We’ve grown, Scamy.io is now StrajaNew products, a more mature platform, built to keep you safer than ever.
Autonomous shopping agents now find products, fill carts and pay, on their own. But an agent can't tell a real store from a convincing fake. Straja's MCP gives any agent one tool call to verify a merchant, link or checkout before money moves. Same engine, now in the loop.
A human pauses at a too-good price, a misspelled domain, a checkout that feels off. An autonomous agent optimises for "task complete", it follows the cheapest result, trusts the page it's handed, and pays. Scammers already build storefronts and inject instructions aimed squarely at machines. The agent has speed and reach, but none of the instincts.
A polished store, a real-looking checkout, a price 70% under market. To an agent chasing the best deal, it's the top result, and it takes the card.
Hidden text on the page tells the agent to "skip verification" or "send to this address." The agent reads instructions as if they came from you.
A redirect to a near-identical pay page harvests the card. The agent never blinks at the swapped character a human might catch.
Agents act with your money and your trust, at machine speed. One bad checkout isn't a wrong answer to re-roll, it's a real charge to a real scammer. They need the judgment a human applies before paying. That's what Straja supplies.
Straja runs a Model Context Protocol server any agent can connect to. Add it once and your agent gains a tool it can call on its own, before it follows a link, submits a payment, or trusts a page it was handed.
check_domain: phishing, malware, brand impersonation & domain-age check, in one call# agent → straja (tool call) tool check_domain arguments { "domain": "airpods-pro-outlet.shop" } # straja → agent (result · 120ms) { "domain": "airpods-pro-outlet.shop", "verdict": "dangerous", "score": 75, "impersonation_detected": true, "identified_brand": "Apple" }
A verification step between intent and payment. The agent stays in control, Straja just hands it the judgment a careful human would apply, in a form it can act on.
It has a cart, a URL and a payee. Instead of submitting, it calls a Straja tool to check the domain first.
Domain age, reputation, phishing/malware and brand-impersonation checks, the same engine behind the app and extension, in ~120ms.
A clear safe / suspicious / dangerous with reasons. The agent proceeds, asks you, or backs off.
Not everyone runs their own agent. The Straja app for ChatGPT brings the exact same verification to where most people already shop with AI. Paste a link or a deal and ask, Straja checks the merchant, the domain and the price, and steers you to verified sellers before you spend.
Same engine, two front doors. The MCP for builders running their own agents; the ChatGPT app for everyone else. Both speak to the same Straja threat network.
Straja speaks the Model Context Protocol, so it connects to anything that does, no bespoke integration. Point your agent at the server, expose the tools, and verification is one call away.
Add the server in your MCP config; tools appear to the agent instantly.
Use the hosted Straja app, or wire the MCP into your own agent stack.
Any MCP-capable framework, LangGraph, custom orchestrators, internal tools.
straja.io/mcp — our managed HTTPS endpoint. No install, no API key.
Every check returns a verdict, a risk score and a plain-language summary. Log it, replay it, branch on it.
Everything about the MCP and the ChatGPT app. Building something specific? Talk to us →
check_domain. Any MCP-capable agent can call it mid-task to get a structured verdict before it acts.safe, ask the human on suspicious, halt on dangerous. The decision stays yours.straja.io/mcp — no install, no API key. Add it to your MCP config and check_domain shows up to the agent automatically.Connect the MCP in minutes, or add the Straja app to ChatGPT in one click. Free to start. Same threat network protecting millions of people.
{
"mcpServers": {
"straja": {
"url": "https://straja.io/mcp"
}
}
}