VirusTotal
MCP server for VirusTotal API — analyze URLs, files, IPs, and domains with comprehensive security reports, relationship analysis, and pagination support.
What is VirusTotal?
VirusTotal is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to mcp server for virustotal api — analyze urls, files, ips, and domains with comprehensive security reports, relationship analysis, and pagination support.
MCP server for VirusTotal API — analyze URLs, files, IPs, and domains with comprehensive security reports, relationship analysis, and pagination support.
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- get_url_report
- get_url_relationship
- get_file_report
- get_file_relationship
- get_ip_report
Use Cases
Maintainer
Works with
Installation
NPM
npx -y @burtthecoder/mcp-virustotalManual Installation
npx -y @burtthecoder/mcp-virustotalConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use VirusTotal
The VirusTotal MCP Server exposes the full VirusTotal API v3 to AI assistants, enabling on-demand security analysis of URLs, file hashes, IP addresses, and domains within a conversational interface. It provides both summary report tools and granular relationship tools that paginate through threat actor associations, dropped files, contacted IPs, and dozens of other relationship types. Security analysts and developers can investigate indicators of compromise, check sandbox behavior summaries, and run corpus searches across VirusTotal's dataset — all without leaving their AI workflow.
Prerequisites
- Node.js v20 or later
- A VirusTotal account with a free or paid API key (obtainable at virustotal.com)
- The VIRUSTOTAL_API_KEY environment variable set to your API key
- An MCP-compatible client such as Claude Desktop or Claude Code
Obtain a VirusTotal API key
Sign up or log in at virustotal.com, navigate to your profile, and copy your API key from the API Key section.
Add the server to Claude Code (quickest method)
Use the Claude Code CLI to register the server with your API key in one command.
claude mcp add --transport stdio --env VIRUSTOTAL_API_KEY=your_api_key_here virustotal -- npx -y @burtthecoder/mcp-virustotalOr install globally and configure manually
Install the package globally and then add the configuration entry to your Claude Desktop config file.
npm install -g @burtthecoder/mcp-virustotalAdd the configuration to your MCP client
Edit your claude_desktop_config.json to include the server entry with your API key.
Restart Claude Desktop and verify
Restart the client and ask it to analyze a known benign URL to confirm the server is connected and the API key is accepted.
VirusTotal Examples
Client configuration
Add this block to ~/Library/Application Support/Claude/claude_desktop_config.json on macOS, or %APPDATA%\Claude\claude_desktop_config.json on Windows.
{
"mcpServers": {
"virustotal": {
"command": "npx",
"args": ["-y", "@burtthecoder/mcp-virustotal"],
"env": {
"VIRUSTOTAL_API_KEY": "your_virustotal_api_key_here"
}
}
}
}Prompts to try
Security analysis prompts that map to the server's actual tools.
- "Is https://suspicious-domain.example.com malicious? Run a full URL report."
- "Check the file hash d41d8cd98f00b204e9800998ecf8427e for malware detections"
- "Get the reputation report for IP 198.51.100.1 including geolocation"
- "What files has malware family 'emotet' dropped, according to VirusTotal relationships?"
- "Search VirusTotal for all URLs associated with domain badactor.example"Troubleshooting VirusTotal
API returns 401 Unauthorized errors
Double-check that VIRUSTOTAL_API_KEY is set to your actual API key without surrounding quotes or whitespace. Free API keys have rate limits (4 requests/minute, 500/day) — exceeding them returns 429 errors, not 401.
Rate limit (429) errors when running multiple lookups
Free VirusTotal accounts are limited to 4 lookups per minute. Space out your queries or upgrade to a paid tier for higher quota. The relationship tools paginate automatically but each page counts against your quota.
npx command not found or version mismatch
Ensure Node.js v20+ is installed ('node --version'). If npx is missing, update Node.js from nodejs.org. You can also install globally with 'npm install -g @burtthecoder/mcp-virustotal' and reference the global binary path in the config.
Frequently Asked Questions about VirusTotal
What is VirusTotal?
VirusTotal is a Model Context Protocol (MCP) server that mcp server for virustotal api — analyze urls, files, ips, and domains with comprehensive security reports, relationship analysis, and pagination support. It connects AI assistants to external tools and data sources through a standardized interface.
How do I install VirusTotal?
Install via npm with the command: npx -y @burtthecoder/mcp-virustotal. Then add the server configuration to your AI client's JSON config file (e.g., claude_desktop_config.json or .cursor/mcp.json).
Which AI clients work with VirusTotal?
VirusTotal works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is VirusTotal free to use?
Yes, VirusTotal is open source and available under the MIT license. You can use it freely in both personal and commercial projects.
VirusTotal Alternatives — Similar Security Servers
Looking for alternatives to VirusTotal? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up VirusTotal in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use VirusTotal?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.