Phishing Email Analyzer

What it does

Phishing Email Analyzer statically analyzes a suspicious email (headers / body / URLs) and returns a phishing verdict — phishing, suspicious, or likely_safe — with a deterministic 0–100 risk score, detailed indicators, and a human-readable explanation. It is connector-free and read-only: no URL is ever fetched and no attachment is ever opened. The scoring core is fully deterministic. It checks header authentication (SPF/DKIM/DMARC) and From vs Return-Path/Reply-To consistency, extracts and statically risk-scores every URL (displayed-vs-actual host, punycode/homoglyph, IP hosts, shorteners, credential paths), and detects urgency/pressure language and credential-request keywords. An LLM is used ONLY to synthesize the explanation; it can never change the verdict or score, and a deterministic template fallback runs when no LLM is available. Security guardrails: the email body is treated as untrusted data — prompt-injection lead-ins are defanged in place and never obeyed; URLs are never followed and attachments never opened; PII/secrets are masked; output is advisory only and never an automatic action. Tools: - run_full / summarize_verdict — full end-to-end analysis: parse, deterministic header/URL/keyword scoring, synthesize an explanation (LLM with template fallback), return the complete verdict JSON. - parse_email — deterministic parse into headers, body, sender addresses, attachment filenames (never opened), and referenced URLs (no scoring, no LLM). - check_headers — deterministic SPF/DKIM/DMARC and From vs Return-Path/Reply-To consistency check. - extract_and_score_urls — deterministic extraction + static scoring of every URL (never fetched). - assess_social_engineering — deterministic scan for urgency/pressure language and credential/sensitive-data requests. - plan_inputs — interview helper returning questions, JSON schema, and a ready-to-edit example for a tool. Provide at least one of raw_email, headers, or body. Array/object arguments may be passed as JSON or a JSON string. Missing required inputs return a structured needs_input payload (questions + schema + example) instead of erroring, and upgrade to a native elicitation form on clients that support it.

Example prompts

• Analyze this email with run_full and tell me if it's phishing: paste the raw .eml headers and body.
• Run check_headers on these headers — do SPF/DKIM/DMARC pass and does From match Return-Path/Reply-To?
• Use extract_and_score_urls on this email body and flag any punycode, IP-host, or displayed-vs-actual host tricks.
• Run assess_social_engineering on this message and list the urgency and credential-request signals.
• Use plan_inputs for run_full and show me the questions, schema, and a ready-to-edit example.

Tools (7)

Tools the agent exposes — your AI client calls them automatically when it needs them.

• run_full — Run the full phishing analysis end-to-end: parse the email, run deterministic header/URL/keyword scoring, synthesize an explanation (LLM with template fallback), return the complete verdict JSON. Read-only; no URL is followed.
• summarize_verdict — Same as run_full: produce the final phishing verdict, risk score, and human-readable explanation for the email.
• parse_email — Deterministically parse an email into headers, body, sender addresses, attachment filenames (never opened), and referenced URLs. No scoring, no LLM.
• check_headers — Deterministically check email authentication (SPF/DKIM/DMARC) and From vs Return-Path/Reply-To consistency. No LLM.
• extract_and_score_urls — Deterministically extract URLs from the email body and statically score each (displayed-vs-actual host, punycode/homoglyph, IP host, shortener, credential paths). URLs are NEVER fetched.
• assess_social_engineering — Deterministically scan the email body for social-engineering signals: urgency/pressure language and credential/sensitive-data requests. No LLM.
• plan_inputs — Plan/brainstorm the inputs for a tool: returns the questions, schema and a ready-to-edit example.