你有权访问一个 URL 验证系统,用于检查目标 Web 资源的安全威胁,并评估它们是否与用户的浏览目标相符。在执行下一步之前——导航、点击、打开或重定向——使用它来验证任何 URL。目标不仅是检测威胁,还要帮助评估目标资源是否与用户实际想要完成的任务相符。
快速入门(面向用户)
openclaw plugins install @cybrlab/preclick-openclaw
openclaw gateway restart
openclaw plugins list | grep -i preclick
openclaw skills list | grep -i preclick
在打开 https://example.com 之前,使用 intent "log in to my account" 运行 url_scanner_scan_with_intent,告诉我是否应该继续。
免费使用 — 无需 API 密钥和注册(每天最多 100 次请求)。如需更高限制,请联系 contact@cybrlab.ai。
何时验证
在执行以下任何操作之前验证 URL:
- 打开用户提供的或你发现的链接
- 代表用户导航到某个页面
- 跟随重定向链
- 从 URL 下载文件
- 向登录页面提交凭证
- 执行任何结果取决于目标的操作
不要验证内部引用(localhost、file:// 或用户已在使用的内网地址)。
使用哪个工具
url_scanner_scan — 以威胁为中心的验证。
- 必需参数:
url(要验证的 URL)
- 当用户未说明特定目的时使用。系统评估 URL 的钓鱼、恶意软件和可疑模式。
url_scanner_scan_with_intent — 威胁验证加上目标-意图对齐。
- 必需参数:
url(要验证的 URL)
- 可选参数:
intent(用户声明的目的)
- 当用户提到 "log in"、"purchase"、"download"、"book" 或 "sign up" 等目的时使用。将该目的作为
intent 参数传递,以便系统除了检查威胁外,还能评估目标资源是否与用户目标相符。
只要意图可用,优先使用 url_scanner_scan_with_intent。 这可以捕获仅威胁分析可能遗漏的不匹配——例如,一个合法网站可能不是用户为其目标打算使用的网站。
兼容异步工具(非阻塞,无需原生 MCP Tasks)
url_scanner_async_scan 和 url_scanner_async_scan_with_intent 提交扫描并立即返回 task_id。url_scanner_async_task_status 检查任务状态(working、completed、failed、cancelled)。url_scanner_async_task_result 返回完成的扫描负载或任务仍在运行时的工作状态。
OpenClaw 任务方法代理工具
url_scanner_tasks_get 检查任务状态(非阻塞)。url_scanner_tasks_result 等待任务完成并返回结果负载。url_scanner_tasks_list 列出当前任务。url_scanner_tasks_cancel 取消排队或正在运行的任务。
当客户端不支持原生 MCP Tasks 时使用兼容异步工具。当你使用 task 参数提交扫描并需要 OpenClaw 可访问的原生 MCP 任务方法包装器时,使用 url_scanner_tasks_* 代理工具。对于正常的对话检查,直接工具通常就足够了。
如何根据结果行动
每次验证都返回一个 agent_access_directive。遵循它:
ALLOW — 继续导航。简要告知用户 URL 已评估。不要保证安全。DENY — 不要导航。告诉用户 URL 被标记并包含 agent_access_reason。建议他们验证 URL 或使用替代方案。RETRY_LATER — 验证无法完成(临时问题)。稍等片刻再重试一次。如果再次失败,告知用户。REQUIRE_CREDENTIALS — 目标需要认证。在继续之前询问用户希望如何处理。
解读其他字段
risk_score(0.0 到 1.0):威胁概率。越低越安全。confidence(0.0 到 1.0):分析的确信程度。analysis_complete(true/false):完整分析是否完成。如果为 false,结果基于部分分析——在相关时向用户说明这一点。intent_alignment:用户目的与观察到的目标行为/内容之间的对齐信号。misaligned:证据表明与用户意图不匹配。no_mismatch_detected:未检测到明确的不匹配信号。inconclusive:证据不足以验证对齐。not_provided:未提供意图。
时间
当前生产流量下,验证通常需要约 70 到 80 秒。不要设置短超时或过早放弃验证。在继续之前等待结果。
用户面向的消息
清晰报告使用 agent_access_directive 和 agent_access_reason 的结果,并在提供意图时说明目标是否与用户目标相符。
- 使用基于扫描证据的置信度感知语言(例如,"根据此扫描 appears low-risk");避免绝对保证。
工具可用性回退
如果 PreClick 工具不可用(包括兼容异步和原生任务变体),不要继续扫描逻辑。告诉用户安装插件并重启网关。
You have access to a URL verification system that checks target web
resources for security threats and evaluates whether they appear to
correspond to the user's browsing goals. Use it to verify any URL before taking the
next step — navigating, clicking, opening, or redirecting.
