Model Context Protocol (MCP) for AI Security
GridinSoft Inspector provides a native implementation of the Model Context Protocol (MCP), enabling seamless integration between our threat intelligence services and AI models (such as Claude, GPT-4, or local LLMs). This interface allows your AI assistants to perform real-time security assessments, domain reputation checks, and URL scanning directly within your workflow.
Model Context Protocol (MCP) Setup
The Model Context Protocol (MCP) allows your AI tools (like Claude Desktop) to connect directly to GridinSoft Inspector services. This enables your AI to answer the critical question: "Can I trust this site?" through real-time domain analysis and URL scanning.
Prerequisites
- A GridinSoft Inspector account and your API Key.
- An MCP-compatible client (Claude Desktop, Cursor IDE, Windsurf, etc.).
- Node.js (v18+) installed on your system.
Claude Desktop
1. Open your configuration file:
- macOS:
~/Library/Application.../claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
2. Add to mcpServers:
{
"mcpServers": {
"gridinsoft": {
"command": "npx",
"args": ["-y", "@gridinsoft/mcp-inspector"],
"env": {
"GRIDINSOFT_API_KEY": "YOUR_API_KEY"
}
}
}
}Cursor IDE
1. Go to Settings → Models → MCP.
2. Click + Add new MCP server.
- Name:
GridinSoft - Type:
command - Command:
npx -y @gridinsoft/mcp-inspector
3. Add Environment Variable:
- Key:
GRIDINSOFT_API_KEY - Value:
YOUR_API_KEY
Windsurf IDE
1. Open your configuration file:
- macOS:
~/.codeium/windsurf/mcp_config.json - Windows:
%USERPROFILE%\.codeium\windsurf\mcp_config.json
2. Add to mcpServers:
{
"mcpServers": {
"gridinsoft": {
"command": "npx",
"args": ["-y", "@gridinsoft/mcp-inspector"],
"env": {
"GRIDINSOFT_API_KEY": "YOUR_API_KEY"
}
}
}
}Available MCP Tools
Once connected, your AI assistant will have access to the following security tools:
inspect_domain
Deep security & trust profile. Returns reputation (0-100), verdict, hosting details, full WHOIS data, and "site" analysis (tags, AI text detection, SSL, DNS).
{ "domain": "example.com" }
COST 3 Credits
scan_url
Real-time HTML scan. Identifies phishing patterns, malware signatures, and extracts page metadata directly from the live site.
{ "url": "https://example.com/login" }
COST 10 Credits
Recommended AI Questions
Try asking your AI these specific questions to get the most detailed security reports:
- "Perform a full security analysis of this website: example-site.com"
- "Check the trust profile and reputation for the domain gridinsoft.com"
- "Is this redirect link safe to visit? http://bit.ly/xxxx"
- "Give me a detailed report on who hosts this domain and what is its reputation."
Authentication
Authentication is handled via the GRIDINSOFT_API_KEY environment variable. This key is used to authenticate your requests and track credit usage.
Custom Implementation
If you are building your own MCP client or integrating GridinSoft services into a custom application, you can use our HTTP endpoints directly. All requests must include an Authorization: Bearer YOUR_API_KEY header.
https://inspector.gridinsoft.com/mcp/v1
| Endpoint | Method | Description |
|---|---|---|
/tools |
GET | List available security tools. PUBLIC |
/tools/call |
POST | Execute a security tool. PRIVATE |
/models |
GET | List available AI models and their capabilities. PUBLIC |
/prompts |
GET | List available suggested prompt templates. PUBLIC |
/prompts/get |
GET | Get details for a specific prompt template. PUBLIC |
/resources |
GET | List available static and dynamic resources. PUBLIC |
/resources/read |
GET | Read the content of a specific resource. PUBLIC |
/health |
GET | Check MCP server and API status. PUBLIC |
/contexts |
GET | List saved analysis contexts. PRIVATE |
/contexts/create |
POST | Create a new context. PRIVATE |
/contexts/get |
GET | Retrieve a specific context. PRIVATE |
/contexts/update |
POST | Update an existing context. PRIVATE |
/contexts/delete |
GET | Delete a context. PRIVATE |
Domain Check API Details
The domain/check endpoint provides a fast security assessment by merging real-time scans with GridinSoft's historical database.
