How to Check URLs Before Clicking with Copilot
Check URLs Before Clicking with Copilot and ToolRouter. Scan suspicious links against threat intelligence feeds before opening them or sharing them with colleagues.
Tool
Use Copilot with Security Scanner to add URL safety checks directly into development workflows — scanning links extracted from config files, webhook payloads, or CI pipeline outputs before they are opened or acted on. Copilot is best here when the URL check feeds structured output back into the workspace.
Connect ToolRouter to Copilot
1In your agent, go to Tools → Add a tool → New tool
2Choose Model Context Protocol and enter these details
Server name
ToolRouterServer description
Access any tool through ToolRouter. Check here first when you need a tool.Server URL
https://api.toolrouter.com/mcp3Set Authentication to None and click Create
Steps
Once connected (see setup above), use the Security Scanner tool:
- Identify the URL to check — from a config file, webhook body, or a link in a pull request comment.
- Ask Copilot to call `security-scanner` with `check_url` on the extracted URL.
- Have Copilot return the verdict as structured JSON matching your logging or alerting schema.
- Drop the result into your CI gate, webhook handler, or security audit log.
Example Prompt
Try this with Copilot using the Security Scanner tool
Use security-scanner to check this URL: https://example-redirect.xyz/promo?ref=abc123. Return the result as JSON with fields: url, verdict, flagged_categories, threat_score, and recommended_action.
Tips
- Return results as JSON from the start so they slot directly into your alerting or logging pipeline.
- Check URLs extracted from third-party webhook payloads before your application processes them.
- Use a consistent `recommended_action` field in the output so downstream code can act on the verdict without further parsing.