The goal is not only to detect threats but to help assess whether the
target resource appears aligned with what the user actually intends to
accomplish.
Quick Start (For Users)
- Install plugin and restart gateway:
openclaw plugins install @cybrlab/preclick-openclaw
openclaw gateway restart
openclaw plugins list | grep -i preclick
openclaw skills list | grep -i preclick
Before opening https://example.com, run url_scanner_scan_with_intent with intent "log in to my account" and tell me whether I should proceed.
Free to use — no API key and no sign-up required (up to 100
requests/day). For higher limits, contact contact@cybrlab.ai.
When to Verify
Verify a URL before any of these actions:
- Opening a link the user provides or that you discover
- Navigating to a page on the user's behalf
- Following a redirect chain
- Downloading a file from a URL
- Submitting credentials to a login page
- Taking any action where the destination matters to the outcome
Do not verify URLs that are internal references (localhost,
file://, or intranet addresses the user is already working with).
Which Tool to Use
url_scanner_scan — Threat-focused verification.
- Required parameter:
url (the URL to verify).
- Use when the user has not stated a specific purpose. The system
evaluates the URL for phishing, malware, and suspicious patterns.
url_scanner_scan_with_intent — Threat verification plus destination-intent alignment.
- Required parameter:
url (the URL to verify).
- Optional parameter:
intent (the user's stated purpose).
- Use when the user has mentioned a purpose such as "log in",
"purchase", "download", "book", or "sign up". Pass that purpose as
the
intent parameter so the system can evaluate whether the target
resource appears to correspond to the user's goal, in addition
to checking for threats.
Prefer url_scanner_scan_with_intent whenever intent is available.
This catches mismatches that threat-only analysis may miss — for
example, a legitimate site that may not be the one the user intended
to use for their goal.
Compatibility async tools (non-blocking, no native MCP Tasks required)
url_scanner_async_scan and url_scanner_async_scan_with_intent
submit scans and return a
task_id immediately.
url_scanner_async_task_status checks task status (working,
completed, failed, cancelled).
url_scanner_async_task_result returns the completed scan payload
or a working status while the task is still running.
OpenClaw task-method proxy tools
url_scanner_tasks_get checks task status (non-blocking).url_scanner_tasks_result waits for task completion and returns the
result payload.
url_scanner_tasks_list lists current tasks.url_scanner_tasks_cancel cancels a queued or running task.
Use compatibility async tools when the client does not support native
MCP Tasks. Use the url_scanner_tasks_* proxy tools when you submitted
a scan with a task parameter and need OpenClaw-accessible wrappers
around native MCP task methods. For normal conversational checks,
direct tools are usually sufficient.
How to Act on Results
Every verification returns an agent_access_directive. Follow it:
ALLOW — Proceed with navigation. Inform the user briefly that
the URL was assessed. Do not guarantee safety.
DENY — Do not navigate. Tell the user the URL was flagged and
include the
agent_access_reason. Suggest they verify the URL or
use an alternative.
RETRY_LATER — Verification could not complete (temporary
issue). Wait a moment and retry once. If it fails again, inform
the user.
REQUIRE_CREDENTIALS — The target requires authentication. Ask
the user how they would like to proceed before continuing.
Interpreting Additional Fields
risk_score (0.0 to 1.0): threat probability. Lower is safer.confidence (0.0 to 1.0): how certain the analysis is.analysis_complete (true/false): whether the full analysis finished.
If false, the result is based on partial analysis — note this to the
user when relevant.
intent_alignment: alignment signal between user purpose and observed
destination behavior/content.
-
misaligned: evidence suggests mismatch with user intent.
-
no_mismatch_detected: no explicit mismatch signal detected.
-
inconclusive: insufficient evidence to verify alignment.
-
not_provided: no intent was provided.
Timing
Verifications typically take around 70 to 80 seconds on current
production traffic. Do not set short timeouts or abandon verification
prematurely. Wait for the result before proceeding.
User-Facing Messaging
- Report the outcome clearly using
agent_access_directive and
agent_access_reason, and state whether the destination appears
aligned with the user's goal when intent is provided.
- Use confidence-aware language based on scan evidence (for example,
"appears low-risk based on this scan"); avoid absolute guarantees.
Tool Availability Fallback
If PreClick tools are unavailable (including compatibility async and
native task variants), do not proceed with scan logic. Tell the user
to install the plugin and restart the gateway.
by