https://inspector.gridinsoft.com/api/v1/domain/checkMETHOD
POSTCOST
3 Credit
Request Format (JSON)
{
"apikey": "YOUR_API_KEY",
"domain": "google.com"
}Response Fields
| Field | Type | Description |
|---|---|---|
subject | string | The domain being checked. |
verdict | string | Security status (e.g., "Safe", "Suspicious", "Malicious"). |
score | integer | Reputation score (0-100). 100 is safest. |
tags | string | Domain categories (e.g., "Phishing", "Meme Coins"). |
date | string | Last database update (YYYY-MM-DD HH:MM:SS). |
fingerprint | string | Unique behavioral fingerprint. |
whitelisted | boolean | True if in GridinSoft global whitelist. |
report | string | Link to full interactive analysis report. |
Our implementation follows the official MCP HTTP Transport specification.
MCP Tool Examples
GridinSoft MCP server provides several tools that AI assistants can use to help with security tasks. below are the details and example payloads for each tool.
1. inspect_domain
Retrieves detailed information about a domain, including its security category and threat level.
| Argument | Type | Required | Description |
|---|---|---|---|
| domain | String | Yes | The domain name to analyze (e.g., "example.com"). |
Example Input:
{
"name": "inspect_domain",
"arguments": {
"domain": "google.com"
}
}Example Output:
{
"content": [
{
"type": "text",
"text": "{
\"domain\": \"nusewin.cc\",
\"reputation\": 1,
\"verdict\": \"Scam Website\",
\"hosting\": { \"org\": \"AS13335 Cloudflare, Inc.\", \"country\": \"US\" },
\"whois\": { \"registrar\": \"NICENIC INTERNATIONAL GROUP\", \"creationDate\": 1768427775 },
\"site\": {
\"title\": \"Nusewin: Crypto Casino\",
\"tags\": { \"Scam - High Risk\": { \"risk\": true }, \"Casino\": { \"risk\": false } },
\"ai_text_detection\": { \"verdict\": \"Human\" },
\"ssl_certificate\": { \"protocol\": \"TLS 1.3\", \"issuer\": \"WE1\" }
}
}"
}
]
}2. scan_url
Scans a specific URL for redirects, phishing, and malware signatures.
| Argument | Type | Required | Description |
|---|---|---|---|
| url | String | Yes | The full URL to scan (e.g., "http://suspicious.site/page"). |
3. get_balance
Returns the current credit balance and subscription plan details for the authenticated user.
4. MCP Prompts
Prompts are suggested request templates that help AI understand how to interact with the user and tools.
List Prompts (/prompts):
{
"prompts": [
{
"name": "website-safety-analysis",
"description": "Deep check for phishing, scams, and threat tags",
"arguments": [
{
"name": "site",
"description": "The URL or domain to analyze",
"required": true
}
]
},
{
"name": "domain-trust-report",
"description": "Detailed profile: reputation, registrar, and hosting",
"arguments": [
{
"name": "domain",
"description": "The domain name to verify",
"required": true
}
]
}
]
}5. MCP Resources
Resources allow the AI to read reference data or documentation provided by the server.
Read Resource Content (/resources/read?uri=...):
{
"contents": [
{
"uri": "gs://guide/threat-categories",
"mimeType": "text/markdown",
"text": "# GridinSoft Threat Categories\n\nOfficial reference for security verdicts.\n\n- **Safe** (ID: -1) - Safe\n- **Phishing** (ID: 7) - Threat/Suspicious\n- **Scam Website** (ID: 9) - Threat/Suspicious\n..."
}
]
}MCP Usage Statistics
Monitor your MCP tool execution and credit consumption below. Statistics are updated in real-time as your AI assistant interacts with the GridinSoft MCP server.
Detailed per-tool execution logs are coming soon to this dashboard. Currently, you can view your overall credit balance in your Profile or by using the get_balance MCP tool.
Current Limits
| Tool Name | Daily Limit | Cost per Execution |
|---|---|---|
| inspect_domain | Unlimited (per credits) | 3 credits |
| scan_url | Unlimited (per credits) | 10 credits |
| get_balance | Free | 0 credits |
| website-safety-analysis | Public | Free |
| domain-trust-report | Public | Free |
| resources/**/* | Public | Free |
| health | Public | Free |