# Send URLCheck : URL security scanner to your agent
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
## Fast path
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
## Suggested prompts
### New install

```text
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
```
### Upgrade existing

```text
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
```
## Machine-readable fields
```json
{
  "schemaVersion": "1.0",
  "item": {
    "slug": "urlcheck",
    "name": "URLCheck : URL security scanner",
    "source": "tencent",
    "type": "skill",
    "category": "开发工具",
    "sourceUrl": "https://clawhub.ai/cplusdev/urlcheck",
    "canonicalUrl": "https://clawhub.ai/cplusdev/urlcheck",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadUrl": "/downloads/urlcheck",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=urlcheck",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "packageFormat": "ZIP package",
    "primaryDoc": "SKILL.md",
    "includedAssets": [
      "SKILL.md"
    ],
    "downloadMode": "redirect",
    "sourceHealth": {
      "source": "tencent",
      "slug": "urlcheck",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-05-10T09:18:56.078Z",
      "expiresAt": "2026-05-17T09:18:56.078Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=urlcheck",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=urlcheck",
        "contentDisposition": "attachment; filename=\"urlcheck-1.2.2.zip\"",
        "redirectLocation": null,
        "bodySnippet": null,
        "slug": "urlcheck"
      },
      "scope": "item",
      "summary": "Item download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this item.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/urlcheck"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    }
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/urlcheck",
    "downloadUrl": "https://openagent3.xyz/downloads/urlcheck",
    "agentUrl": "https://openagent3.xyz/skills/urlcheck/agent",
    "manifestUrl": "https://openagent3.xyz/skills/urlcheck/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/urlcheck/agent.md"
  }
}
```
## Documentation

### URLCheck - Intent-aware URL security verifier for agents

You have access to a URL verification system that checks target web
resources for security threats and evaluates whether they appear to
correspond to the user's browsing goals. Use it to verify any URL before taking the
next step — navigating, clicking, opening, or redirecting.

The goal is not only to detect threats but to help assess whether the
target resource appears aligned with what the user actually intends to
accomplish.

### Quick Start (For Users)

Install plugin and restart gateway:

openclaw plugins install @cybrlab/urlcheck-openclaw
openclaw gateway restart

Verify plugin and skill:

openclaw plugins list | grep -i urlcheck
openclaw skills list | grep -i urlcheck

Try it:

Before opening https://example.com, run url_scanner_scan_with_intent with intent "log in to my account" and tell me whether I should proceed.

No API key is needed for trial mode (up to 100 requests/day). For
higher limits, contact contact@cybrlab.ai.

### When to Verify

Verify a URL before any of these actions:

Opening a link the user provides or that you discover
Navigating to a page on the user's behalf
Following a redirect chain
Downloading a file from a URL
Submitting credentials to a login page
Taking any action where the destination matters to the outcome

Do not verify URLs that are internal references (localhost,
file://, or intranet addresses the user is already working with).

### Which Tool to Use

url_scanner_scan — Threat-focused verification.

Required parameter: url (the URL to verify).
Use when the user has not stated a specific purpose. The system
evaluates the URL for phishing, malware, and suspicious patterns.

url_scanner_scan_with_intent — Threat verification plus destination-intent alignment.

Required parameter: url (the URL to verify).
Optional parameter: intent (the user's stated purpose).
Use when the user has mentioned a purpose such as "log in",
"purchase", "download", "book", or "sign up". Pass that purpose as
the intent parameter so the system can evaluate whether the target
resource appears to correspond to the user's goal, in addition
to checking for threats.

Prefer url_scanner_scan_with_intent whenever intent is available.
This catches mismatches that threat-only analysis may miss — for
example, a legitimate site that may not be the one the user intended
to use for their goal.

Async workflow tools (non-blocking)

url_scanner_scan_async and url_scanner_scan_with_intent_async
start scans and return a task handle immediately.
url_scanner_tasks_get checks task status.
url_scanner_tasks_result returns the completed scan payload.
url_scanner_tasks_list lists current tasks.
url_scanner_tasks_cancel cancels a queued or running task.

Use async tools when you need non-blocking execution or explicit task
lifecycle control. For normal conversational checks, direct tools are
usually sufficient.

### How to Act on Results

Every verification returns an agent_access_directive. Follow it:

ALLOW — Proceed with navigation. Inform the user briefly that
the URL was assessed. Do not guarantee safety.
DENY — Do not navigate. Tell the user the URL was flagged and
include the agent_access_reason. Suggest they verify the URL or
use an alternative.
RETRY_LATER — Verification could not complete (temporary
issue). Wait a moment and retry once. If it fails again, inform
the user.
REQUIRE_CREDENTIALS — The target requires authentication. Ask
the user how they would like to proceed before continuing.

### Interpreting Additional Fields

risk_score (0.0 to 1.0): threat probability. Lower is safer.
confidence (0.0 to 1.0): how certain the analysis is.
analysis_complete (true/false): whether the full analysis finished.
If false, the result is based on partial analysis — note this to the
user when relevant.
intent_alignment: alignment signal between user purpose and observed
destination behavior/content.

misaligned: evidence suggests mismatch with user intent.
no_mismatch_detected: no explicit mismatch signal detected.
inconclusive: insufficient evidence to verify alignment.
not_provided: no intent was provided.

### Timing

Verifications typically take 30 to 90 seconds. Do not set short
timeouts or abandon verification prematurely. Wait for the result
before proceeding.

### User-Facing Messaging

Report the outcome clearly using agent_access_directive and
agent_access_reason, and state whether the destination appears
aligned with the user's goal when intent is provided.
Use confidence-aware language based on scan evidence (for example,
"appears low-risk based on this scan"); avoid absolute guarantees.

### Tool Availability Fallback

If URLCheck tools are unavailable (including async/task variants), do
not proceed with scan logic. Tell the user to install the plugin and
restart the gateway.
## Trust
- Source: tencent
- Verification: Indexed source record
- Publisher: cplusdev
- Version: 1.0.4
## Source health
- Status: healthy
- Item download looks usable.
- Yavira can redirect you to the upstream package for this item.
- Health scope: item
- Reason: direct_download_ok
- Checked at: 2026-05-10T09:18:56.078Z
- Expires at: 2026-05-17T09:18:56.078Z
- Recommended action: Download for OpenClaw
## Links
- [Detail page](https://openagent3.xyz/skills/urlcheck)
- [Send to Agent page](https://openagent3.xyz/skills/urlcheck/agent)
- [JSON manifest](https://openagent3.xyz/skills/urlcheck/agent.json)
- [Markdown brief](https://openagent3.xyz/skills/urlcheck/agent.md)
- [Download page](https://openagent3.xyz/downloads/urlcheck)