MCPSafe

PreClick — An MCP-native URL preflight scanning service for autonomous agents.

A
8.0

PreClick scans links for threats and confirms intent match with high accuracy before agents click.

streamable-httpsecurityautomation

Installation

Claude Desktop config (remote)

{
  "mcpServers": {
    "ai-preclick-preclick-mcp": {
      "type": "streamable-http",
      "url": "https://preclick.ai/mcp"
    }
  }
}

Cursor config

{
  "mcpServers": {
    "ai-preclick-preclick-mcp": {
      "url": "https://preclick.ai/mcp"
    }
  }
}

Security Report

Score Breakdown

Description10
Permissions10
Behavior6
Stability--

Findings (5)

medium
network-access

Remote HTTP Endpoint Without Visible Authentication

Server operates as a remote HTTP service (streamable-http) at https://preclick.ai/mcp. Remote endpoints inherently accept connections from the internet and require authentication mechanisms to prevent unauthorized access. No authentication details are visible in the provided metadata.

medium
vague-description

Vague Capability Claims

The description uses broad language like 'scans links for threats' and 'confirms intent match with high accuracy' without specifying what threat detection methods are used, what data is analyzed, or how intent matching works. This vagueness makes it difficult to assess actual capabilities and potential risks.

low
excessive-scope

Broad Scope for a Preflight Service

A URL preflight scanning service should have a narrow, well-defined scope (validate URLs, check for malware signatures, etc.). The claim to 'confirm intent match' is vague and suggests broader behavioral analysis capabilities than typical for a link scanner.

info
info

No Tools Currently Available

The server reports 0 tools and no resources. This is unusual for a functional MCP server and suggests either the server is not fully initialized, tools are dynamically loaded, or metadata is incomplete.

info
vague-description

Semantic Analysis Summary

PreClick presents moderate security concerns due to its remote HTTP endpoint without documented authentication, vague capability descriptions, and unusually broad scope for a URL scanner. While the project has good trust signals (public repository, website, known author), the lack of visible tools and unclear threat detection methodology warrant caution. Recommend verifying authentication mechanisms and requesting detailed documentation of scanning capabilities before deployment.

Last scanned 54m ago

Details

Version
0.2.0
Transport
streamable-http
Capabilities
Repository
cybrlab-ai/preclick-mcp
Website
preclick.ai