← Back to Skills Marketplace
bryan-project

VirusTotal Hash Analyzer

by Bryan-Project · GitHub ↗ · v1.0.2
cross-platform ✓ Security Clean
380
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install vt-hash-intel
Description
Instantly check if a file, URL, domain, or IP is malicious using VirusTotal. Paste any MD5/SHA1/SHA256 hash, URL, domain name, or IP address into the chat an...
Usage Guidance
This skill appears to do what it says: it calls VirusTotal v3 endpoints using the VT_API_KEY you provide and returns JSON reports for hashes/URLs/domains/IPs. Consider the following before installing/using: (1) Any IOC you submit is sent to VirusTotal and may be logged/shared per their policy — do not submit sensitive secrets or private data you cannot disclose. (2) Provide an API key with appropriate rate/quota limits; do not use broader credentials than needed. (3) The script can read IOCs from a file when you pass --file: only supply files you intend to query (don’t point it at arbitrary system files). (4) The SKILL.md command looks for the skill under /root/.openclaw — ensure the skill was installed from a trusted source and runs in an expected environment. If you need higher assurance, review the full vt_lookup.py source yourself (it is included) or run it in an isolated environment.
Capability Analysis
Type: OpenClaw Skill Name: vt-hash-intel Version: 1.0.2 The OpenClaw AgentSkill 'vt-hash-intel' is designed for querying VirusTotal for threat intelligence on hashes, URLs, domains, and IP addresses. The `SKILL.md` provides clear, detailed instructions for the AI agent to perform comprehensive analysis and reporting, including contextual flags for suspicious indicators (e.g., newly registered domains, suspicious TLDs). The `vt_lookup.py` script correctly implements the VirusTotal API interaction, handles rate limiting, and includes defanging logic for IOCs. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts designed to subvert the agent's intended behavior. All network calls are directed to the legitimate VirusTotal API endpoint, and the code uses standard Python libraries without suspicious external dependencies.
Capability Assessment
Purpose & Capability
Name/description ask to query VirusTotal for hashes/URLs/domains/IPs and the only required secret is VT_API_KEY. The included Python script and SKILL.md implement exactly those queries; no unrelated services, binaries, or credentials are requested.
Instruction Scope
Runtime instructions describe auto-detection of IOC types and invoking the local script. The only file-system access shown is locating the skill directory under /root/.openclaw to run the bundled script. The script supports reading IOCs from stdin or a user-specified file (normal for batch lookups) but the instructions do not direct reading arbitrary system files or other credentials.
Install Mechanism
No install spec; this is instruction + bundled script only. No downloads, package manager installs, or archive extraction are performed by the skill, minimizing install-time risk.
Credentials
Only VT_API_KEY is required, which is proportional to querying the VirusTotal API. The code reads that single env var and does not reference additional secrets or unrelated environment variables.
Persistence & Privilege
always is false and the skill does not request persistent or elevated platform privileges. It does not modify other skills or system-wide configuration.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install vt-hash-intel
  3. After installation, invoke the skill by name or use /vt-hash-intel
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
Version 2.0.0 is a major update with improved analysis and reporting for all IOC types. - Always provides full contextual intel for every IOC, regardless of threat level or VT verdict. - Domain and IP reports now always include registrar/creation info, DNS records, popularity, ASN, and ownership to support advanced threat hunting. - Adds enhanced contextual analysis and recommendations — e.g., flags newly-registered domains, suspicious hosters, or unranked sites even if undetected as malicious. - Clearly states that "clean" on VirusTotal does not guarantee safety; suggests additional checks for better security confidence. - Improves reporting for batch lookups: summary table first, then deep-dive on each flagged IOC. - Error and help messages unchanged.
v1.0.1
vt-hash-intel 2.0.0 — Major upgrade: Now supports all IOC types (hash, URL, domain, IP). - Lookup files, URLs, domains, and IP addresses in VirusTotal, including mixed and batch queries. - Auto-detects input type and automatically handles defanged IOCs (e.g., hxxp, [.] notation) in user input. - Returns enriched reports with threat verdict, detection ratio, family/category, community reputation, YARA/Sigma/sandbox results, DNS/WHOIS/ASN data (when available), and direct VirusTotal links. - Enhanced formatting and sorting for batch/mixed-type summaries; updated actionable recommendations for all IOC types. - Expanded error handling with more specific feedback for each IOC type and lookup scenario.
v1.0.0
- Initial release: Instantly check file hashes (MD5, SHA1, SHA256) against VirusTotal and get structured threat intelligence. - Supports single or batch hash lookups and provides detection ratio, threat level, key engine verdicts, YARA matches, sandbox results, and a direct VT link. - Clear, actionable recommendations based on threat severity for use in incident response and threat hunting. - User-friendly error handling for invalid hashes, API issues, rate limiting, and unknown hashes. - Multi-language triggers for keywords like "hash lookup," "malware check," "IOC," and corresponding Chinese terms.
Metadata
Slug vt-hash-intel
Version 1.0.2
License
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is VirusTotal Hash Analyzer?

Instantly check if a file, URL, domain, or IP is malicious using VirusTotal. Paste any MD5/SHA1/SHA256 hash, URL, domain name, or IP address into the chat an... It is an AI Agent Skill for Claude Code / OpenClaw, with 380 downloads so far.

How do I install VirusTotal Hash Analyzer?

Run "/install vt-hash-intel" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is VirusTotal Hash Analyzer free?

Yes, VirusTotal Hash Analyzer is completely free (open-source). You can download, install and use it at no cost.

Which platforms does VirusTotal Hash Analyzer support?

VirusTotal Hash Analyzer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created VirusTotal Hash Analyzer?

It is built and maintained by Bryan-Project (@bryan-project); the current version is v1.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments