npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@cybrlab/urlcheck-openclaw

v0.1.11

Published

URLCheck plugin for OpenClaw. Assess target URLs for potential threats and alignment with the user's browsing intent before agent navigation.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

luxdeveloperluxdeveloper

Keywords

openclawopenclaw-pluginmcpurl-scannersecurityphishing-detectionsafe-browsingurlcheck

Readme

URLCheck OpenClaw Plugin

Assess target URLs for potential threats and alignment with the user's browsing intent before agent navigation.

Publisher: CybrLab.ai | Service: URLCheck

This plugin connects your OpenClaw agent to the hosted URLCheck MCP endpoint over Streamable HTTP. A companion skill is included that instructs agents to assess target URLs for potential threats and alignment with the user's browsing intent before navigation.

Install

openclaw plugins install @cybrlab/urlcheck-openclaw

Restart your OpenClaw Gateway after installation.

Configure

Add to ~/.openclaw/openclaw.json:

Trial (up to 100 requests/day, no API key):

{
  "plugins": {
    "entries": {
      "urlcheck-openclaw": {
        "enabled": true,
        "config": {}
      }
    }
  }
}

Authenticated (higher limits):

{
  "plugins": {
    "entries": {
      "urlcheck-openclaw": {
        "enabled": true,
        "config": {
          "apiKey": "YOUR_API_KEY"
        }
      }
    }
  }
}

Or set the URLCHECK_API_KEY environment variable instead of putting the key in config. The plugin checks the environment variable if no apiKey is set in config.

To obtain an API key, contact [email protected].

Verify

After restarting the Gateway:

openclaw plugins list

You should see urlcheck-openclaw listed with scanner and task tools:

  • url_scanner_scan — Analyze a URL for security threats
  • url_scanner_scan_async — Analyze a URL asynchronously and return a task handle
  • url_scanner_scan_with_intent — Analyze a URL with user intent context
  • url_scanner_scan_with_intent_async — Intent-aware async scan with task handle
  • url_scanner_tasks_get — Check task status
  • url_scanner_tasks_result — Wait for task result
  • url_scanner_tasks_list — List tasks
  • url_scanner_tasks_cancel — Cancel a task

The plugin includes a bundled skill that instructs the agent to assess target URLs for threats and intent alignment before navigating. You can confirm the skill loaded:

openclaw skills list | grep urlcheck

If you install urlcheck from ClawHub separately, it still requires the @cybrlab/urlcheck-openclaw plugin because the skill depends on url_scanner_scan and url_scanner_scan_with_intent tools.

User-Ready Flow

Use this minimal flow for first-time setup:

  1. Install plugin:
openclaw plugins install @cybrlab/urlcheck-openclaw
  1. Restart gateway:
openclaw gateway restart
  1. Verify plugin and skill are available:
openclaw plugins list | grep -i urlcheck
openclaw skills list | grep -i urlcheck
openclaw skills check
  1. Run a first prompt:
Before opening https://example.com, run url_scanner_scan_with_intent with intent "log in to my account" and tell me whether I should proceed.

If urlcheck was installed from ClawHub, make sure the plugin is installed first; the skill depends on URLCheck plugin tools.

Usage

Ask your agent to scan a URL before navigating:

Before opening https://example.com, run url_scanner_scan and tell me if access should be allowed.

For intent-aware scanning (improves detection for login, purchase, download pages):

I want to log in to my bank. Scan https://example.com with url_scanner_scan_with_intent and intent "log in to bank account".

For asynchronous execution:

Start an async scan for https://example.com using url_scanner_scan_async, then poll with url_scanner_tasks_get until completed and return the result with url_scanner_tasks_result.

url_scanner_scan and url_scanner_scan_with_intent also support optional MCP-style task mode by adding:

{
  "task": {
    "ttl": 720000
  }
}

Response Fields

| Field | Type | Description | |--------------------------|-----------------|-------------------------------------------------------------------------| | risk_score | float (0.0-1.0) | Threat probability | | confidence | float (0.0-1.0) | Analysis confidence | | analysis_complete | boolean | Whether the analysis finished fully | | agent_access_directive | string | ALLOW, DENY, RETRY_LATER, or REQUIRE_CREDENTIALS | | agent_access_reason | string | Reason for the directive | | intent_alignment | string | misaligned, no_mismatch_detected, inconclusive, or not_provided |

Use agent_access_directive for navigation decisions.

Scan Timing

URL scans typically take 30-90 seconds.

  • Direct mode (sync): url_scanner_scan / url_scanner_scan_with_intent block until completion or timeout.
  • Task mode (async): use *_async tools (or pass task on base tools), then query task status/result via task tools.

Troubleshooting

| Symptom | Cause | Fix | |----------------------------------------|----------------------------------------|------------------------------------------------------------| | Plugin not listed | Not installed or Gateway not restarted | Run install command, restart Gateway | | [URLCheck] Connection failed in logs | Endpoint unreachable | Check network; verify curl https://urlcheck.ai/mcp works | | Tools not appearing | Connection failed on startup | Check Gateway logs for [URLCheck] messages | | 401 Unauthorized | API key required or invalid | Set apiKey in config or URLCHECK_API_KEY env var | | 429 Too Many Requests | Rate limit exceeded | Reduce frequency or add API key for higher limits | | Scan takes too long | Target site is slow or complex | Wait for completion; scans can take up to 90 seconds |

How It Works

This plugin is a thin wrapper. It:

  1. Registers pre-defined tool schemas as native OpenClaw agent tools
  2. Connects to https://urlcheck.ai/mcp using the MCP SDK
  3. Proxies tool calls to the remote server

No scanner logic runs locally. No files are written to your system. The plugin does not modify your OpenClaw configuration.

Security

  • No shell access. Communication uses typed JSON-RPC over HTTPS.
  • No local execution. All analysis runs on the remote URLCheck service.
  • No config mutation. The plugin never writes to ~/.openclaw/ files.
  • Auditable. Source is a single file of JavaScript. Review it yourself.

Links

Support

License

Apache License 2.0