Triage Suspicious Emails
Analyze a suspicious email's headers, links, and content to quickly determine whether it is a phishing attempt before taking any action.
Audit Email Links Before Forwarding
Check all links embedded in an email before forwarding it to colleagues or clicking them yourself.
Tool
Marketing newsletters, automated reports, and forwarded industry digests contain dozens of links — and it only takes one malicious URL embedded in otherwise legitimate content to compromise a device. The risk is higher when forwarding: the person you send it to trusts the source and is unlikely to scrutinize every link.
Phishing Email Checker scans all links embedded in an email in a single pass, flagging any that match threat feeds for malware hosting, phishing infrastructure, or suspicious redirects. You see a clean pass or a specific list of flagged URLs with the reason for each flag before you click or forward anything.
Communications teams, executive assistants, and knowledge workers who regularly curate and forward industry content use this to make sure they are not inadvertently spreading malicious links to colleagues.
Agent Guides
Claude
- Connect ToolRouter in Claude: claude mcp add toolrouter -- npx -y toolrouter-mcp
- Paste the email content and headers into the conversation.
- Ask Claude to run `check_email` via `phishing-email-checker` with a focus on embedded link safety.
ChatGPT
- Connect ToolRouter in ChatGPT: {"mcpServers":{"toolrouter":{"command":"npx","args":["-y","toolrouter-mcp"]}}}
- Paste the email content into ChatGPT.
- Ask ChatGPT to run `check_email` via `phishing-email-checker` on the embedded links.
Copilot
- Connect ToolRouter in Copilot: {"mcpServers":{"toolrouter":{"command":"npx","args":["-y","toolrouter-mcp"]}}}
- Extract the email content from your processing pipeline.
- Ask Copilot to run `check_email` via `phishing-email-checker` on the email's embedded links.
OpenClaw
- Connect ToolRouter in OpenClaw: openclaw mcp add toolrouter -- npx -y toolrouter-mcp
- Export the email batch — newsletters, forwarded content, or outbound queue — for link auditing.
- Run `phishing-email-checker` with `check_email` for each email and collect link verdicts.
Related Use Cases
Detect Executive Impersonation Attempts
Identify business email compromise attacks where fraudsters impersonate executives to request wire transfers or sensitive data.