integrations.sh
← all integrations

Malwarebytes

MCP server claudeopenai

Verify links, emails, phone numbers, and domains against Malwarebytes threat intelligence directly from Claude. Get instant scam verdicts, domain ownership details, and risk levels for unknown callers, shortened URLs, and suspicious messages before you click, call, or reply. Report suspicious indicators back to Malwarebytes to help protect others.

Homepage
https://help.malwarebytes.com/hc/en-us/articles/47985341083675-Using-Malwarebytes-in-Claude
Remote URL
https://scamguard.malwarebytes.com/claude/mcp
Transport
streamable-http
Auth
NONE

Tools (6)

Extracted live via the executor SDK.

  • reputation-check_link

    Use this when you need to check if a link or URL is safe, suspicious, or malicious.

    Provides reputation verdict based on threat intelligence database. Returns one of:

    • malicious: Confirmed harmful link
    • suspicious: Potentially dangerous link
    • safe: Verified safe link
    • unknown: No threat intelligence available

    Cross-tool workflow:

    • For unknown or suspicious verdicts, consider using reputation-whois to check domain registration details (age, registrar, abuse contact).
    • If the URL redirects to a different domain, consider scanning the destination URL separately.
    • If the URL came from an email or text message, consider checking the sender with reputation-check_email or reputation-check_phone.

    Do not use this for general web searches, content fetching, or webpage analysis.

  • reputation-check_phone

    Use this when you need to check if a phone number is associated with scams or suspicious activity.

    Provides reputation verdict and additional phone information. Returns one of:

    • malicious: Confirmed scam or spam phone number
    • suspicious: Potentially dangerous number
    • safe: Verified legitimate number
    • unknown: No threat intelligence available

    Also provides optional details like carrier, location, and phone type when available.

    Cross-tool workflow:

    • If the caller provided links, consider scanning them with reputation-check_link.
    • If the caller provided email addresses, consider scanning them with reputation-check_email.

    Do not use this for phone number lookups, caller ID services, or general phone directory searches.

  • reputation-check_email

    Use this when you need to check if an email address is associated with phishing, scams, or malicious activity.

    Checks the email domain against threat intelligence database. Returns one of:

    • malicious: Confirmed phishing or malicious email domain
    • suspicious: Potentially dangerous email domain
    • safe: Verified legitimate email domain
    • unknown: No threat intelligence available

    Cross-tool workflow:

    • If the email contains URLs, consider scanning them with reputation-check_link.
    • If the email contains phone numbers, consider scanning them with reputation-check_phone.
    • For unknown or suspicious verdicts, consider using reputation-whois to check domain registration details (age, registrar, abuse contact).

    Do not use this for email validation, mailbox verification, or general email lookup services.

  • reputation-report

    Use this when a user wants to report a suspicious link, email address, or phone number.

    Submits the indicator to the threat intelligence system for analysis. Only use when explicitly requested by the user.

    Do not use this to automatically report every checked item.

  • reputation-whois

    Use this when you need to look up domain registration information to verify legitimacy or identify suspicious patterns.

    Provides WHOIS/RDAP data including registrar, registration dates, name servers, and abuse contacts. Particularly useful for identifying newly registered domains (common in phishing and scams). Returns the registrar's abuse contact email when available, which can be used for filing complaints about fraudulent domains.

    Cross-tool workflow:

    • Consider using reputation-check_link to check the domain's threat reputation alongside WHOIS registration data.

    Do not use this for general domain availability checks or bulk domain searches.

  • reputation-scan_all

    Use this when you need to check multiple links, emails, or phone numbers at once.

    Scans all indicators concurrently and returns a unified result. Each indicator needs:

    • type: 'url', 'email', or 'phone'
    • value: the URL, email address, or phone number (E.164 format for phones)

    Returns a summary with counts per verdict and individual results for each indicator. Prefer this over individual scan tools when 3 or more indicators are present. Maximum 10 indicators per request.

    Cross-tool workflow:

    • For unknown URL or email verdicts, consider using reputation-whois on the associated domains for additional registration context and abuse contact information.