AI Agent Skill HUB

virustotal-security-scanner

Scan files and URLs using VirusTotal API via curl or Python utilities. Check hashes, upload files, and manage comments.

7 stars
byDemerzels-lab
View on GitHubInstallation ↓

Best use case

virustotal-security-scanner is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Scan files and URLs using VirusTotal API via curl or Python utilities. Check hashes, upload files, and manage comments.

Teams using virustotal-security-scanner should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/virustotal-security-scanner/SKILL.md --create-dirs "https://raw.githubusercontent.com/Demerzels-lab/elsamultiskillagent/main/public/skills/aleph8/virustotal-security-scanner/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/virustotal-security-scanner/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How virustotal-security-scanner Compares

Feature / Agentvirustotal-security-scannerStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Scan files and URLs using VirusTotal API via curl or Python utilities. Check hashes, upload files, and manage comments.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# VirusTotal Scanner Skill

Interact with VirusTotal API using either standard system tools (curl) or Python utilities.

## Setup

1. Get your API key: https://www.virustotal.com/gui/user/[your-username]/apikey
2. Set the environment variable:
   ```bash
   export VT_API_KEY="your-api-key-here"
   ```

## Privacy Warning

**CRITICAL**: This skill involves sending data to VirusTotal, a public threat intelligence service.
1.  **Never upload files without explicit user consent.**
2.  **Do not include PII (Personally Identifiable Information)** in comments or descriptions.
3.  **Warn the user** that uploaded files are shared with the security community and can be downloaded by other researchers.

## Best Practices: Caching Results

To avoid unnecessary API calls and stay within rate limits, it is recommended to cache the JSON results locally. Use `~/.vt/` to store these reports.

```bash
# Create cache directory
mkdir -p ~/.vt

# Save a report to cache
HASH="your-file-hash"
curl --request GET \
     --url "https://www.virustotal.com/api/v3/files/$HASH" \
     --header "accept: application/json" \
     --header "x-apikey: $VT_API_KEY" > ~/.vt/$HASH.json

# Query the cache instead of the API (if jq available)
cat ~/.vt/$HASH.json | jq '.data.attributes.last_analysis_stats'
```

## Usage: Curl (Standard and use it by default)

### 1. Hash a file (Required for checks)
Calculate the SHA256 hash of a file to check if it exists in VirusTotal.
```bash
# Linux
sha256sum /path/to/file

# MacOS
shasum -a 256 /path/to/file

# Windows (PowerShell)
Get-FileHash /path/to/file -Algorithm SHA256
```

### 2. Check File Report
Check if a file hash is already known to VirusTotal.
```bash
curl --request GET \
     --url "https://www.virustotal.com/api/v3/files/{hash}" \
     --header "accept: application/json" \
     --header "x-apikey: $VT_API_KEY"
```

### 3. Upload File
**Privacy Note**: Only upload files if you have the user's explicit permission.

#### Small Files (< 32MB)
```bash
curl --request POST \
     --url "https://www.virustotal.com/api/v3/files" \
     --header "accept: application/json" \
     --header "x-apikey: $VT_API_KEY" \
     --form "file=@/path/to/file"
```

#### Large Files (> 32MB)
First, get a unique upload URL:
```bash
curl --request GET \
     --url "https://www.virustotal.com/api/v3/files/upload_url" \
     --header "accept: application/json" \
     --header "x-apikey: $VT_API_KEY"
```
Then upload to that URL:
```bash
curl --request POST \
     --url "{upload_url_from_previous_step}" \
     --header "accept: application/json" \
     --header "x-apikey: $VT_API_KEY" \
     --form "file=@/path/to/large_file"
```

### 4. File Comments
**Privacy Warning**: Do NOT include PII (Personally Identifiable Information) or sensitive data in comments. Context about the file origin or downloader is useful.

