MCP server for VirusTotal API — analyze URLs, files, IPs, and domains with comprehensive security reports, relationship analysis, and pagination support.
Drift inferred · capture-to-capture
No drift recorded — single capability capture; advisories appear once its surface changes.
tools
-
cursor
(optional): Continuation cursor for pagination
-
domain
(required): Domain name to analyze
-
hash
(required): MD5, SHA-1 or SHA-256 hash of the file
-
id
(required): Collection ID (e.g. threat-actor--<uuid>, malware-family--<id>)
-
ip
(required): IP address to analyze
-
limit
(optional, default: 10): Maximum number of related objects to retrieve (1-40)
-
query
(required): Search query. Examples: a SHA-256 hash, evil.com, 8.8.8.8, type:peexe size:90kb+ tag:signed positives:5+
-
relationship
(required): Type of relationship to query
-
relationships
(optional): Array of specific relationships to include in the report
-
url
(required): The URL to analyze
filesystem 2
- fs w0h1v-mcp-virustotal-364ce0d/src/index.ts :5
import { readFileSync } from 'fs'; - fs w0h1v-mcp-virustotal-364ce0d/src/utils/logging.ts :3
import fs from "fs";
network 1
- net w0h1v-mcp-virustotal-364ce0d/src/utils/api.ts :1
import axios, { AxiosError, AxiosInstance } from 'axios';
secrets 2
- secrets w0h1v-mcp-virustotal-364ce0d/scripts/smoke-test.mjs :20
if (!process.env.VIRUSTOTAL_API_KEY) { - secrets w0h1v-mcp-virustotal-364ce0d/src/utils/api.ts :14
const apiKey = process.env.VIRUSTOTAL_API_KEY;
declared dependencies 6
- axios@>=1.4.0 <1.14.1
- dotenv@^16.4.5
- fastmcp@~3.25.4
- zod@^3.22.2
- @types/node@^20.11.24
- typescript@^5.3.3