← Back to Agents

Safety & Threats Agent

safety.check.js

What This Agent Does

The Safety & Threats Agent analyzes websites for potential security threats, malware indicators, phishing attempts, and unsafe practices that could harm visitors.

Category Information

Property Value
Category Name Safety & Threats
Category Icon
Number of Checks 10
Source File src/checks/safety.check.js

Checks Performed

Malware/Phishing Indicators Critical SSL Certificate Status Critical Form Security Critical Outdated Software Detection Medium SQL Injection Protection Critical XSS Protection High Iframe Usage Medium External Scripts High Rate Limiting / Bot Protection Medium Domain Registrar Status Medium

Data Sources & APIs

External APIs

API Environment Variable Purpose
Google Safe Browsing v4 GOOGLE_SAFE_BROWSING_API_KEY Check URLs against malware/phishing databases

Libraries Used

  • axios — HTTP client for fetching target URL and API calls

Inputs

  • url — The target URL to analyze
  • hostname — Extracted from URL for domain analysis
  • HTTP response — Headers and body content

Internal Functions

SafetyCheck.analyze(url)

Main entry point. Fetches the URL, runs all 10 checks, and returns the category result.

async analyze(url) {
  const checks = [];
  const hostname = new URL(url).hostname;
  const response = await axios.get(url, { timeout: 15000 });
  
  // Run all checks...
  
  return {
    category: 'Safety & Threats',
    icon: 'shield-alert',
    score,
    checks,
    malwareDetected: malwareFlag
  };
}

detectPhishingIndicators(url, hostname)

Heuristic detection for phishing patterns including:

  • Base64-encoded payloads in URLs
  • Suspicious URL patterns and redirect parameters
  • Typosquatting of major brands
  • IP addresses instead of domain names

checkDomainReputation(hostname, url)

Analyzes domain for suspicious characteristics:

  • High-risk TLDs (.click, .download, .tk, etc.)
  • Random subdomain patterns
  • Generic financial brand names on suspicious TLDs
  • Tracking parameter patterns

Score Calculation

Standard Calculation

Uses calculateCategoryScore(checks) from score-calculator.util.js which weights checks by:

  • Status (pass, fail, warn, info, error)
  • Severity (critical, high, medium, low)

Special Malware Override

If malware or phishing is detected, the score is forced to 0 regardless of other checks:

if (malwareFlag) {
  score = 0;
}

Return Value

{
  category: 'Safety & Threats',
  icon: 'shield-alert',
  score: 0-100,
  checks: [
    {
      name: 'Check Name',
      status: 'pass' | 'fail' | 'warn' | 'info' | 'error',
      description: 'Human-readable result',
      severity: 'critical' | 'high' | 'medium' | 'low'
    },
    // ... 9 more checks
  ],
  malwareDetected: true | false
}