#### Get Comments
```bash
curl --request GET \
     --url "https://www.virustotal.com/api/v3/files/{hash}/comments?limit=10" \
     --header "accept: application/json" \
     --header "x-apikey: $VT_API_KEY"
```

#### Add Comment
```bash
curl --request POST \
     --url "https://www.virustotal.com/api/v3/files/{hash}/comments" \
     --header "accept: application/json" \
     --header "content-type: application/json" \
     --header "x-apikey: $VT_API_KEY" \
     --data '{"data": {"type": "comment", "attributes": {"text": "File found in /tmp directory via downloader script."}}}'
```

### 5. URL Scanning

#### Scan a URL
```bash
curl --request POST \
     --url "https://www.virustotal.com/api/v3/urls" \
     --header "accept: application/json" \
     --header "content-type: application/x-www-form-urlencoded" \
     --header "x-apikey: $VT_API_KEY" \
     --data "url={url_to_analyze}"
```

#### Get URL Report
Note: The ID for a URL is usually its SHA256 hash.
```bash
curl --request GET \
     --url "https://www.virustotal.com/api/v3/urls/{url_id_or_hash}" \
     --header "accept: application/json" \
     --header "x-apikey: $VT_API_KEY"
```

## Usage: Python Utilities

If system libraries are missing or you prefer Python, use the provided helper scripts.

### Install Requirements
```bash
pip install requests
```

### 1. Calculate Hash
```bash
python3 vt-scanner/calc_hash.py /path/to/file
```

### 2. API Client (`vt_client.py`)
This script wraps the API endpoints for easier usage.

#### Check File
```bash
python3 vt-scanner/vt_client.py check-file {hash}
```

#### Upload File
Handles both small and large file upload flows automatically.
```bash
python3 vt-scanner/vt_client.py upload-file /path/to/file
```

#### Get Comments
```bash
# For a file
python3 vt-scanner/vt_client.py get-comments {file_hash}

# For a URL
python3 vt-scanner/vt_client.py get-comments {url_id} --url
```

#### Add Comment
```bash
python3 vt-scanner/vt_client.py add-comment {id} "Your comment here"
```

#### Scan URL
```bash
python3 vt-scanner/vt_client.py scan-url "http://example.com"
```

#### Check URL Report
```bash
python3 vt-scanner/vt_client.py check-url {url_id}
```

Related Skills

security-operator

7
from Demerzels-lab/elsamultiskillagent

Runtime security guardrails for OpenClaw agents.

security-checker

7
from Demerzels-lab/elsamultiskillagent

Security scanner for Python skills before publishing to ClawHub.

security-auditor

7
from Demerzels-lab/elsamultiskillagent

Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.

tech-security-audit

7
from Demerzels-lab/elsamultiskillagent

This skill integrates Nmap scanning functionality to perform local network vulnerability assessments.

go-security-vulnerability

7
from Demerzels-lab/elsamultiskillagent

Identify, assess, and fix security vulnerabilities in Go modules using govulncheck. Handle common vulnerabilities like JWT issues and ensure application stability during fixes.

Security Joes AI Analyst

7
from Demerzels-lab/elsamultiskillagent

SecOps checks for endpoints: EDR, Sysmon, updates, EVTX on heartbeat, least privilege, network visibility, credential protection (Kerberos/NTLM/pass-the-hash), device inventory and known vulnerabilities, weekly assessment, and skill integrity (hash-on-wake, version-aware). Use when implementing or reviewing host posture, heartbeat logic, EDR/Sysmon/EVTX, privilege, network exposure, credential hardening, vuln assessment, weekly SecOps review, or skill compromise checks.

skill-scanner

7
from Demerzels-lab/elsamultiskillagent

Scan OpenBot/Clawdbot skills for security vulnerabilities, malicious code, and suspicious patterns before installing them. Use when a user wants to audit a skill, check if a ClawHub skill is safe, scan for credential exfiltration, detect prompt injection, or review skill security. Triggers on security audit, skill safety check, malware scan, or trust verification.

Heimdall - Security Scanner for AI Agent Skills

7
from Demerzels-lab/elsamultiskillagent

Scan OpenClaw skills for malicious patterns before installation. Context-aware scanning with AI-powered narrative analysis.

security-suite

7
from Demerzels-lab/elsamultiskillagent

Advanced security validation: pattern detection, command sanitization.

security

7
from Demerzels-lab/elsamultiskillagent

Advanced security validation for Clawdbot - pattern detection, command sanitization, and threat monitoring

ultimate-fork-and-skill-scanner

7
from Demerzels-lab/elsamultiskillagent

Scan GitHub forks and ClawHub skills for valuable changes, innovations, and enhancements.

fork-and-skill-scanner-ultimate

7
from Demerzels-lab/elsamultiskillagent

Scan 1,000 GitHub forks per run.