← 返回 Skills 市场
deepbitstech

Dr.Binary

作者 Deepbits Technology · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
209
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install binary-analysis
功能描述
Use when the user wants to analyze a binary file, check if a file is malicious, decompile an executable, or understand what a binary does. Triggers on: "anal...
使用说明 (SKILL.md)

Dr. Binary Analysis

Required environment variables

  • DRBINARY_API_KEY — drbinary.ai → Settings → Billing → API Key

Steps

1. Upload the binary

Run upload.py with the local file path. It uploads the file to the Dr. Binary sandbox and prints the remote path:

python skills/drbinary-analysis/upload.py /path/to/file.exe
# → /sandbox/\x3Cpathname>

2. Open Ghidra server

Call the ghidra_open_server MCP tool with the remote sandbox path returned in step 1. This initialises analysis and returns basic file metadata (size, hash, segments, imports, exports, strings, functions).

3. Analyse with Ghidra tools

Use the available MCP tools to perform a thorough analysis:

  • ghidra_list_imports — identify suspicious API calls
  • ghidra_list_strings — extract strings for IoC identification
  • ghidra_list_exports — list exported symbols
  • ghidra_decompile_function — decompile key functions to pseudo-C
  • ghidra_generate_call_graph — understand program flow
  • sandbox_execute — run safe commands (e.g. file, strings, sha256sum)

4. Report

Return a report in this format:

## Binary Analysis Report

**File Information**
- Name: [filename]
- Size: [bytes]
- SHA256: [hash]

**Analysis Summary**
[Brief overview of findings]

**Detailed Findings**
1. [Finding category]
   - Evidence: [specific data]
   - Significance: [what it means]

**Threat Assessment**
- Severity: [Critical/High/Medium/Low]
- Classification: [malware type or benign]
- Confidence: [High/Medium/Low]

**Recommendations**
1. [Action item]
安全使用建议
This skill appears to do what it says — it uploads a provided binary to an external sandbox (mcp.deepbits.com) for analysis — but there are a few things to check before installing/using it: - Verify the service and domain: SKILL.md refers to drbinary.ai while the upload URL is mcp.deepbits.com. Confirm you trust that endpoint and that it is the legitimate backend for the service you expect. - Expect data exfiltration: the script will transmit the entire binary to the remote server. Do not upload sensitive or proprietary binaries unless you trust the service and understand the privacy/retention policy. - .env loading risk: upload.py attempts to load a .env file three directories up and will set those variables in the environment. That could unintentionally surface other secrets (API keys, tokens) from your project. Consider removing or relocating any sensitive .env before running, or edit the script to not load external .env files. - Metadata mismatch: the registry metadata does not declare the DRBINARY_API_KEY requirement even though SKILL.md uses it. Treat the SKILL.md as authoritative, and ensure you provide a dedicated DRBINARY_API_KEY (not a shared/privileged secret). - If you need to proceed safely: (1) audit the upload URL and service ownership; (2) run the script in an isolated environment (sandbox/container) with a throwaway API key; (3) avoid using on real sensitive binaries. If you want, I can (a) summarize the exact lines in upload.py that read .env and send the file, (b) suggest a safer edit to the script that removes .env loading, or (c) help draft questions to verify the remote service operator.
功能分析
Type: OpenClaw Skill Name: binary-analysis Version: 1.0.0 The skill is designed to upload local binary files to an external third-party service (mcp.deepbits.com) for analysis. While this behavior is transparently documented in SKILL.md and upload.py, the automated transmission of local files to a remote endpoint represents a significant data exfiltration risk if used on sensitive or proprietary binaries. The code itself is not obfuscated and lacks clear malicious intent, but the inherent risk of cloud-based analysis of local files meets the threshold for a suspicious classification.
能力评估
Purpose & Capability
The skill's name/description (binary analysis, decompile, malware check) matches the code and SKILL.md: upload a binary to a sandbox and drive Ghidra-based analysis. However the registry metadata lists no required env vars while SKILL.md requires DRBINARY_API_KEY — an inconsistency. The upload target is UPLOAD_URL = https://mcp.deepbits.com/workspace/upload while SKILL.md references drbinary.ai, which is a domain/name mismatch worth verifying.
Instruction Scope
SKILL.md explicitly instructs running upload.py to send the local binary to a remote sandbox and then calling various MCP (Ghidra/sandbox) tools. upload.py reads only the file to upload, but it also attempts to load a .env file three directories up (Path(...)/.env) and sets environment variables from it. Reading a top-level .env is scope creep: it can expose unrelated secrets on the machine and cause unexpected values to be sent or used. The primary runtime action (uploading a user file to a third-party endpoint) is expected for this skill, but users must be aware the binary is transmitted off-host.
Install Mechanism
Instruction-only skill with a small Python helper script; there is no install spec and no archive downloads. No elevated install risk detected.
Credentials
SKILL.md requires a single API key (DRBINARY_API_KEY) which is proportionate to uploading to an external sandbox. But the registry metadata claims no required env vars, which is inconsistent. More importantly, upload.py's load_env reads a .env file outside the skill directory and merges those variables into the environment, risking accidental use or exposure of other secrets from the user's workspace.
Persistence & Privilege
The skill is not force-enabled (always: false) and does not request persistent or system-wide configuration changes. It runs on-demand and contains no code that modifies other skills or global agent settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install binary-analysis
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /binary-analysis 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial submission
元数据
Slug binary-analysis
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Dr.Binary 是什么?

Use when the user wants to analyze a binary file, check if a file is malicious, decompile an executable, or understand what a binary does. Triggers on: "anal... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 209 次。

如何安装 Dr.Binary?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install binary-analysis」即可一键安装,无需额外配置。

Dr.Binary 是免费的吗?

是的,Dr.Binary 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Dr.Binary 支持哪些平台?

Dr.Binary 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Dr.Binary?

由 Deepbits Technology(@deepbitstech)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论