PreClick MCP Server
PreClick — An MCP-native URL preflight scanning service for autonomous agents. It scans links for threats and confirms they match the intended task before execution. Built for agentic workflows, it provides high-accuracy, context-aware browsing governance with adaptive learning.
Publisher: CybrLab.ai | Service: PreClick
Hosted Trial Tier: No API key required for up to 100 requests/day. For higher limits and stable quotas, use an API key (contact contact@cybrlab.ai).
Overview
PreClick is an MCP server that enables AI agents and any MCP-compatible client to analyze URLs for malicious content and security threats before navigation.
Integrations
PreClick works with any MCP-compatible client. For framework-specific adapters:
| Integration | Repository |
|-----------------------|------------------------------------------------------------------------|
| OpenClaw plugin | preclick-openclaw |
For manual MCP bridge configuration (any client), see Quick Start below.
Authentication Modes
| Deployment | X-API-Key Requirement | Notes |
|------------------------------------|---------------------------------|---------------------------------------|
| Hosted (https://preclick.ai/mcp) | Optional up to 100 requests/day | API key recommended for higher limits |
| Hosted (https://preclick.ai/mcp) | Required above trial quota | Contact support for provisioned keys |
Important Notice
This tool is intended for authorized security assessment only. Use it solely on systems or websites that you own or for which you have got explicit permission to assess. Any unauthorized, unlawful, or malicious use is strictly prohibited. You are responsible for ensuring compliance with all applicable laws, regulations, and contractual obligations.
Use Cases
- Pre-flight URL validation for AI agents
- Automated URL security scanning in workflows
- Malicious link detection in emails/messages
Quick Start
1. Configure Your MCP Client
Choose one option:
Trial (hosted, up to 100 requests/day without API key):
{
"mcpServers": {
"preclick-mcp": {
"transport": "streamable-http",
"url": "https://preclick.ai/mcp"
}
}
}
Authenticated (recommended for stable and higher-volume usage):
{
"mcpServers": {
"preclick-mcp": {
"transport": "streamable-http",
"url": "https://preclick.ai/mcp",
"headers": {
"X-API-Key": "YOUR_API_KEY"
}
}
}
}
2. Optional: Initialize Session (stateful mode only)
Default hosted usage is stateless. Clients send JSON-RPC messages with POST /mcp.
Some Streamable HTTP clients may also probe GET /mcp for an SSE stream. On the stateless hosted deployment, /mcp does not offer an SSE stream and returns HTTP 405 Method Not Allowed. Clients should treat 405 as "no SSE stream on this endpoint" and continue using POST /mcp.
Clients should still send the standard MCP HTTP headers:
Accept: application/json, text/event-stream on POSTMCP-Protocol-Version on all non-initialize requests
The hosted deployment currently normalizes missing or incomplete POST Accept headers for compatibility. It also allows missing MCP-Protocol-Version on discovery-only POST list requests (tools/list, resources/list, prompts/list) for registry compatibility. Clients should not rely on either behavior.
# Only required if the server is running in stateful mode
curl -X POST https://preclick.ai/mcp \
-H "Content-Type: application/json" \
-H "Accept: applica
... [View full README on GitHub](https://github.com/cybrlab-ai/preclick-mcp#readme)
