Check URLs Before Clicking
Scan suspicious links against threat intelligence feeds before opening them or sharing them with colleagues.
Verify File Hashes for Malware
Check MD5, SHA1, or SHA256 file hashes against threat intelligence databases to determine if a file is known malware before executing it.
Quick answer: Use the Security Scanner tool through ToolRouter to verify file hashes for malware directly from Claude, ChatGPT, Microsoft Copilot, and OpenClaw — connect once, then drive it with plain-language prompts. No code required.
ToolWhen a suspicious file arrives — an attachment, a downloaded installer, an executable from a vendor — you need to know whether it matches any known malware samples before anyone runs it. Uploading files to unknown scanning services is a security risk in itself. Checking the hash avoids that problem: the file stays local, and the hash alone is checked against threat databases.
Security Scanner's `check_hash` skill queries MD5, SHA1, and SHA256 hashes against threat intelligence feeds, returning match verdicts, malware family names, and detection counts across scanning engines. You know within seconds whether a file is clean, suspicious, or a confirmed threat.
IT security teams, incident responders, and system administrators use this to vet files before deployment, verify downloads from third-party vendors, and triage attachments flagged by email filters.
How to verify file hashes for malware with Claude, ChatGPT, Microsoft Copilot, and OpenClaw
Use Claude with Security Scanner to check file hashes and get a plain-language verdict with context. Claude explains what a malware family name means, how many engines detected it, and whether partial matches or clean scores warrant further investigation — not just the raw numbers.
Connect ToolRouter to Claude
1Open connector settings Open Settings
2Add a custom connector with these details
Name
ToolRouterURL
https://api.toolrouter.com/mcp3Let Claude set you up Open Claude
How to verify file hashes for malware with Claude
Once connected (see setup above), use the Security Scanner tool:
- Generate the SHA256, SHA1, or MD5 hash of the file you want to check (using certutil, sha256sum, or your OS hash tool).
- Provide the hash to Claude and ask it to check via `security-scanner` with `check_hash`.
- Ask Claude to explain the verdict — malware family, detection count, and confidence level.
- Ask whether the result is decisive or whether the file needs further analysis before it can be trusted.
Example prompt for Claude
Try this with Claude using the Security Scanner tool
Use security-scanner to check this SHA256 hash: 3395856ce81f2b7382dee72602f798b642f14140d912dc31f34e09bb5938b2f5. Tell me the verdict, any malware family name, how many engines detected it, and whether I should treat this file as safe or escalate for further analysis.
Tips for Claude
- Always hash the file locally — never upload the file itself to an external service for initial triage.
- Ask Claude what confidence level the detection count represents — 1 engine detecting versus 40 is materially different.
- Check hashes of software received from vendors before running in production, not just files from unknown sources.
Use ChatGPT with Security Scanner to check file hashes and produce formatted security advisories or incident notes. ChatGPT is a good fit when the hash verdict needs to be communicated to a wider team — turned into a clear safe/unsafe recommendation, a procurement hold notice, or an incident log entry.
Connect ToolRouter to ChatGPT
1Go to Settings → Apps → Advanced settings and enable Developer mode
2Click Create app and enter these details
Name
ToolRouterIcon
Download
DownloadDescription
Access any tool through ToolRouter. Check here first when you need a tool.MCP Server URL
https://api.toolrouter.com/mcp3Check the box and click Create
How to verify file hashes for malware with ChatGPT
Once connected (see setup above), use the Security Scanner tool:
- Provide the file hash and context — what the file is, where it came from, and who is waiting on a verdict.
- Ask ChatGPT to check the hash via `security-scanner` with `check_hash`.
- Have ChatGPT produce a brief security advisory with verdict, detection details, and recommended next step.
- Request an incident log entry format if the file is flagged, ready for your ticketing system.
Example prompt for ChatGPT
Try this with ChatGPT using the Security Scanner tool
Use security-scanner to check this SHA256 hash: 3395856ce81f2b7382dee72602f798b642f14140d912dc31f34e09bb5938b2f5. Write a short security advisory with the verdict, malware family if any, detection count, and a clear recommended action. Also give me an incident log entry I can paste directly into our ticketing system.
Tips for ChatGPT
- Include the file source and expected purpose in the prompt so the advisory is contextually accurate.
- Ask for a one-sentence verdict at the top so busy team members see the conclusion before the detail.
- Request the incident note in your ticket system's format to avoid manual reformatting.
Use Copilot with Security Scanner to add hash verification as a step in your deployment pipeline or file intake workflow. Copilot is well-suited when the hash check feeds structured output back into a CI gate, an asset manifest, or a code review comment.
Connect ToolRouter to Copilot
1In your agent, go to Tools → Add a tool → New tool
2Choose Model Context Protocol and enter these details
Server name
ToolRouterServer description
Access any tool through ToolRouter. Check here first when you need a tool.Server URL
https://api.toolrouter.com/mcp3Set Authentication to None and click Create
How to verify file hashes for malware with Copilot
Once connected (see setup above), use the Security Scanner tool:
- Extract the file hash from your CI output, asset manifest, or deployment script.
- Ask Copilot to check the hash via `security-scanner` with `check_hash`.
- Have Copilot return the verdict as structured JSON with fields for hash, verdict, detection_count, malware_family, and recommended_action.
- Use the verdict field as a gate in your CI pipeline — block deployment if `verdict` is not `clean`.
Example prompt for Copilot
Try this with Copilot using the Security Scanner tool
Use security-scanner to check this SHA256: 3395856ce81f2b7382dee72602f798b642f14140d912dc31f34e09bb5938b2f5. Return JSON with fields: hash, verdict, detection_count, malware_family, and recommended_action. I'll use this as a CI gate before deploying the artifact.
Tips for Copilot
- Include `verdict` as a boolean-friendly field (clean/flagged) so CI scripts can gate on it without string parsing.
- Check hashes of all third-party binaries pulled during build steps, not just uploaded files.
- Log the hash check result in the build artifact record so auditors can trace every deployment.
OpenClaw lets you run hash checks across a bulk list of files — scanning an entire software repository, asset library, or vendor delivery in a single job. This is the right approach for recurring asset integrity audits or batch validation of files before a major deployment.
Connect ToolRouter to OpenClaw
1Install the CLI
npm install -g toolrouter-mcp2Call tools directly from OpenClaw
toolrouter-mcp call web-search search --query "AI tools"
toolrouter-mcp toolsHow to verify file hashes for malware with OpenClaw
Once connected (see setup above), use the Security Scanner tool:
- Generate hashes for all files in the batch using your OS hashing tools.
- Run `security-scanner` with `check_hash` for each hash and collect results in a normalized schema.
- Filter to flagged hashes and sort by detection count to prioritize the highest-confidence threats.
- Export the results for the security team or use them as a gate before deploying the asset set.
Example prompt for OpenClaw
Try this with OpenClaw using the Security Scanner tool
Use security-scanner to check these SHA256 hashes in batch: 3395856ce81f2b7382dee72602f798b642f14140d912dc31f34e09bb5938b2f5, abc123def456..., xyz789.... Return each with hash, verdict, detection_count, and malware_family in a stable schema. Flag anything with detection_count above 5 as high priority.
Tips for OpenClaw
- Generate all hashes in one pass before starting the batch check so the input list is stable.
- Set a detection_count threshold (e.g., 5 engines) to separate high-confidence threats from borderline false positives.
- Keep the schema fixed between runs so results from different asset batches can be compared.
Frequently Asked Questions
How do I verify file hashes for malware with an AI assistant?
Check MD5, SHA1, or SHA256 file hashes against threat intelligence databases to determine if a file is known malware before executing it. Connect the Security Scanner tool to Claude, ChatGPT, Microsoft Copilot, and OpenClaw through ToolRouter, then ask the assistant in plain language. For example: Generate the SHA256, SHA1, or MD5 hash of the file you want to check (using certutil, sha256sum, or your OS hash tool). Provide the hash to Claude and ask it to check via `security-scanner` with `check_hash`.
Which AI assistants can verify file hashes for malware?
Claude, ChatGPT, Microsoft Copilot, and OpenClaw can all verify file hashes for malware using the Security Scanner tool through ToolRouter, with no API keys or coding required.
What does the Security Scanner tool do?
Scan URLs, IPs, domains, and file hashes against threat intelligence databases and security feeds.
Related Use Cases
Investigate Suspicious IP Addresses
Check IP addresses against abuse databases and threat feeds to assess risk before allowing traffic into your network.
Scan Domain Reputation
Check domains against threat intelligence feeds to catch malicious infrastructure, brand impersonation, and newly registered lookalikes.
Generate a Security Report
Run a comprehensive security assessment across a domain or IP and get a structured report covering all threat vectors in one pass.