← ClaudeAtlas

virustotal-apilisted

Comprehensive reference for the VirusTotal API v3, covering authentication, rate limits, endpoint usage, and the critical differences between Free (Public) and Premium (Enterprise) tiers. Use this skill whenever a user asks about VirusTotal, VT API, scanning files or URLs with VirusTotal, threat intelligence lookups, IoC enrichment, YARA hunting, Retrohunt, Livehunt, VT Intelligence search, VT Graph, VT Monitor, VT Feeds, private scanning, malware analysis via VirusTotal, or building integrations with the VirusTotal API. Also trigger when the user mentions "VT", "virustotal", hash lookups, file reputation checks, URL scanning services, sandbox detonation reports, or any workflow involving programmatic interaction with VirusTotal's threat intelligence platform — even if they don't say "API" explicitly.
w33ts/virustotal-api-skill · ★ 2 · API & Backend · score 65
Install: claude install-skill w33ts/virustotal-api-skill
# VirusTotal API v3 — Agent Skill ## Quick Orientation VirusTotal (VT) is a threat intelligence platform that aggregates 70+ antivirus engines, 10+ dynamic analysis sandboxes, and numerous other security tools. Its REST API (v3) is the primary programmatic interface. The API is inspired by the JSON:API specification and returns JSON for all requests and responses, including errors. **Base URL:** `https://www.virustotal.com/api/v3` **Authentication:** Every request must include the header `x-apikey: <YOUR_API_KEY>`. Your key is found at https://www.virustotal.com/gui/my-apikey after signing into VirusTotal Community. Never pass the key as a query parameter — always use the header. ``` # Example: Get a file report by SHA-256 curl --request GET \ --url https://www.virustotal.com/api/v3/files/{sha256} \ --header 'x-apikey: YOUR_API_KEY' \ --header 'accept: application/json' ``` ```python # Python equivalent import requests url = "https://www.virustotal.com/api/v3/files/{sha256}" headers = {"accept": "application/json", "x-apikey": "YOUR_API_KEY"} response = requests.get(url, headers=headers) print(response.json()) ``` --- ## Free vs Enterprise — The Most Important Distinction Almost every decision about what you can build with the VT API depends on which tier you have. The two tiers are **Public API** (free) and **Premium API** (paid, also called "Private API" or "VT Enterprise"). Throughout this skill and the VT docs, a 🔒 icon marks enterprise-only endpoints or