Get the FREE Ultimate OpenClaw Setup Guide →

mcp-virustotal

A Model Context Protocol (MCP) server for querying the VirusTotal API.

Installation
Run this command in your terminal to add the MCP server to Claude Code.
Run in terminal:
View docs
Command
claude mcp add --transport stdio burtthecoder-mcp-virustotal npx -y @burtthecoder/mcp-virustotal \
  --env VIRUSTOTAL_API_KEY="your-virustotal-api-key"

How to use

The VirusTotal MCP Server exposes a set of reporting tools that query VirusTotal data and automatically fetch related artifacts (domains, IPs, files) to provide a comprehensive security analysis. It supports a range of report tools including get_url_report, get_file_report, get_ip_report, and get_domain_report, as well as relationship-oriented tools for deeper investigations. You can connect this MCP server to Claude Desktop, Codex CLI, or Gemini CLI, or run it directly as an HTTP streaming service. To use it, supply your VirusTotal API key via VIRUSTOTAL_API_KEY and invoke the appropriate tool through MCP-capable clients. For HTTP streaming mode, you can run the server with MCP_TRANSPORT=httpStream to expose a shared endpoint, and connect multiple clients to that endpoint.

How to install

Prerequisites:

  • Node.js and npm installed on your system
  • Internet access to install npm packages

Manual installation steps:

  1. Install the server globally via npm:
npm install -g @burtthecoder/mcp-virustotal
  1. Add to your Claude Desktop configuration (example):
{
  "mcpServers": {
    "virustotal": {
      "command": "mcp-virustotal",
      "env": {
        "VIRUSTOTAL_API_KEY": "your-virustotal-api-key"
      }
    }
  }
}
  1. If you run from source instead:
git clone <repository_url>
cd mcp-virustotal
npm install
npm run build
  1. Start in standard stdio mode (default) or in HTTP streaming mode by setting MCP_TRANSPORT as needed. For HTTP streaming, see the Environment Variables section and docker instructions in the project README.

Additional notes

Notes and tips:

  • Always provide VIRUSTOTAL_API_KEY to enable API access.
  • The server supports HTTP streaming mode via MCP_TRANSPORT=httpStream; in this mode, MCP_PORT controls the listening port and MCP_ENDPOINT sets the HTTP path (default /mcp).
  • When running in HTTP streaming mode, health is exposed at /health to indicate readiness.
  • If you deploy via Docker, build the image with the repository and run with -e VIRUSTOTAL_API_KEY and optional MCP_TRANSPORT settings.
  • For VS Code integration, ensure your mcp.json is configured with the correct command and environment variables for virustotal.
  • The npm package name is @burtthecoder/mcp-virustotal; use npx or npm -g as preferred to run the server.

Related MCP Servers

metorial

3.2k

Connect any AI model to 600+ integrations; powered by MCP 📡 🚀

mcp-package-version

119

An MCP server that provides LLMs with the latest stable package versions when coding

mcp-shodan

111

MCP server for querying the Shodan API

ironcurtain

73

A secure* runtime for autonomous AI agents. Policy from plain-English constitutions. (*https://ironcurtain.dev)

opencti_mcp_server

26

Natural language interface to OpenCTI threat intelligence. Built with Claude Code for $22. Part of Cooper Cyber Coffee.

BinaryAnalysis

10

MCP server for analyzing PE, ELF, and Mach-O binaries using LIEF

Sponsor this space

Reach thousands of developers