Investigate Suspicious IP Addresses
Check IP addresses against abuse databases and threat feeds to assess risk before allowing traffic into your network.
Check URLs Before Clicking
Scan suspicious links against threat intelligence feeds before opening them or sharing them with colleagues.
Tool
A single malicious link in a Slack message, email, or document can compromise an entire network. Security teams and cautious individuals face a daily stream of URLs they can't fully trust — shortened links, unfamiliar domains, redirects from automated reports. Checking each one manually across multiple databases wastes time and still misses coverage.
Security Scanner queries URLs against multiple threat intelligence feeds simultaneously, surfacing malware hosting, phishing flags, and reputation scores in a single pass. You get a verdict without opening the page yourself.
Security analysts, IT administrators, and operations teams use this to triage suspicious links from end-user reports, audit links extracted from documents, and add a safety gate before automated workflows open external URLs.
Agent Guides
Claude
- Connect ToolRouter in Claude: claude mcp add toolrouter -- npx -y toolrouter-mcp
- Paste the suspicious URL into the conversation and ask Claude to check it.
- Claude calls `security-scanner` with `check_url` and returns the threat intelligence verdict.
ChatGPT
- Connect ToolRouter in ChatGPT: {"mcpServers":{"toolrouter":{"command":"npx","args":["-y","toolrouter-mcp"]}}}
- Paste the URL and ask ChatGPT to run a threat intelligence check via ToolRouter.
- ChatGPT calls `security-scanner` with `check_url` and collects the raw verdict.
Copilot
- Connect ToolRouter in Copilot: {"mcpServers":{"toolrouter":{"command":"npx","args":["-y","toolrouter-mcp"]}}}
- Identify the URL to check — from a config file, webhook body, or a link in a pull request comment.
- Ask Copilot to call `security-scanner` with `check_url` on the extracted URL.
OpenClaw
- Connect ToolRouter in OpenClaw: openclaw mcp add toolrouter -- npx -y toolrouter-mcp
- Prepare the list of URLs to scan — from a report, crawl output, or email archive.
- Run `security-scanner` with `check_url` for each URL and collect the verdicts in a normalized schema.
Related Use Cases
Scan Domain Reputation
Check domains against threat intelligence feeds to catch malicious infrastructure, brand impersonation, and newly registered lookalikes.
Verify File Hashes for Malware
Check MD5, SHA1, or SHA256 file hashes against threat intelligence databases to determine if a file is known malware before executing it.
Generate a Security Report
Run a comprehensive security assessment across a domain or IP and get a structured report covering all threat vectors in one pass.