virustotal security scanner
Scan files and URLs using VirusTotal API via curl or Python utilities. Check hashes, upload files, and manage comments.
Why use this skill?
Analyze files and URLs for malware using the VirusTotal API. Safely check hashes, manage reports, and automate threat intelligence tasks with the OpenClaw security scanner.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/aleph8/virustotal-securityWhat This Skill Does
The VirusTotal security scanner skill enables OpenClaw to perform comprehensive threat intelligence lookups on files and URLs. It facilitates interaction with the VirusTotal v3 API using standard terminal tools like curl or specialized Python utilities. The skill allows you to verify file hashes, perform file uploads (for files up to 32MB directly or larger via multipart upload URLs), and manage security analysis comments. It acts as an interface between your local environment and the global threat intelligence community, helping you identify malware, suspicious scripts, and malicious infrastructure.
Installation
To integrate this skill, run the following command in your terminal:
clawhub install openclaw/skills/skills/aleph8/virustotal-security
Ensure you have your VirusTotal API key configured in your environment variables:
export VT_API_KEY="your-api-key-here"
Use Cases
- Incident Response: Quickly check if an unknown downloaded file has been flagged by any antivirus engine in the VirusTotal database by checking its SHA256 hash.
- Security Auditing: Automate the submission of suspicious files identified during directory scans to verify their safety status.
- Threat Intelligence: Keep records of file analysis results locally for offline review or to monitor changes in detection rates over time.
- Collaboration: Add community comments to specific file reports to provide context or warnings regarding specific threat vectors found in your organization.
Example Prompts
- "OpenClaw, calculate the SHA256 hash of ./malware_sample.exe and check if it is already known to VirusTotal."
- "I have a suspicious file at ./downloads/patch.zip. Please upload it to VirusTotal and provide me with the analysis report summary."
- "Can you check the current reputation of the URL http://suspicious-site.io and save the JSON result to my ~/.vt folder for later reference?"
Tips & Limitations
- Caching: Always cache API results in
~/.vt/to respect rate limits and reduce redundant API calls. - Privacy: This is a public threat intelligence service. Never upload proprietary, sensitive, or PII-containing files, as the data will be shared with the broader security research community.
- Large Files: For files exceeding 32MB, the skill requires a two-step process: fetching a custom upload URL first, then uploading the binary data to that specific endpoint.
- Rate Limits: Free API keys have strict quotas; be mindful of volume when batch-scanning files.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-aleph8-virustotal-security": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read, external-api, network-access
Related Skills
virustotal security scanner
Scan files and URLs using VirusTotal API via curl or Python utilities. Check hashes, upload files, and manage comments.
virustotal-security-scanner
Scan files and URLs using VirusTotal API via curl or Python utilities. Check hashes, upload files, and manage comments.
yahoo-finance
Get stock quotes, financial data, market news, and portfolio analytics from Yahoo Finance. Use when you need real-time stock prices, historical data, company financials, crypto prices, or market analysis.