# Document Binary Analysis Findings

Binary analysis often produces scattered notes, hypotheses, and tool outputs. This skill turns those materials into clear reports with traceable evidence.

## Install

```bash
npx skillstore add 2389-research/binary-re-synthesis
```

## Metadata

- - Status: approved
- - Slug: 2389-research-binary-re-synthesis
- - Version: 1.0.0
- - Author: 2389-research
- - GitHub username: 2389-research
- - License: MIT
- - Repository: https://github.com/2389-research/claude-plugins/tree/main/binary-re/skills/synthesis
- - Ref: main
- - Supported tools: Claude, Codex, Claude Code
- - Risk level: low
- - Quality score: 77
- - Quality tier: bronze
- - Public page: https://skillstore.pages.dev/skills/2389-research-binary-re-synthesis
- - Manifest: https://skillstore.pages.dev/api/skills/2389-research-binary-re-synthesis/manifest

## Capabilities

- Organizes triage, static, and dynamic analysis facts into a report structure.
- Maps hypotheses to confirmed, refuted, uncertain, or unvalidated statuses.
- Connects related evidence across functions, strings, syscalls, files, and network observations.
- Builds capability summaries for network, file system, cryptography, and execution behavior.
- Creates human-readable Markdown report templates and evidence logs.
- Suggests next analysis steps and security review recommendations.

## Use Cases

- Prepare a handoff report: Convert analysis notes into a structured document for another security engineer.
- Summarize malware behavior: Group observed capabilities, external communications, and open questions into a concise finding set.
- Document firmware review results: Record binary purpose, confidence, file access, network behavior, and follow-up checks.

## Prompt Templates

### Create a basic summary

```
Summarize these binary analysis notes into an executive summary, confirmed findings, and remaining unknowns.
```

### Validate hypotheses

```
Review these hypotheses against the available evidence. Mark each one as confirmed, refuted, uncertain, or unvalidated.
```

### Build a capability map

```
Create a capability summary from these static and dynamic findings. Include confidence levels and evidence references.
```

### Produce a full analysis report

```
Generate a complete binary analysis report with artifact details, behavior, evidence log, recommendations, and open questions.
```

## Limitations

- It does not reverse engineer binaries by itself.
- It depends on accurate findings from earlier analysis phases.
- It cannot verify behavior that was not observed or documented.
- It may require analyst review for ambiguous or incomplete evidence.

## Best Practices

- Provide source evidence for every conclusion before asking for synthesis.
- Separate confirmed observations from inferred behavior and speculation.
- Keep raw tool output in appendices and summarize the important findings.

## Anti Patterns

- Do not ask it to invent missing evidence or assign confidence without support.
- Do not mix unrelated binaries in one report unless comparing them directly.
- Do not treat generated reports as final without analyst review.

## Security Audit

- - Safe to publish: true
- - Audited at: 2026-06-27T16:08:56.991\+00:00
- - Summary: Static analysis flagged shell syntax, network indicators, weak cryptography terms, log paths, and reconnaissance language. Review found these are Markdown examples for binary-analysis reports, not executable code or operational instructions. No prompt injection, data exfiltration, or malicious execution behavior was found.

## Stats

- - Views: 174
- - Downloads: 13
- - Favorites: 0
- - Popularity score: 0
