Tencent SkillHub · Communication & Collaboration

VirusTotal Hash Analyzer

Instantly check if a file, URL, domain, or IP is malicious using VirusTotal. Paste any MD5/SHA1/SHA256 hash, URL, domain name, or IP address into the chat an...

skill openclawclawhub Free

0 Downloads

0 Stars

0 Installs

0 Score

High Signal

Instantly check if a file, URL, domain, or IP is malicious using VirusTotal. Paste any MD5/SHA1/SHA256 hash, URL, domain name, or IP address into the chat an...

⬇ 0 downloads ★ 0 stars Unverified but indexed

Install for OpenClaw

Quick setup

Download the package from Yavira.
Extract the archive and review SKILL.md first.
Import or place the package into your OpenClaw setup.

Requirements

Target platform: OpenClaw
Install method: Manual import
Extraction: Extract archive
Prerequisites: OpenClaw
Primary doc: SKILL.md

Package facts

Download mode: Yavira redirect
Package format: ZIP package
Source platform: Tencent SkillHub
What's included: SKILL.md, _meta.json, scripts/vt_lookup.py

Validation

Use the Yavira download entry.
Review SKILL.md after the package is downloaded.
Confirm the extracted package contains the expected setup assets.

Install with your agent

Agent handoff

Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.

Download the package from Yavira.
Extract it into a folder your agent can access.
Paste one of the prompts below and point your agent at the extracted folder.

New install

I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.

Upgrade existing

I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.

Open Send to Agent page Open JSON manifest Open Markdown brief

Trust & source

Release facts

Source: Tencent SkillHub
Verification: Indexed source record
Version: 1.0.2

Provenance

Publisher: Bryan-Project
Source page: View original listing
Canonical URL: Open canonical page

Documentation

ClawHub primary doc Primary doc: SKILL.md 9 sections Open source page

VT Hash Intel — VirusTotal Threat Intelligence

Check any IOC (Indicator of Compromise) against VirusTotal's 70+ security engines. Supports four IOC types: TypeExampleVT EndpointHash (MD5/SHA1/SHA256)44d88612fea8a8f36de82e1278abb02f/files/{hash}URLhttps://malicious-site.com/payload/urls/{id}Domainevil-domain.com/domains/{domain}IP Address1.2.3.4/ip_addresses/{ip}

Prerequisites

VT_API_KEY environment variable must be set. Free key: https://www.virustotal.com/gui/my-apikey

Step 1: Identify IOCs from user input

The script auto-detects IOC type: Hash: 32 hex chars (MD5), 40 hex chars (SHA1), 64 hex chars (SHA256) URL: starts with http:// or https:// IP: IPv4 format like 1.2.3.4 Domain: everything else with dots and valid TLD (e.g. evil.com) The script also handles defanged IOCs automatically: hxxp:// → http:// hXXp:// → http:// evil[.]com → evil.com 1[.]2[.]3[.]4 → 1.2.3.4

Step 2: Run the lookup

SKILL_DIR="$(dirname "$(find /root/.openclaw -name 'SKILL.md' -path '*/vt-hash-intel/*' 2>/dev/null | head -1)")" # Single IOC (auto-detect type) python3 "$SKILL_DIR/scripts/vt_lookup.py" <ioc> # Mixed batch (hashes + URLs + domains + IPs together) python3 "$SKILL_DIR/scripts/vt_lookup.py" <hash> <url> <domain> <ip> # Force type if auto-detection is wrong python3 "$SKILL_DIR/scripts/vt_lookup.py" --type domain example.com

Step 3: Parse and present results

The JSON output always contains these common fields: ioc: the queried value ioc_type: "hash" | "url" | "domain" | "ip" detection_ratio: e.g. "45/72" threat_level: "clean" | "low" | "medium" | "high" threat_emoji: ✅ | ⚠️ | 🟠 | 🔴 detections: array of engines that flagged it reputation: VT community reputation score vt_link: direct link to the VT report error: non-null if something went wrong Hash-specific fields: sha256, md5, sha1, file_name, file_type, file_size_human, threat_label, popular_threat_name, crowdsourced_yara, sandbox_verdicts, sigma_rules URL-specific fields: url, final_url, title, categories Domain-specific fields: registrar, creation_date, dns_records, categories, popularity_ranks IP-specific fields: asn, as_owner, country, network

