VirusTotal

v1.0.21Securitystable

MCP server for VirusTotal API — analyze URLs, files, IPs, and domains with comprehensive security reports, relationship analysis, and pagination support.

ai-toolsclaudecybersecurityiocmalware-analysis
Share:
127
Stars
0
Downloads
0
Weekly
0/5

What is VirusTotal?

VirusTotal is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to mcp server for virustotal api — analyze urls, files, ips, and domains with comprehensive security reports, relationship analysis, and pagination support.

MCP server for VirusTotal API — analyze URLs, files, IPs, and domains with comprehensive security reports, relationship analysis, and pagination support.

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • get_url_report
  • get_url_relationship
  • get_file_report
  • get_file_relationship
  • get_ip_report

Use Cases

Analyze URLs and files for malware
Query IP and domain security reports
Get comprehensive threat analysis
BurtTheCoder

Maintainer

LicenseMIT
Languagetypescript
Versionv1.0.21
UpdatedMay 20, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

NPM

npx -y @burtthecoder/mcp-virustotal

Manual Installation

npx -y @burtthecoder/mcp-virustotal

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use VirusTotal

The VirusTotal MCP Server exposes the full VirusTotal API v3 to AI assistants, enabling on-demand security analysis of URLs, file hashes, IP addresses, and domains within a conversational interface. It provides both summary report tools and granular relationship tools that paginate through threat actor associations, dropped files, contacted IPs, and dozens of other relationship types. Security analysts and developers can investigate indicators of compromise, check sandbox behavior summaries, and run corpus searches across VirusTotal's dataset — all without leaving their AI workflow.

Prerequisites

  • Node.js v20 or later
  • A VirusTotal account with a free or paid API key (obtainable at virustotal.com)
  • The VIRUSTOTAL_API_KEY environment variable set to your API key
  • An MCP-compatible client such as Claude Desktop or Claude Code
1

Obtain a VirusTotal API key

Sign up or log in at virustotal.com, navigate to your profile, and copy your API key from the API Key section.

2

Add the server to Claude Code (quickest method)

Use the Claude Code CLI to register the server with your API key in one command.

claude mcp add --transport stdio --env VIRUSTOTAL_API_KEY=your_api_key_here virustotal -- npx -y @burtthecoder/mcp-virustotal
3

Or install globally and configure manually

Install the package globally and then add the configuration entry to your Claude Desktop config file.

npm install -g @burtthecoder/mcp-virustotal
4

Add the configuration to your MCP client

Edit your claude_desktop_config.json to include the server entry with your API key.

5

Restart Claude Desktop and verify

Restart the client and ask it to analyze a known benign URL to confirm the server is connected and the API key is accepted.

VirusTotal Examples

Client configuration

Add this block to ~/Library/Application Support/Claude/claude_desktop_config.json on macOS, or %APPDATA%\Claude\claude_desktop_config.json on Windows.

{
  "mcpServers": {
    "virustotal": {
      "command": "npx",
      "args": ["-y", "@burtthecoder/mcp-virustotal"],
      "env": {
        "VIRUSTOTAL_API_KEY": "your_virustotal_api_key_here"
      }
    }
  }
}

Prompts to try

Security analysis prompts that map to the server's actual tools.

- "Is https://suspicious-domain.example.com malicious? Run a full URL report."
- "Check the file hash d41d8cd98f00b204e9800998ecf8427e for malware detections"
- "Get the reputation report for IP 198.51.100.1 including geolocation"
- "What files has malware family 'emotet' dropped, according to VirusTotal relationships?"
- "Search VirusTotal for all URLs associated with domain badactor.example"

Troubleshooting VirusTotal

API returns 401 Unauthorized errors

Double-check that VIRUSTOTAL_API_KEY is set to your actual API key without surrounding quotes or whitespace. Free API keys have rate limits (4 requests/minute, 500/day) — exceeding them returns 429 errors, not 401.

Rate limit (429) errors when running multiple lookups

Free VirusTotal accounts are limited to 4 lookups per minute. Space out your queries or upgrade to a paid tier for higher quota. The relationship tools paginate automatically but each page counts against your quota.

npx command not found or version mismatch

Ensure Node.js v20+ is installed ('node --version'). If npx is missing, update Node.js from nodejs.org. You can also install globally with 'npm install -g @burtthecoder/mcp-virustotal' and reference the global binary path in the config.

Frequently Asked Questions about VirusTotal

What is VirusTotal?

VirusTotal is a Model Context Protocol (MCP) server that mcp server for virustotal api — analyze urls, files, ips, and domains with comprehensive security reports, relationship analysis, and pagination support. It connects AI assistants to external tools and data sources through a standardized interface.

How do I install VirusTotal?

Install via npm with the command: npx -y @burtthecoder/mcp-virustotal. Then add the server configuration to your AI client's JSON config file (e.g., claude_desktop_config.json or .cursor/mcp.json).

Which AI clients work with VirusTotal?

VirusTotal works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is VirusTotal free to use?

Yes, VirusTotal is open source and available under the MIT license. You can use it freely in both personal and commercial projects.

VirusTotal Alternatives — Similar Security Servers

Looking for alternatives to VirusTotal? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "mcp-virustotal": { "command": "npx", "args": ["-y", "@burtthecoder/mcp-virustotal"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use VirusTotal?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides