Instantly check if a file, URL, domain, or IP is malicious using VirusTotal. Paste any MD5/SHA1/SHA256 hash, URL, domain name, or IP address into the chat an...
Security Analysis
high confidenceThe skill is internally consistent with a VirusTotal lookup tool: it only requires a VT API key and its code and instructions match the stated purpose.
Name/description ask to query VirusTotal for hashes/URLs/domains/IPs and the only required secret is VT_API_KEY. The included Python script and SKILL.md implement exactly those queries; no unrelated services, binaries, or credentials are requested.
Runtime instructions describe auto-detection of IOC types and invoking the local script. The only file-system access shown is locating the skill directory under /root/.openclaw to run the bundled script. The script supports reading IOCs from stdin or a user-specified file (normal for batch lookups) but the instructions do not direct reading arbitrary system files or other credentials.
No install spec; this is instruction + bundled script only. No downloads, package manager installs, or archive extraction are performed by the skill, minimizing install-time risk.
Only VT_API_KEY is required, which is proportional to querying the VirusTotal API. The code reads that single env var and does not reference additional secrets or unrelated environment variables.
always is false and the skill does not request persistent or elevated platform privileges. It does not modify other skills or system-wide configuration.
Guidance
This skill appears to do what it says: it calls VirusTotal v3 endpoints using the VT_API_KEY you provide and returns JSON reports for hashes/URLs/domains/IPs. Consider the following before installing/using: (1) Any IOC you submit is sent to VirusTotal and may be logged/shared per their policy — do not submit sensitive secrets or private data you cannot disclose. (2) Provide an API key with appropriate rate/quota limits; do not use broader credentials than needed. (3) The script can read IOCs from a file when you pass --file: only supply files you intend to query (don’t point it at arbitrary system files). (4) The SKILL.md command looks for the skill under /root/.openclaw — ensure the skill was installed from a trusted source and runs in an expected environment. If you need higher assurance, review the full vt_lookup.py source yourself (it is included) or run it in an isolated environment.
Latest Release
v1.0.2
Version 2.0.0 is a major update with improved analysis and reporting for all IOC types. - Always provides full contextual intel for every IOC, regardless of threat level or VT verdict. - Domain and IP reports now always include registrar/creation info, DNS records, popularity, ASN, and ownership to support advanced threat hunting. - Adds enhanced contextual analysis and recommendations — e.g., flags newly-registered domains, suspicious hosters, or unranked sites even if undetected as malicious. - Clearly states that "clean" on VirusTotal does not guarantee safety; suggests additional checks for better security confidence. - Improves reporting for batch lookups: summary table first, then deep-dive on each flagged IOC. - Error and help messages unchanged.
Popular Skills
Published by @Bryan-Project on ClawHub
