Virustotal with Codex

How to integrate Virustotal MCP with Codex

Introduction What is the Virustotal MCP server Supported Tools & Triggers Conclusion How to build Virustotal MCP Agent with another framework Explore Other Toolkits FAQ

Connect Virustotal without Auth hassles

We manage OAuth, API Key, token refresh, and scopes, you just build.

Try for Free

Introduction

Codex is one of the most popular coding harnesses out there. And MCP makes the experience even better. With Virustotal MCP integration, you can draft, triage, summarise emails, and much more, all without leaving the terminal or app, whichever you prefer.

Composio removes the Authentication handling completely from you. We handle the entire integration lifecycle, and all you need to do is just copy the URL below, authenticate inside Codex, and start using it.

Why use Composio?

Apart from a managed and hosted MCP server, you will get:

CodeAct: A dedicated workbench that allows GPT to write its code to handle complex tool chaining. Reduces to-and-fro with LLMs for frequent tool calling.
Large tool responses: Handle them to minimise context rot.
Dynamic just-in-time access to 20,000 tools across 870+ other Apps for cross-app workflows. It loads the tools you need, so GPTs aren't overwhelmed by tools you don't need.

How to install Virustotal MCP in Codex

Codex CLI

Run the command in your terminal.

Terminal

This will auto-redirect you to the Rube authentication page.

Once you're authenticated, you will be able to access the tools.

Verify the installation by running:

codex mcp list

If you otherwise prefer to use config.toml, add the following URL to it. You can get the bearer token from rube.app → Use Rube → MCP URL → Generate token

[projects."/home/user/composio"]
trust_level = "untrusted"

[mcp_servers.rube]
bearer_token_env_var = "your bearer token"
enabled = true
url = "https://rube.app/mcp"

Codex in VS Code

If you have installed Codex in VS Code.

Then: ⚙️ → MCP Settings → + Add servers → Streamable HTTP:

Add the Rube MCP URL: https://rube.app/mcp and the bearer token.

To verify, click on the Open config.toml

Make sure it's there:

[mcp_servers.composio_rube]
bearer_token_env_var = "your bearer token"
enabled = true
url = "https://rube.app/mcp"

Codex App

Codex App follows the same approach as VS Code.

Click ⚙️ on the bottom left → MCP Servers → + Add servers → Streamable HTTP:

Restart and verify if it's there in .codex/config.toml

[mcp_servers.composio_rube]
bearer_token_env_var = "your bearer token"
enabled = true
url = "https://rube.app/mcp"

Save, restart the extension, and start working.

What is the Virustotal MCP server, and what's possible with it?

The Virustotal MCP server is an implementation of the Model Context Protocol that connects your AI agent and assistants like Claude, Cursor, etc directly to your Virustotal account. It provides structured and secure access to malicious file, URL, domain, and IP analysis, so your agent can perform actions like scanning files, retrieving threat reports, investigating domains, and posting comments or verdicts on your behalf.

Comprehensive threat analysis retrieval: Instantly fetch detailed reports on files, URLs, domains, or IP addresses to understand their security reputation and scan results from dozens of antivirus engines.
Relationship and metadata insights: Have your agent explore related entities—such as domains linked to a file, or files associated with an IP address—along with receiving broad metadata about available VirusTotal operations.
Automated commenting and feedback: Use your agent to post contextual comments on any analyzed resource, making collaboration and documentation of findings much easier.
Community-driven voting: Submit harmless or malicious verdicts on files and URLs after reviewing analysis, helping to crowdsource threat intelligence and improve detection accuracy.
Latest user comment retrieval: Let your agent pull up the most recent comments on a file, URL, domain, or IP address to quickly access community feedback and insights.

Supported Tools & Triggers

Tools

Add VirusTotal CommentTool to add a comment to a virustotal resource (file, url, domain, or ip address).

Add VoteTool to add a vote (harmless/malicious) to a virustotal resource.

Get Analysis ReportTool to retrieve the analysis report of a file or url submission.

Get commentsTool to retrieve the latest comments on a virustotal resource.

Get Domain RelationshipsTool to retrieve relationship objects for a given domain.

Get Domain ReportTool to retrieve the analysis report of a domain.

Get File ReportTool to retrieve the analysis report of a file.

Get IP Address RelationshipsTool to retrieve objects related to a specific ip address by relationship type.

Get IP Address ReportTool to retrieve the analysis report of an ip address.

Get VirusTotal MetadataTool to retrieve virustotal metadata.

Get URL ReportTool to retrieve the analysis report of a url.

Get VotesTool to retrieve votes on files, urls, domains, or ip addresses.

Rescan FileTool to re-analyze a previously submitted file.

Scan URLTool to submit a url for scanning.

Search VirusTotalTool to search for objects in the virustotal database.

Upload FileTool to upload a file for scanning.

Conclusion

You've successfully integrated Virustotal with Codex using Composio's Rube MCP server. Now you can interact with Virustotal directly from your terminal, VS Code, or the Codex App using natural language commands.

Key benefits of this setup:

Seamless integration across CLI, VS Code, and standalone app
Natural language commands for Virustotal operations
Managed authentication through Composio's Rube
Access to 20,000+ tools across 870+ apps for cross-app workflows
CodeAct workbench for complex tool chaining

Next steps:

Try asking Codex to perform various Virustotal operations
Explore cross-app workflows by connecting more toolkits
Build automation scripts that leverage Codex's AI capabilities

How to build Virustotal MCP Agent with another framework

OpenAI Agents SDK

Use Virustotal MCP with OpenAI Agents SDK

Claude Agent SDK

Use Virustotal MCP with Claude Agent SDK

Google ADK

Use Virustotal MCP with Google ADK

LangChain

Use Virustotal MCP with LangChain

Vercel AI SDK

Use Virustotal MCP with Vercel AI SDK

Mastra AI

Use Virustotal MCP with Mastra AI

LlamaIndex

Use Virustotal MCP with LlamaIndex

CrewAI

Use Virustotal MCP with CrewAI

Claude Code

Use Virustotal MCP with Claude Code

Explore Other Toolkits

21risk

API Key

21RISK is a web app built for easy checklist, audit, and compliance management. It streamlines risk processes so teams can focus on what matters.

Abstract

API Key

Abstract provides a suite of APIs for automating data validation and enrichment tasks. It helps developers streamline workflows and ensure data quality with minimal effort.

Agentql

API Key

Agentql is a toolkit that connects AI agents to the web using a specialized query language. It enables structured web interaction and data extraction for smarter automations.

TOOLKIT MARKETPLACE

FAQ

What are the differences in Tool Router MCP and Virustotal MCP?

With a standalone Virustotal MCP server, the agents and LLMs can only access a fixed set of Virustotal tools tied to that server. However, with the Composio Tool Router, agents can dynamically load tools from Virustotal and many other apps based on the task at hand, all through a single MCP endpoint.

Can I use Tool Router MCP with Codex?

Yes, you can. Codex fully supports MCP integration. You get structured tool calling, message history handling, and model orchestration while Tool Router takes care of discovering and serving the right Virustotal tools.

Can I manage the permissions and scopes for Virustotal while using Tool Router?

Yes, absolutely. You can configure which Virustotal scopes and actions are allowed when connecting your account to Composio. You can also bring your own OAuth credentials or API configuration so you keep full control over what the agent can do.

How safe is my data with Composio Tool Router?

All sensitive data such as tokens, keys, and configuration is fully encrypted at rest and in transit. Composio is SOC 2 Type 2 compliant and follows strict security practices so your Virustotal data and credentials are handled as safely as possible.

Used by agents from

Never worry about agent reliability

We handle tool reliability, observability, and security so you never have to second-guess an agent action.

Book a call↗Get started for free

Harsha GaddipatiCo-founder, Slashy

Karan skipped his own birthday party to fix our critical issue. It was 10 pm and he diverted his Waymo to help us instead. This really sets the bar, shows you the commitment you need to have when users rely on your software.

Abhi AryaCo-founder, Opennote

A lot of students tell us that the moment their connected tools start talking to each other inside Opennote feels almost magical. The agent just knows them, and it has immensely helped in keeping new users on the platform.

Nirman DaveCEO, Zams

We chose Composio over Pipedream because it delivered depth where it mattered. It supported niche tools and tricky edge cases that other platforms simply ignored. Giving us confidence to scale without compromising.

Ryan YuFounder, Extra Thursday

As a solo builder, shipping fast is life or death. The only way I can outcompete incumbents is by outmanoeuvring them. Getting bogged down in the complexities of managing agent auth would have been a death sentence for Extra Thursday.

Tomisin JenrolaFounder & CEO, SwarmZero

Before partnering with Composio, adding tool integrations was a slow, resource-intensive process. Each integration could take weeks or months of engineering time, and maintaining them meant constantly keeping up with API changes.

Jerome LeclancheCo-Founder, Ingram Technologies

With hands-on help from their founder, we integrated Gmail and Google Drive in just 30 minutes. This level of personal support and commitment is exactly what startups should strive for.

Harsha GaddipatiCo-founder, Slashy

Abhi AryaCo-founder, Opennote

Nirman DaveCEO, Zams

Ryan YuFounder, Extra Thursday

Tomisin JenrolaFounder & CEO, SwarmZero

Jerome LeclancheCo-Founder, Ingram Technologies

With hands-on help from their founder, we integrated Gmail and Google Drive in just 30 minutes. This level of personal support and commitment is exactly what startups should strive for.

Harsha GaddipatiCo-founder, Slashy

Abhi AryaCo-founder, Opennote

Nirman DaveCEO, Zams

Ryan YuFounder, Extra Thursday

Tomisin JenrolaFounder & CEO, SwarmZero

Jerome LeclancheCo-Founder, Ingram Technologies

With hands-on help from their founder, we integrated Gmail and Google Drive in just 30 minutes. This level of personal support and commitment is exactly what startups should strive for.

How to integrate Virustotal MCP with Codex

Table of Contents

Connect Virustotal without Auth hassles

Introduction

Why use Composio?

How to install Virustotal MCP in Codex

Codex CLI

Codex in VS Code

Codex App

What is the Virustotal MCP server, and what's possible with it?

Supported Tools & Triggers

Conclusion

How to build Virustotal MCP Agent with another framework

OpenAI Agents SDK

Claude Agent SDK

Google ADK

LangChain

Vercel AI SDK

Mastra AI

LlamaIndex

CrewAI

Claude Code

Explore Other Toolkits

21risk

Abstract

Agentql

FAQ

What are the differences in Tool Router MCP and Virustotal MCP?

Can I use Tool Router MCP with Codex?

Can I manage the permissions and scopes for Virustotal while using Tool Router?

How safe is my data with Composio Tool Router?

Used by agents from

Never worry about agent reliability