Google Threat Intelligence MCP Server

analyse_file

Upload a file to VirusTotal for community-shared analysis and receive a detailed threat report.

Instructions

Upload and analyse the file in VirusTotal.

The file will be uploaded to VirusTotal and shared with the community.

Args: file_path (required): Path to the file for analysis. Use absolute path. Returns: The analysis report.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`file_path`	Yes
`api_key`	No

Implementation Reference

gti_mcp/tools/files.py:251-269 (handler)

The analyse_file tool handler function. It uploads a file to VirusTotal, waits for analysis completion, and returns the sanitized report.

@server.tool()
async def analyse_file(file_path: str, ctx: Context, api_key: str = None):
  """Upload and analyse the file in VirusTotal.

  The file will be uploaded to VirusTotal and shared with the community.

  Args:
    file_path (required): Path to the file for analysis. Use absolute path.
  Returns:
    The analysis report.
  """
  async with vt_client(ctx, api_key=api_key) as client:
    with open(file_path, "rb") as f:    
      analysis = await client.scan_file_async(file=f)
      logging.info(f"File {file_path} uploaded.")

    res = await client.wait_for_analysis_completion(analysis)
    logging.info(f"Analysis has completed with ID %s", res.id)
    return utils.sanitize_response(res.to_dict())

gti_mcp/tools/files.py:251-252 (registration)
The @server.tool() decorator registers this function as an MCP tool named 'analyse_file'. The server is defined in gti_mcp/server.py as a FastMCP instance.
```
@server.tool()
async def analyse_file(file_path: str, ctx: Context, api_key: str = None):
```

gti_mcp/server.py:56-64 (helper)

The vt_client async context manager used by analyse_file to obtain a vt.Client instance for VirusTotal API calls.

@asynccontextmanager
async def vt_client(ctx: Context, api_key: str = None) -> AsyncIterator[vt.Client]:
  """Provides a vt.Client instance for the current request."""
  client = vt_client_factory(ctx, api_key)

  try:
    yield client
  finally:
    await client.close_async()

gti_mcp/server.py:66-74 (registration)

The FastMCP server instance and the import that loads all tools including analyse_file from gti_mcp/tools.

# Create a named server and specify dependencies for deployment and development
server = FastMCP(
    "Google Threat Intelligence MCP server",
    dependencies=["vt-py"],
    stateless_http=stateless)

# Load tools.
from gti_mcp.tools import *

Tool Definition Quality

A4/5.0

Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden for behavioral disclosure. It explicitly states that the file will be shared with the community, which is a key privacy implication. It also notes that it returns an analysis report. However, it lacks details on potential destructive actions, rate limits, or authentication requirements beyond the optional api_key.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is extremely concise (two sentences plus an Args/Returns section), with no unnecessary information. The structure is clear with separate sections for description, arguments, and returns.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the simplicity of the tool (2 parameters, no output schema, no enums, no nested objects), the description provides adequate context: what it does, the file path requirement, and that it returns an analysis report. It could be more specific about the report format, but overall it is sufficient for an AI agent to understand the tool's basic function.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The input schema has 0% description coverage, so the description must compensate. It does for file_path by specifying it is required, of type path, and to use absolute path. However, the api_key parameter is not mentioned in the description, leaving its purpose unclear beyond the schema default of null.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states 'Upload and analyse the file in VirusTotal', using a specific verb and resource. Among sibling tools which are mostly read-only queries and searches, this is the only tool that performs an upload and analysis, making it easily distinguishable.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description mentions the action of uploading and sharing with the community, implying when to use it (for file analysis). However, it does not provide explicit guidance on when not to use this tool or mention alternative sibling tools (e.g., get_file_report for already analyzed files).

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/googleSandy/gti-mcp-standalone'

If you have feedback or need assistance with the MCP directory API, please join our Discord server