Tools / Phishing Email Checker

Check Email

Score a suspicious email for phishing risk using sender clues, message content, headers, screenshots, and link checks.

Returns: A phishing verdict with scored evidence, sender and header findings, link checks, and a recommended next action

Parameters

subjectstringEmail subject line if available

fromstringSender line such as "PayPal Support <alerts@example.com>" or just the sender email address

email_textstringCopied plain text or HTML-stripped email body content

raw_headersstringOptional raw email headers including Authentication-Results, Reply-To, and Return-Path

image_urlstringOptional public URL of a screenshot or image of the email for vision analysis

linksarrayOptional list of URLs found in the email body or buttons (max 10 is recommended)

check_live_sourcesbooleanWhether to enrich with live domain and link lookups. Set false for a local heuristics-only pass.

Example

Score a suspicious payroll email from copied text only

curl -H "Authorization: Bearer $TOOLROUTER_API_KEY" \
  -d '{
  "tool": "phishing-email-checker",
  "skill": "check_email",
  "input": {
    "subject": "Urgent: direct deposit update required",
    "from": "Payroll Support <payroll-update@gmail.com>",
    "email_text": "Please verify your payroll account immediately to avoid delayed salary payment. Reply with your bank details today.",
    "check_live_sources": false
  }
}' \
  https://api.toolrouter.com/v1/tools/call

Quick Start

MCP (Claude Code)

claude mcp add --transport stdio \
  --env TOOLROUTER_API_KEY=YOUR_API_KEY \
  toolrouter -- npx -y toolrouter-mcp

REST API

curl -H "Authorization: Bearer $TOOLROUTER_API_KEY" \
  -d '{"tool":"phishing-email-checker","skill":"check_email","input":{}}' \
  https://api.toolrouter.com/v1/tools/call