VirusTotal MCP

v1.0.17Securitystable

Get a comprehensive URL analysis report including security scan results and key relationships (communicating files, contacted domains/IPs, downloaded files, redirects, threat actors). Returns both the

ai-toolsclaudecybersecurityiocmalware-analysis
Share:
127
Stars
0
Downloads
0
Weekly
0/5

What is VirusTotal MCP?

VirusTotal MCP is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to get a comprehensive url analysis report including security scan results and key relationships (communicating files, contacted domains/ips, downloaded files, redirects, threat actors). returns both the

Get a comprehensive URL analysis report including security scan results and key relationships (communicating files, contacted domains/IPs, downloaded files, redirects, threat actors). Returns both the

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • get_url_report
  • get_url_relationship
  • get_file_report
  • get_file_relationship
  • get_ip_report

Use Cases

Get comprehensive URL security analysis
Identify threat actors and malware
Analyze file and domain relationships
BurtTheCoder

Maintainer

LicenseMIT License
Languagetypescript
Versionv1.0.17
UpdatedMay 20, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

NPM

npx -y @burtthecoder/mcp-virustotal

Manual Installation

npx -y @burtthecoder/mcp-virustotal

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use VirusTotal MCP

The VirusTotal MCP Server connects AI assistants to the VirusTotal threat intelligence platform, providing 11 tools for analyzing URLs, files, IP addresses, and domains against VirusTotal's database of 70+ antivirus engines and threat intelligence feeds. It goes beyond simple scan results by exposing deep relationship data—threat actors, dropped files, execution chains, redirects, contacted domains, and certificate histories—making it a powerful tool for security analysts conducting incident response, malware investigations, or threat hunting through natural language.

Prerequisites

  • Node.js 18+ with npm or npx available
  • A VirusTotal account with a free or paid API key (VIRUSTOTAL_API_KEY)
  • An MCP-compatible client such as Claude Desktop or Claude Code
  • Optional: Docker if using HTTP streaming transport
1

Obtain a VirusTotal API key

Sign up for a free VirusTotal account at https://www.virustotal.com and navigate to your profile to copy your API key. Free accounts have rate limits of 4 lookups per minute.

2

Install via npm (optional global install)

Optionally install the package globally. If you prefer to run it directly without installing, skip this step and use npx in the config.

npm install -g @burtthecoder/mcp-virustotal
3

Add to Claude Desktop configuration

Edit your claude_desktop_config.json to register the VirusTotal MCP server. Pass the VIRUSTOTAL_API_KEY in the env block.

{
  "mcpServers": {
    "virustotal": {
      "command": "npx",
      "args": ["-y", "@burtthecoder/mcp-virustotal"],
      "env": {
        "VIRUSTOTAL_API_KEY": "your_virustotal_api_key_here"
      }
    }
  }
}
4

Or add via Claude Code CLI

Register the server directly from the terminal using the Claude Code MCP add command.

claude mcp add --transport stdio --env VIRUSTOTAL_API_KEY=your-key virustotal -- npx -y @burtthecoder/mcp-virustotal
5

Restart Claude and verify

Restart Claude Desktop. Open a conversation and ask it to analyze a known safe URL or file hash to verify the connection is working.

VirusTotal MCP Examples

Client configuration

Complete claude_desktop_config.json entry using the published npm package for the VirusTotal MCP server.

{
  "mcpServers": {
    "virustotal": {
      "command": "npx",
      "args": ["-y", "@burtthecoder/mcp-virustotal"],
      "env": {
        "VIRUSTOTAL_API_KEY": "your_virustotal_api_key_here"
      }
    }
  }
}

Prompts to try

Security analysis prompts that leverage the full range of VirusTotal MCP tools.

- "Analyze the URL https://example.com for security threats and show all contacted domains"
- "Look up the file hash d41d8cd98f00b204e9800998ecf8427e and show its behavior summary"
- "Get a security report for the IP address 8.8.8.8 including certificate history"
- "Search VirusTotal for malware samples tagged with ransomware that were submitted this week"
- "Show me the threat actors associated with the domain malicious-example.com"
- "Get all files that have been downloaded from this URL and their execution chains"

Troubleshooting VirusTotal MCP

API requests return 403 Forbidden or 'Wrong API key'

Verify that VIRUSTOTAL_API_KEY is set to your actual VirusTotal API key with no extra spaces or quotes. Log into virustotal.com, go to your profile, and copy the API key fresh.

Rate limit errors (429) when running multiple lookups

Free VirusTotal accounts are limited to 4 requests per minute and 500 per day. Space out your queries or upgrade to a premium plan. The relationship tools that fetch 40+ relationship types count as multiple API calls.

npx fails with 'package not found' on first run

Ensure you have Node.js 18+ installed and an active internet connection. Run 'npm view @burtthecoder/mcp-virustotal' to verify the package is accessible from your npm registry.

Frequently Asked Questions about VirusTotal MCP

What is VirusTotal MCP?

VirusTotal MCP is a Model Context Protocol (MCP) server that get a comprehensive url analysis report including security scan results and key relationships (communicating files, contacted domains/ips, downloaded files, redirects, threat actors). returns both the It connects AI assistants to external tools and data sources through a standardized interface.

How do I install VirusTotal MCP?

Install via npm with the command: npx -y @burtthecoder/mcp-virustotal. Then add the server configuration to your AI client's JSON config file (e.g., claude_desktop_config.json or .cursor/mcp.json).

Which AI clients work with VirusTotal MCP?

VirusTotal MCP works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is VirusTotal MCP free to use?

Yes, VirusTotal MCP is open source and available under the MIT License license. You can use it freely in both personal and commercial projects.

VirusTotal MCP Alternatives — Similar Security Servers

Looking for alternatives to VirusTotal MCP? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "virustotal-mcp-server": { "command": "npx", "args": ["-y", "@burtthecoder/mcp-virustotal"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use VirusTotal MCP?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides