How do I check if a URL is malicious?

Run /url-investigation in your AI coding agent with the link. It looks up or submits the URL to URLScan, checks VirusTotal and OTX, and returns a verdict along with page behaviour, redirects and pivots.

Does the skill submit URLs to URLScan or just read them?

Both. It first looks for an existing URLScan result, and if there is none it can submit the URL for a fresh scan, so you get current page behaviour rather than stale data.

Can I analyse a phishing link safely with this?

Yes. The investigation runs through remote scanning services rather than loading the link on your machine, so you can review page behaviour and redirects without visiting the URL directly.

CTI Skill · Investigation

URL Investigation.

/url-investigation

URL investigation is how you decide whether a link is safe, what it does when loaded, and where it ultimately sends a victim. This free, open-source skill runs inside your AI coding agent and investigates any URL by combining a URLScan submission or lookup with VirusTotal and OTX checks. It is built for SOC analysts and CTI practitioners triaging phishing reports and suspicious links.

Get the free pack on GitHub →Or join the free tier waitlist

What it does.

It looks up existing URLScan results or submits the URL for a fresh scan, then checks VirusTotal and OTX. The findings are consolidated into one summary covering the verdict, what the page does and where it redirects.

When to use it.

Use it during SOC triage when a user reports a phishing link or a URL appears in mail or proxy logs. It also supports CTI work when you are studying a phishing kit or campaign and want to understand the page behaviour and hosting behind a link.

What you get back.

You get a verdict, a description of the page behaviour, the redirect chain, the hosting it lands on, and pivot candidates such as the final domain, resolving IPs and related URLs.

How it fits your workflow.

Run it from Claude Code, Cursor, Codex or Windsurf with one command. Free API tiers are enough to begin, and the skill degrades gracefully without keys, using whatever sources you have configured.

Keep going.

Frequently Asked Questions.

Ready to do more with less?

Request a demo or start your free trial today. Get instant access to AI-powered threat intelligence tailored to your organisation.