← Back to Skills Marketplace

VirusTotal 样本查询

Name: VirusTotal 样本查询
Author: lingggao

by Ling · GitHub ↗ · v1.8.6 · MIT-0

cross-platform ✓ Security Clean

485

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install vt-insight

Description

根据用户提供的哈希值，自动查询并格式化输出VirusTotal样本的检测统计、家族标签、沙箱分析及关键信息报告。

Usage Guidance

This skill appears internally consistent with its purpose, but note these practical considerations before installing: 1) You will be asked to paste a VirusTotal API key per query if you want the full API data — do not paste keys into public chats and prefer a scoped/revocable key. 2) If you don’t provide a key, the skill falls back to browser automation/scraping of the public GUI; this may fail or return incomplete data depending on your environment and the site’s behavior. 3) The skill is instruction-only and cannot itself persist credentials, but it relies on the agent following its own guidance (not to store keys). If you need enterprise-grade or audited behavior, prefer using an API key and test the skill with non-sensitive samples first. If you’re uncomfortable pasting API keys into the chat flow, do not install or use the skill.

Capability Analysis

Type: OpenClaw Skill Name: vt-insight Version: 1.8.6 The vt-insight skill (v1.8.6) is a VirusTotal lookup tool that retrieves malware analysis reports via API or browser automation. The SKILL.md file contains explicit security instructions for the AI agent, including strict prohibitions against downloading executables, accessing unrelated websites, or storing the user's API key. It also includes privacy safeguards, such as requiring a legal risk disclaimer and ensuring API keys are cleared after use. No evidence of malicious intent, data exfiltration, or unauthorized execution was found.

Capability Assessment

✓ Purpose & Capability

The name/description (query VirusTotal sample info by hash) matches the runtime instructions: use VirusTotal API when an API key is provided, otherwise use browser automation to scrape the public GUI. No unrelated credentials, binaries, or installs are requested.

ℹ Instruction Scope

SKILL.md explicitly limits actions to querying VirusTotal (Detection, Details, Relations, Behavior, Community, etc.) and formatting outputs, and forbids downloading samples or reading unrelated system state. The fallback to browser automation (parsing page JSON/static content) is within scope but depends on the agent's environment and may be brittle if browser automation tools are unavailable or pages require JS execution.

✓ Install Mechanism

Instruction-only skill with no install spec and no code files — nothing will be written to disk by an install. Lowest-risk delivery mechanism.

ℹ Credentials

The skill does not declare required env vars or primary credentials; it expects the user to supply a VirusTotal API key per command (e.g., vt-insight {hash} [key {api key}]). This on-demand API-key request is proportionate, but the skill relies on the agent and user to handle the key safely (SKILL.md instructs not to store keys).

✓ Persistence & Privilege

always is false and the skill does not request persistent system-level privileges or modify other skills. Autonomous invocation is enabled by default but not combined with broad credential requests or always:true.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install vt-insight
After installation, invoke the skill by name or use /vt-insight
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.8.6

- 更新版本号至 1.8.6，原有说明未变 - 未检测到其他文件或文档内容变更

v1.8.5

vt-insight 1.8.5 is a minor update focusing on improved community comment handling. - 明确要求：查询社区评论 (Community) 时需调用 GetFileComments 接口，不能仅用 GetFileInfo。 - 新增格式约束：原“VirusTotal API Key 与 SHA256 格式一致”说明移至更高编号，现为“要求 13”。 - 文档编号顺序微调，以反映新增内容。

v1.8.3

vt-insight 1.8.3 - 修正文档中 LGHUB 机构名称为“LGHUB · Security Response Center (LGSRC)” - 明确示例用于 VirusTotal API 的时间戳转换，详细列出原始时间戳到北京时间的转换过程，并列举了正确与错误示例 - 文档表达更加严谨，无功能改动

v1.8.1

- Bump version to 1.8.1 (from 1.8.0) in documentation. - No other changes detected; all instructions and content remain the same.

v1.8.0

- 更新版本号至 1.8.0。 - 其他内容保持不变，无功能或文档新增/修改。

v1.7.8

- Updated API key parameter format: now requires `vt-insight {hash} [key {api key}]` instead of `vt-insight {hash} [{api key}]`. - Clarified example usage to reflect the new API key input format. - No other functional or implementation changes noted.

v1.7.7

- 文档更新，补充部分输出项的建议字数范围，强调内容详细度要求。 - 明确 “family profile”、“behavior”、“community”、“conclusion” 等输出建议字数，方便格式一致与信息充分。 - last_analysis_date 的北京时间说明补充警示语，避免时间累加错误。 - 其余输出格式与规范保持不变。

v1.7.6

vt-insight 1.7.6 is a minor update with no file changes detected. - Version updated from 1.7.5 to 1.7.6 in documentation. - No changes in code, logic, or features.

