Deepbits Cyber Assistant Plugin for Claude Code
The Plugin equips Claude Code with advanced binary analysis capabilities for tasks such as incident response, malware investigation, and vulnerability assessment. It connects to both cloud-based analysis platforms and local tools via MCP, enabling seamless hybrid workflows. With features including local Windows system scanning, browser hijacking detection, registry and network monitoring, suspicious file analysis, and remote binary analysis through tools like Ghidra, Qilin, and angr, the plugin transforms Claude Code into a powerful AI-assisted workspace for comprehensive system and binary security analysis.
Overview
The Claude Code Security Analysis Plugin extends Claude Code with advanced cybersecurity and binary-analysis capabilities, enabling developers and analysts to perform in-depth system investigations directly within their coding environment.
This plugin seamlessly integrates with both cloud-based analysis platforms and local security tools via the Model Context Protocol (MCP), creating a unified workspace for intelligent, AI-assisted security analysis.
Designed for incident response, malware forensics, and vulnerability research, the plugin empowers users to:
-
🧩 Investigate compromised systems to identify indicators of compromise (IoCs) and attack traces.
-
🦠 Analyze malware samples to uncover behaviors, persistence methods, and payloads.
-
🛡️ Perform vulnerability and exploit analysis, including binary diffing, patch validation, and code comparison.
-
⚙️ Combine cloud automation with local expertise, integrating Deepbits’ agentic binary-analysis capabilities into Claude Code.
Specialized Cybersecurity Capabilities
This plugin provides Claude Code with specialized cybersecurity features, including:
-
💻 Local Windows system scanning for malware, configuration weaknesses, and security issues.
-
🌐 Browser hijacking detection to identify malicious extensions or modified settings.
-
🧮 Windows Registry analysis to reveal persistence mechanisms or misconfigurations.
-
🧾 Suspicious file detection through behavioral and signature-based analysis.
-
🔗 Network connection monitoring for unusual or unauthorized communications.
-
🧠 Remote binary file analysis powered by Ghidra, Qilin, angr, and other advanced analysis frameworks.
Together, these capabilities transform Claude Code into a comprehensive cybersecurity co-pilot—bridging the gap between code intelligence, system defense, and binary analysis.
Features
🛡️ Security Scanning
- Comprehensive system security assessments
- Browser hijacking detection across Chrome, Firefox, Edge, and IE
- Windows Registry malware persistence detection
- Suspicious file system scanning
- Active network connection monitoring
🔍 Binary Analysis
- Upload suspicious files to remote sandbox
- Advanced static and dynamic analysis
- Malware classification and threat assessment
- Indicator of Compromise (IoC) extraction
- Detailed decompilation and code analysis
🤖 Specialized Agent
The Cyber Security Analyst agent provides expert-level security analysis with:
- Structured threat assessment workflow
- Evidence-based reporting
- Risk prioritization (Critical/High/Medium/Low)
- Actionable remediation steps
Installation
- Clone or download this plugin to your local machine
- Start the MCP server (required before running Claude Code):
npx -y @drbinary/claude-mcp-server
Note: The MCP server must be running before you start Claude Code. Keep this terminal open. This command can be executed from any folder.
- Run claude code (in a new terminal):
claude
Note: The claude command can be executed from any folder.
- Add marketplace:
/plugin marketplace add DeepBitsTechnology/claude-plugins
- Install the plugin:
/plugin install drbinary-chat-plugin@DeepBitsTechnology
- Connect MCP server:
/mcp
Important Configuration
MCP Server Startup
The MCP server will NOT start automatically. You must manually run the following command before starting Claude Code:
npx -y @drbinary/claude-mcp-server
Keep this terminal open while using the plugin, as Claude Code requires the MCP server to be running for binary analysis features.
MCP Timeout Setting
Binary analysis using disassemblers like Ghidra can take a significant amount of time to complete, especially for large or complex binaries. If you encounter MCP timeout issues during analysis, you should increase the MCP_TOOL_TIMEOUT environment variable.
Recommended setting:
export MCP_TOOL_TIMEOUT=600000