Main Site β†—
SkillHubSkillHub
SKILLHUB
Back to ListFrom collection "SkillsBench"

binary-analysis

by benchflow-ai890172GitHub

Analyze binary files (exe, dll, sys, bin, ocx, scr, cpl, drv) to assess if they are malicious, perform decompilation, extract strings/imports/exports, detect malware, and provide threat assessment. Use this skill when user asks to analyze, examine, check, or assess any binary file, asks if a file is malicious/suspicious/safe, or provides a file path to a binary. Trigger for phrases like "Is [file] malicious?", "Analyze [file]", "What does [binary] do?", or any request involving binary file analysis.

Unlock Deep Analysis

Use AI to visualize the workflow and generate a realistic output preview for this skill.

Powered by Fastest LLM

Development
Compatible Agents
Claude Code
Claude Code
~/.claude/skills/
Codex CLI
Codex CLI
~/.codex/skills/
Gemini CLI
Gemini CLI
~/.gemini/skills/
O
OpenCode
~/.opencode/skills/
O
OpenClaw
~/.openclaw/skills/
GitHub Copilot
GitHub Copilot
~/.copilot/skills/
Cursor
Cursor
~/.cursor/skills/
W
Windsurf
~/.codeium/windsurf/skills/
C
Cline
~/.cline/skills/
R
Roo Code
~/.roo/skills/
K
Kiro
~/.kiro/skills/
J
Junie
~/.junie/skills/
A
Augment Code
~/.augment/skills/
W
Warp
~/.warp/skills/
G
Goose
~/.config/goose/skills/
SKILL.md

Dr. Binary Analysis

Required environment variables

  • DRBINARY_API_KEY β€” drbinary.ai β†’ Settings β†’ Billing β†’ API Key

Steps

1. Upload the binary

Run upload.py with the local file path. It uploads the file to the Dr. Binary sandbox and prints the remote path:

python skills/drbinary-analysis/upload.py /path/to/file.exe
# β†’ /sandbox/<pathname>

2. Open Ghidra server

Call the ghidra_open_server MCP tool with the remote sandbox path returned in step 1. This initialises analysis and returns basic file metadata (size, hash, segments, imports, exports, strings, functions).

3. Analyse with Ghidra tools

Use the available MCP tools to perform a thorough analysis:

  • ghidra_list_imports β€” identify suspicious API calls
  • ghidra_list_strings β€” extract strings for IoC identification
  • ghidra_list_exports β€” list exported symbols
  • ghidra_decompile_function β€” decompile key functions to pseudo-C
  • ghidra_generate_call_graph β€” understand program flow
  • sandbox_execute β€” run safe commands (e.g. file, strings, sha256sum)

4. Report

Return a report in this format:

## Binary Analysis Report

**File Information**
- Name: [filename]
- Size: [bytes]
- SHA256: [hash]

**Analysis Summary**
[Brief overview of findings]

**Detailed Findings**
1. [Finding category]
   - Evidence: [specific data]
   - Significance: [what it means]

**Threat Assessment**
- Severity: [Critical/High/Medium/Low]
- Classification: [malware type or benign]
- Confidence: [High/Medium/Low]

**Recommendations**
1. [Action item]

Source: https://github.com/benchflow-ai/SkillsBench#registry-terminal_bench_2.0-full_batch_reviewed-terminal_bench_2_0_vulnerable-secret-environment-skills-binary-analysis

Content curated from original sources, copyright belongs to authors

Grade B
-AI Score
Best Practices
Checking...
Try this Skill

User Rating

USER RATING

0UP
0DOWN
Loading files...

WORKS WITH

Claude Code
Claude
Codex CLI
Codex
Gemini CLI
Gemini
O
OpenCode
O
OpenClaw
GitHub Copilot
Copilot
Cursor
Cursor
W
Windsurf
C
Cline
R
Roo
K
Kiro
J
Junie
A
Augment
W
Warp
G
Goose