nsheaps/binary-inspection
plugins/deep-research/skills/binary-inspection/SKILL.md
Use this skill when investigating compiled programs, executables, shared libraries, or any binary file where you need to understand its structure, embedded content, or build-time decisions. Trigger when: - User asks to inspect, analyze, or reverse engineer a binary - Finding hardcoded values, URLs, config keys, or strings in a compiled program - Understanding what libraries a binary links against - Investigating build-time decisions embedded in an executable - Extracting embedded resources or metadata from compiled code - Checking what symbols/functions a library exports Do NOT trigger for: - Text files, YAML, JSON, scripts (read directly with Read tool) - Running or executing binaries (binary-inspector is read-only) - Dynamic analysis, tracing, or debugging (strace/gdb are out of scope)
$ install --global
skillsauthnpx skillsauth add nsheaps/ai-mktpl binary-inspectionInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 6, 2026, 7:07 AM161.8s1 file scanned
SKILL.md
- name:
- binary-inspection
- description:
- |
Binary Inspection Skill
Use the binary-inspector agent from the deep-research plugin to analyze binary files without modifying them.
When to Use
- Investigating a compiled program's internals (embedded strings, URLs, config keys)
- Understanding which shared libraries an executable depends on
- Finding function names and exported symbols in a library
- Examining the structure of an ELF binary (sections, segments, dynamic entries)
- Extracting readable content from any non-text file
How to Invoke
Spawn the binary-inspector agent with a clear goal and output path:
Agent(binary-inspector, "Inspect <path/to/binary>. Goal: <what you're looking for>. Save findings to docs/research/<topic>-binary-inspection.md")
Always specify:
- The full path to the binary
- What you're trying to find or understand
- Where to save the findings
Common Tasks
Find hardcoded strings or config values
Agent(binary-inspector, "Inspect /usr/local/bin/claude. Goal: find any hardcoded channel names, URL allowlists, or API endpoint strings. Save findings to docs/research/claude-binary-strings.md")
Check linked libraries
Agent(binary-inspector, "Inspect /usr/lib/libssl.so. Goal: show all shared library dependencies and exported symbols. Save findings to docs/research/libssl-dependencies.md")
Identify file type and architecture
Agent(binary-inspector, "Inspect /path/to/unknown-binary. Goal: identify file type, architecture, and whether it is stripped. Save findings to docs/research/unknown-binary-identity.md")
Find exported function names
Agent(binary-inspector, "Inspect /usr/local/lib/libfoo.so. Goal: list all exported function names, especially those related to authentication. Save findings to docs/research/libfoo-symbols.md")
Example: Inspecting Claude Code for Channel Logic
One concrete use case is inspecting the Claude Code binary (/usr/local/bin/claude) to understand behavior that is not documented — for example, finding what channels or URLs are baked into the binary at build time.
Agent(binary-inspector, "Inspect /usr/local/bin/claude. Goal: find any strings related to channel names, API endpoints, authentication URLs, or allowlists. Pay special attention to strings containing 'api.anthropic.com', 'claude.ai', or channel identifiers. Save full findings to docs/research/claude-binary-channel-analysis.md and raw strings output to .claude/tmp/claude-binary-strings-raw.txt")
The agent will:
- Run
fileto confirm it is a valid executable - Extract strings with
strings -n 8 - Filter for keywords relevant to channels and URLs
- Check
readelf -dfor linked libraries - Attempt
nmfor symbol names (may be empty if stripped) - Save structured findings to the specified output path
Output
The binary-inspector saves a structured Markdown report to the path you specify. The report includes:
- File identity (type, architecture, linkage, stripped status)
- Strings of interest (filtered and annotated)
- Symbol analysis (if available)
- Library dependencies
- Key findings summary
- Gaps and limitations
Large raw outputs (full strings list, nm output) are saved as companion files in .claude/tmp/ to keep the main report readable.
Limitations
The binary-inspector performs static analysis only:
- Cannot trace runtime behavior (use
strace,ltrace, or a debugger for that) - Cannot recover function names from stripped binaries (strings and hexdump are the fallback)
- Cannot analyze obfuscated or packed binaries without unpacking first
- Requires standard Unix tools (
file,strings,xxd,readelf,nm,ldd) — note if any are missing
After Inspection
Per the research-output rules, commit inspection findings to docs/research/ on the main branch. Binary inspection results have lasting value for understanding tool internals and should not be left in .claude/tmp/.
Related Skills
nsheaps/github-app-session-env
tools
VerifiedTrustedCommunity
Manually reproduce what the github-app plugin's SessionStart hook does to make a GitHub App installation token usable in the current session — materialize the PEM, generate the token, isolate GH_CONFIG_DIR, write the runtime env file, and wire CLAUDE_ENV_FILE so every Bash call sees GH_TOKEN/GITHUB_TOKEN. Use when the hook did not run, the token is missing from the environment, or a shell/teammate needs the token wired up by hand. <example>GH_TOKEN isn't set even though github-app is configured</example> <example>the github-app SessionStart hook didn't run, set up the token manually</example> <example>wire the github app token into CLAUDE_ENV_FILE</example> <example>gh keeps falling back to the wrong account, isolate GH_CONFIG_DIR</example>
3SKILL.mdUpdated Jun 9, 2026
nsheaps/github-app-git-identity
tools
VerifiedTrustedCommunity
Manually configure the GitHub App bot git identity the way the github-app plugin's SessionStart hook does — resolve the app slug and bot user ID, build the <slug>[bot] name and noreply email, set GIT_AUTHOR_*/GIT_COMMITTER_* env vars, and write an isolated GIT_CONFIG_GLOBAL with the gh auth git-credential helper. Use when commits are attributed to the wrong account, "Author identity unknown" appears, or git identity must be set up by hand. <example>my commits are showing up as the handler, not the bot</example> <example>git says Author identity unknown after the github-app hook ran</example> <example>configure the github app bot git identity manually</example> <example>set up the gh credential helper for git push</example>
3SKILL.mdUpdated Jun 9, 2026
nsheaps/spec-management
tools
VerifiedTrustedCommunity
Manages spec files for requirements capture and validation
3SKILL.mdUpdated Jun 7, 2026
nsheaps/plugins/bash-command-rejection/skills/bash-chaining-alternatives
tools
VerifiedTrustedCommunity
# Bash Chaining Alternatives This skill teaches you how to work around the bash command chaining restriction enforced by this plugin. ## Why Chaining is Blocked The `bash-command-rejection` plugin blocks these operators: | Operator | Name | Why Blocked | | -------- | ---------- | ----------------------------------------------------------------------------------- | | `&&` | AND chain | Runs cmd2 only if cmd1 su
3SKILL.mdUpdated Jun 7, 2026