[Token-efficient triage]
Get hashes, file shape, imports, sections, strings, hardening posture, call structure, and likely behavior families before an agent spends context on a backend.
Rogue_Binary_MCP // Triage_Mode
Process_01: Overview
Rogue Binary MCP.
[agent_runtime] Docker-packaged binary analysis for agents. Faster, token-efficient malware triage returning bounded tool output instead of raw decompiler dumps.
agent / rbinmcp$ agent: use rbinmcp to triage /samples/app.exe
> get_backend_status
> triage_binary {"binary_path":"/samples/app.exe"}
rbm.orchestration.triage.v0
hashesmd5, sha256, file_size
shapeinfo, sections, entry_points
signalsimports, xrefs, call graph summary
$ agent: choose the next small call from the triage result
> binary_capabilities {"binary_path":"/samples/app.exe"}
Dockerbounded JSONcached backends
Process_02: Capabilities
[One Docker runtime]
Run the same MCP server with Ghidra, radare2, ILSpyCmd, binutils, file, strings, objdump, radiff2, binwalk, and the rbinmcp cache layout.
[Focused backend views]
Ask Ghidra, r2, ILSpy, or native wrappers for the smallest useful slice: callsites, CFGs, P-code, byte reads, member bodies, diffs, and strings.
[Evidence tied to claims]
Keep hashes, offsets, callsites, cache keys, and backend output next to the claim so follow-up calls stay repeatable.
Process_03: Secure_Comms
Contact Rogue Binary.
[submit_query] Rbinmcp feedback, binary-analysis tooling, malware triage, and private consulting.