v1.7.5

vt-insight 1.7.5 is a minor revision with documentation-only updates. - Clarified输出格式第4条，强调 {conclusion} 需包含所有安全研究员可能关注的关键信息（如样本行为、社区评论、IOC 等）。 - 加强输出格式要求：第9条标记为(重要)，强调需逐项甄别“Detection”“Details”“Relations”“Behavior”“Community”等所有信息，避免遗漏。 - 未做功能更改，代码无调整。

v1.7.3

vt-insight 1.7.3 introduces improvements to input parameter formatting and API key handling. - 用户命令格式由 `{hash},{api key}` 改为 `{hash} [{api key}]`，API key 必须用中括号括起，并以空格分隔。 - 明确禁止将 API key 误判为多个 SHA256，增强输入兼容性和准确性。 - 强化 SKILL.md 文档，明确表述输出格式和反病毒引擎表格要求。 - 其它细节指引和安全说明补充与完善。

v1.7.1

- Bump version to 1.7.1 (meta update only) - No code or content changes were detected - Documentation updated to reflect new version number

v1.7.0

vt-insight 1.7.0 Changelog - 优化了工具依赖描述，明确自动化需“无登录、无 Cookie”模式运行。 - 输出格式和使用说明未变，提升了相关描述的清晰度和安全约束表述。 - 未检测到实际功能或结构变更，仅文档内容修订。

v1.6.8

No user-facing changes detected in this release. - Version updated to 1.6.8 (from 1.6.7). - No changes to functionality, documentation, or outputs.

v1.6.7

vt-insight v1.6.7 - 更新版本号至 1.6.7。 - 其余内容未变。

v1.6.6

vt-insight 1.6.6 changelog - 明确补充 VirusTotal last_analysis_date 字段处理方式，要求先转 UTC 再加 8 小时为北京时间，避免重复累加偏差。 - 新增输出格式要求 11，指导时间戳转换，提升报告时间准确性。 - 版本号从 1.6.5 升级至 1.6.6。

v1.6.5

- 改进查询 API Key 的用法：现在用户可通过命令 `vt-insight {hash},{api key}`（用英文逗号分隔）直接提供 API Key，未提供时则自动使用浏览器自动化。 - 明确 API Key 的使用规则，强调每次查询时一起临时提供，不存储。 - 优化使用方式说明，删除冗余提示，提升易用性。 - 其他描述和格式细节优化，无功能变动。

v1.6.3

- 增强了对 VirusTotal API Key 的安全要求，禁止本地或云端存储，只在查询前临时请求并在输出后立即清空 - 其余功能、查询流程与输出格式无变化

v1.6.2

vt-insight 1.6.2 is a minor update with no code changes. - Version number updated from 1.6.1 to 1.6.2 in documentation. - No other modifications; functionality and instructions remain unchanged.

v1.6.1

vt-insight 1.6.1 is a minor update. - 更新作者信息，添加 LGHUB · Security Response Center 标识，并移除微软安全顾问描述。 - 输出格式部分，调整“上次分析日期”注释，改为“将原始数据转换为北京时间”。 - 其余内容、功能和使用说明保持一致，无功能性变更。

v1.6.0

vt-insight 1.6.0 introduces improved legal and privacy guidance, plus changes to API usage recommendations. - 安装时现要求 AI 模型向用户明确提示法律风险，并建议用户优先提供 VirusTotal API Key。 - 明确规定：优先使用 VirusTotal API 查询，仅在用户拒绝提供 API Key 时才使用浏览器自动化。 - 增加保护用户 API Key 的规范，要求严禁在 VirusTotal 之外使用。 - 补充和细化工具依赖及使用 API/Browsing 的决策流程说明。 - 其他文本表述微调，清晰阐明查询流程、风险提示和合规细节。

Metadata

Slug vt-insight

Version 1.8.6

License MIT-0

All-time Installs 1

Active Installs 1

Total Versions 34

Frequently Asked Questions

What is VirusTotal 样本查询?

根据用户提供的哈希值，自动查询并格式化输出VirusTotal样本的检测统计、家族标签、沙箱分析及关键信息报告。 It is an AI Agent Skill for Claude Code / OpenClaw, with 485 downloads so far.

How do I install VirusTotal 样本查询?

Run "/install vt-insight" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is VirusTotal 样本查询 free?

Yes, VirusTotal 样本查询 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does VirusTotal 样本查询 support?

VirusTotal 样本查询 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created VirusTotal 样本查询?

It is built and maintained by Ling (@lingggao); the current version is v1.8.6.

More Skills