VirusTotal MCP

---
name: virustotal-mcp
category: digital-forensics
cost: freemium
api_key_required: yes
repo: https://github.com/BurtTheCoder/mcp-virustotal
paired_skills: ["malware-triage-static", "malware-triage-dynamic", "virustotal-pivoting"]
capabilities: ["threat-intel", "reputation-lookup", "malware-triage"]
---

# VirusTotal MCP — file/URL/IP/domain reputation + relationship graphs

Direct VT submission and relationship graph traversal. Covers files (hash + content), URLs, IP addresses, and domains with 70+ vendor verdicts and infrastructure relationship mapping.

## Install

```
uvx mcp-virustotal
```

## Configuration

```json
{
  "mcpServers": {
    "virustotal": {
      "command": "uvx",
      "args": ["mcp-virustotal"],
      "env": {
        "VT_API_KEY": "YOUR_VT_KEY_HERE"
      }
    }
  }
}
```

Get a free API key at virustotal.com.

## What it adds

Claude submits IOCs to VirusTotal and traverses the relationship graph — which campaigns share this infrastructure, what other domains this IP has hosted, what files dropped this hash, what URLs resolve to this domain. The relationship graph is VirusTotal's most powerful investigative feature and this MCP makes it accessible mid-conversation.

## Pairs with skills

- 085 `malware-triage-static`
- 086 `malware-triage-dynamic`
- 432 `virustotal-pivoting`

## Cost

Free VirusTotal API key. Rate limit: 4 requests/minute on free tier — sufficient for investigation-scale work, not bulk scanning.