Virustotal Integration for AI Agents

Securely connect your AI agents and chatbots (Claude, ChatGPT, Cursor, etc) with Virustotal MCP or direct API to scan files or URLs, retrieve threat reports, analyze suspicious indicators, and automate security workflows through natural language.
BOOK A CALLGET STARTED FOR FREE
Virustotal Logo
Gradient Top
Gradient Middle
Gradient Bottom
divider

Supported Tools

Tools
Add VirusTotal CommentTool to add a comment to a virustotal resource (file, url, domain, or ip address).
Add VoteTool to add a vote (harmless/malicious) to a virustotal resource.
Get Analysis ReportTool to retrieve the analysis report of a file or url submission.
Get commentsTool to retrieve the latest comments on a virustotal resource.
Get Domain RelationshipsTool to retrieve relationship objects for a given domain.
Get Domain ReportTool to retrieve the analysis report of a domain.
Get File ReportTool to retrieve the analysis report of a file.
Get IP Address RelationshipsTool to retrieve objects related to a specific ip address by relationship type.
Get IP Address ReportTool to retrieve the analysis report of an ip address.
Get VirusTotal MetadataTool to retrieve virustotal metadata.
Get URL ReportTool to retrieve the analysis report of a url.
Get VotesTool to retrieve votes on files, urls, domains, or ip addresses.
Rescan FileTool to re-analyze a previously submitted file.
Scan URLTool to submit a url for scanning.
Search VirusTotalTool to search for objects in the virustotal database.
Upload FileTool to upload a file for scanning.

Connect Virustotal MCP Tool with your Agent

Python
TypeScript

Install Composio

python
pip install composio claude-agent-sdk
Install the Composio SDK and Claude Agent SDK

Create Tool Router Session

python
from composio import Composio
from claude_agent_sdk import ClaudeSDKClient, ClaudeAgentOptions

composio = Composio(api_key='your-composio-api-key')
session = composio.create(user_id='your-user-id')
url = session.mcp.url
Initialize the Composio client and create a Tool Router session

Connect to AI Agent

python
import asyncio

options = ClaudeAgentOptions(
    permission_mode='bypassPermissions',
    mcp_servers={
        'tool_router': {
            'type': 'http',
            'url': url,
            'headers': {
                'x-api-key': 'your-composio-api-key'
            }
        }
    },
    system_prompt='You are a helpful assistant with access to Virustotal tools.',
    max_turns=10
)

async def main():
    async with ClaudeSDKClient(options=options) as client:
        await client.query('Get the analysis report for file hash 44d88612fea8a8f36de82e1278abb02f')
        async for message in client.receive_response():
            if hasattr(message, 'content'):
                for block in message.content:
                    if hasattr(block, 'text'):
                        print(block.text)

asyncio.run(main())
Use the MCP server with your AI agent

Connect Virustotal API Tool with your Agent

Python
TypeScript

Install Composio

python
pip install composio_openai
Install the Composio SDK

Initialize Composio and Create Tool Router Session

python
from openai import OpenAI
from composio import Composio
from composio_openai import OpenAIResponsesProvider

composio = Composio(provider=OpenAIResponsesProvider())
openai = OpenAI()
session = composio.create(user_id='your-user-id')
Import and initialize Composio client, then create a Tool Router session

Execute Virustotal Tools via Tool Router with Your Agent

python
tools = session.tools
response = openai.responses.create(
  model='gpt-4.1',
  tools=tools,
  input=[{
    'role': 'user',
    'content': 'Scan this suspicious file hash for threats'
  }]
)
result = composio.provider.handle_tool_calls(
  response=response,
  user_id='your-user-id'
)
print(result)
Get tools from Tool Router session and execute Virustotal actions with your Agent

Why Use Composio?

AI Native Virustotal Integration

  • Supports both Virustotal MCP and direct API based integrations
  • Structured, LLM-friendly schemas for reliable tool execution
  • Rich coverage for submitting, scanning, and querying files, URLs, and reports

Managed Auth

  • Built-in API key management, securely handled by Composio
  • Central place to manage, scope, and revoke Virustotal access
  • Per user and per environment credentials instead of hard-coded keys

Agent Optimized Design

  • Tools are tuned using real error and success rates to improve reliability over time
  • Comprehensive execution logs so you always know what ran, when, and on whose behalf

Enterprise Grade Security

  • Fine-grained RBAC so you control which agents and users can access Virustotal
  • Scoped, least privilege access to Virustotal resources
  • Full audit trail of agent actions to support review and compliance

Use Virustotal with any AI Agent Framework

Choose a Framework you want to connect Virustotal with

Frequently Asked Questions

Do I need my own developer credentials to use Virustotal with Composio?

Yes, Virustotal requires you to configure your own API key credentials. Once set up, Composio handles secure credential storage and API request handling for you.

Can I use multiple toolkits together?

Yes! Composio's Tool Router enables agents to use multiple toolkits. Learn more.

Is Composio secure?

Composio is SOC 2 and ISO 27001 compliant with all data encrypted in transit and at rest. Learn more.

What if the API changes?

Composio maintains and updates all toolkit integrations automatically, so your agents always work with the latest API versions.

Used by agents from

Context
ASU
Letta
glean
HubSpot
Agent.ai
Altera
DataStax
Entelligence
Rolai
Context
ASU
Letta
glean
HubSpot
Agent.ai
Altera
DataStax
Entelligence
Rolai
Context
ASU
Letta
glean
HubSpot
Agent.ai
Altera
DataStax
Entelligence
Rolai

Never worry about agent reliability

We handle tool reliability, observability, and security so you never have to second-guess an agent action.

Book a callGet started for free