The VirusTotal MCP Server provides a secure way to analyze URLs, files, IP addresses, and domains by interfacing with the VirusTotal API. It automatically fetches comprehensive security data including relationship information and integrates with MCP-compatible applications like Claude Desktop.
The easiest way to install the VirusTotal MCP server for Claude Desktop is through Smithery:
npx -y @smithery/cli install @emeryray2002/virustotal-mcp --client claude
Before installation, ensure you have:
These tools provide comprehensive security reports with automatically fetched relationship data.
await get_url_report(url="http://example.com/suspicious")
Returns a complete URL analysis including security scan results and key relationships such as:
await get_file_report(hash="44d88612fea8a8f36de82e1278abb02f")
Analyzes a file using its hash (MD5, SHA-1, or SHA-256) and returns:
await get_ip_report(ip="8.8.8.8")
Provides comprehensive IP address analysis including:
await get_domain_report(domain="example.com")
Delivers a complete domain analysis with:
These tools allow for detailed investigation of specific relationships with pagination support.
await get_url_relationship(
url="http://example.com/suspicious",
relationship="communicating_files",
limit=20
)
Query specific relationship types for a URL. Available relationships include:
await get_file_relationship(
hash="44d88612fea8a8f36de82e1278abb02f",
relationship="behaviours",
limit=20
)
Query specific relationship types for a file. Available relationships include:
await get_ip_relationship(
ip="8.8.8.8",
relationship="communicating_files",
limit=20
)
Query specific relationship types for an IP address. Available relationships include:
await get_domain_relationship(
domain="example.com",
relationship="historical_ssl_certificates",
limit=20
)
Query specific relationship types for a domain. Available relationships include:
await advanced_corpus_search(
query="type:peexe size:100kb+ positives:5+",
limit=20,
cursor=None
)
Perform complex searches across the VirusTotal dataset using VT Intelligence query syntax.
The server handles various error conditions:
To add this MCP server to Claude Code, run this command in your terminal:
claude mcp add-json "virustotal-mcp" '{"command":"npx","args":["-y","@emeryray2002/virustotal-mcp"]}'See the official Claude Code MCP documentation for more details.
There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json file so that it is available in all of your projects.
If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json file.
To add a global MCP server go to Cursor Settings > Tools & Integrations and click "New MCP Server".
When you click that button the ~/.cursor/mcp.json file will be opened and you can add your server like this:
{
"mcpServers": {
"virustotal-mcp": {
"command": "npx",
"args": [
"-y",
"@emeryray2002/virustotal-mcp"
]
}
}
}To add an MCP server to a project you can create a new .cursor/mcp.json file or add it to the existing one. This will look exactly the same as the global MCP server example above.
Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.
The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.
You can also explicitly ask the agent to use the tool by mentioning the tool name and describing what the function does.
To add this MCP server to Claude Desktop:
1. Find your configuration file:
~/Library/Application Support/Claude/claude_desktop_config.json%APPDATA%\Claude\claude_desktop_config.json~/.config/Claude/claude_desktop_config.json2. Add this to your configuration file:
{
"mcpServers": {
"virustotal-mcp": {
"command": "npx",
"args": [
"-y",
"@emeryray2002/virustotal-mcp"
]
}
}
}3. Restart Claude Desktop for the changes to take effect