VirusTotal

live Security

File, URL, domain, and IP reputation across 70+ AV engines. BYO key (free tier 4 req/min, 500/day).

4 tools
0ms auth
free tier 50 calls/day
🔑 Authentication

BYO key only — free tier is tight (4 req/min, 500/day). Pass _apiKey on the gateway URL.

Config with credentials 
{
  "mcpServers": {
    "pipeworx-virustotal": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote@latest",
        "https://gateway.pipeworx.io/virustotal/mcp?_apiKey=your_vt_key"
      ]
    }
  }
}

Generate an app password →

Tools

lookup_file required: hash

Reputation for sha256 / sha1 / md5.

Parameters
Name Type Description
hash req string SHA-256 / SHA-1 / MD5
Try it
lookup_url required: url

Reputation for a URL.

Parameters
Name Type Description
url req string Full URL including scheme
Try it
lookup_domain required: domain

Reputation for a domain.

Parameters
Name Type Description
domain req string FQDN, no scheme
Try it
lookup_ip required: ip

Reputation for an IPv4 address.

Parameters
Name Type Description
ip req string IPv4 address
Try it

Test with curl

The gateway speaks JSON-RPC 2.0 over HTTP POST. You can test any pack directly from the terminal.

List available tools
bash 
curl -X POST https://gateway.pipeworx.io/virustotal/mcp \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'
Call a tool
bash 
curl -X POST https://gateway.pipeworx.io/virustotal/mcp \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"lookup_file","arguments":{"hash": "example"}}}'

Use with the SDK

Install @pipeworx/sdk to call tools from any TypeScript/Node project.

TypeScript 
import { Pipeworx } from '@pipeworx/sdk';
const px = new Pipeworx();
const result = await px.call("lookup_file", {"hash":"example"});
ask_pipeworx 
// Or ask in plain English:
const answer = await px.ask("file, url, domain, and ip reputation across 70+ av engines");