vt_ip
Analyze IP addresses for security threats using VirusTotal data, providing reputation scores, detection statistics, and network information to identify potential risks.
Instructions
VirusTotal IP analysis: reputation, detection stats, country, ASN, network. Requires VT_API_KEY.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| ip | Yes | IP address to analyze |
Implementation Reference
- src/virustotal/index.ts:92-113 (handler)Implementation of the VirusTotal IP analysis logic.
export async function vtIp(ip: string, apiKey: string): Promise<VtIpResult> { const cacheKey = `vt:ip:${ip}`; const cached = cache.get(cacheKey); if (cached) return cached; const data = await vtFetch(`/ip_addresses/${encodeURIComponent(ip)}`, apiKey); if (!data) throw new Error(`IP ${ip} not found on VirusTotal`); const attrs = data.data?.attributes ?? {}; const result: VtIpResult = { ip, reputation: attrs.reputation ?? 0, analysisStats: attrs.last_analysis_stats ?? { malicious: 0, suspicious: 0, undetected: 0, harmless: 0 }, country: attrs.country, asn: attrs.asn, asOwner: attrs.as_owner, network: attrs.network, }; cache.set(cacheKey, result); return result; } - src/virustotal/index.ts:29-37 (schema)Result interface for VtIp.
interface VtIpResult { ip: string; reputation: number; analysisStats: VtAnalysisStats; country?: string; asn?: number; asOwner?: string; network?: string; } - src/protocol/tools.ts:194-204 (registration)Registration of the vt_ip tool within the protocol handler registry.
const vtIpTool: ToolDef = { name: "vt_ip", description: "VirusTotal IP analysis: reputation, detection stats, country, ASN, network. Requires VT_API_KEY.", schema: { ip: z.string().describe("IP address to analyze"), }, execute: async (args, ctx) => { const key = requireApiKey(ctx.config.vtApiKey, "VirusTotal", "VT_API_KEY"); return json(await vtIp(args.ip as string, key)); }, };