,
    "method": "tools/call",
    "params": {
      "name": "url_scanner_scan",
      "arguments": {
        "url": "https://example.com"
      },
      "task": {
        "ttl": 720000
      }
    }
  }'
# If stateful mode is enabled, include: -H "Mcp-Session-Id: YOUR_SESSION_ID"
```

Response (task submitted):
```json
{
  "jsonrpc": "2.0",
  "id": 2,
  "result": {
    "task": {
      "taskId": "550e8400-e29b-41d4-a716-446655440000",
      "status": "working",
      "statusMessage": "Queued for processing",
      "createdAt": "2026-01-18T12:00:00Z",
      "lastUpdatedAt": "2026-01-18T12:00:00Z",