Step 4: Format the response

IMPORTANT: Always present full contextual analysis regardless of threat level. Even when an IOC is "clean" (0 detections), the contextual information is extremely valuable for security analysis. A clean VT result does NOT mean an IOC is safe — it may be too new, targeted, or simply not yet submitted. For hashes — present: Verdict line (emoji + level + detection ratio) File info: name, type, size, first seen date Threat classification (if malicious): family name, threat label Top engine detections (if any) YARA rules, sandbox verdicts, Sigma rules (if any) VT link Contextual analysis + recommendations For URLs — present: Verdict line URL + final redirected URL (flag if different — could indicate redirect chain) Page title Categories assigned by security vendors Top detections (if any) VT link Contextual analysis: analyze whether the URL pattern looks suspicious (random strings, suspicious TLD, known bad path patterns like /wp-content/uploads/*.exe) Recommendations For domains — always present these even if clean: Verdict line Registrar + creation date (flag if newly registered within last 30 days — common for phishing/malware) DNS records (A, AAAA, MX, NS, TXT records — helps identify hosting and infrastructure) Categories from security vendors Popularity ranking (low/no ranking on a queried domain can be suspicious) Reputation score VT link Contextual analysis: note if domain is very new, uses suspicious TLD, has low popularity, or uses known bulletproof hosting Recommendations For IPs — always present these even if clean: Verdict line ASN number + AS owner (helps identify hosting provider — flag known bulletproof hosters) Country (geographic context) Network CIDR range Reputation score VT link Contextual analysis: note if IP belongs to a cloud provider, VPS, residential proxy, or known hosting provider. Flag countries commonly associated with malicious infrastructure if relevant. Recommendations Threat level classification (same for all types): Malicious DetectionsLevelEmoji0clean✅1–5low⚠️6–15medium🟠16+high🔴

Step 5: Recommendations

Always provide actionable recommendations based on threat level AND context: 🔴 high: Block immediately in firewall/EDR/proxy, sweep environment for related IOCs, investigate affected hosts, collect lateral IOCs (related hashes/domains/IPs from VT) 🟠 medium: Likely malicious — isolate and investigate, submit to sandbox, check network IOCs ⚠️ low: Possible false positive — verify with sandbox, check file/URL context and origin, monitor ✅ clean: Present all available context (ASN, country, registrar, DNS, categories, reputation). Remind user: "Clean on VT does not guarantee safety — the IOC may be too new, too targeted, or not yet submitted. Consider checking other threat intel sources (AbuseIPDB, Shodan, URLhaus, etc.)." ❓ not found: Never submitted to VT — does NOT mean safe. Suggest uploading file to VT, or checking AlienVault OTX, AbuseIPDB, URLhaus for additional coverage. For batch results with mixed types, present a summary table first (IOC | type | verdict | detection ratio | key finding), then detailed reports for each item.

Error Handling

ErrorCauseResponseNotFoundErrorIOC not in VT DB"Not found in VT. This does NOT mean it's safe."AuthenticationErrorBad/missing API key"Check VT_API_KEY in your .env file."QuotaExceededErrorRate limit hit"Rate limited. Wait and retry."UnrecognizedIOCCannot detect type"Cannot identify this IOC type. Try --type flag."ConnectionErrorNetwork issue"Cannot reach VT API. Check network."

Examples

User: 帮我查一下这个hash 44d88612fea8a8f36de82e1278abb02f Agent: Detects MD5 hash → runs lookup → presents file threat report. User: Check this URL: https://suspicious-site.com/download.exe Agent: Detects URL → runs lookup → presents URL analysis with categories and detections. User: 这个域名安全吗？evil-domain.com Agent: Detects domain → runs lookup → presents domain report with DNS, WHOIS, and detections. User: 查一下这些IOC: 44d88612fea8a8f36de82e1278abb02f hxxps://bad-site[.]com/malware evil.com 1.2.3.4 Agent: Detects mixed types → runs batch lookup → presents summary table then individual reports sorted by severity.

Category context

Messaging, meetings, inboxes, CRM, and teammate communication surfaces.

Source: Tencent SkillHub

Largest current source with strong distribution and engagement signals.

Package contents

Included in package

1 Docs1 Scripts1 Config

SKILL.md Primary doc
scripts/vt_lookup.py Scripts
_meta.json Config