llm-binary-vuln-guide
Installation
SKILL.md
LLM-Based Binary Vulnerability Detection Guide
This skill provides research-backed techniques for using LLMs to detect vulnerabilities in binary code. It is loaded automatically when skwaq agents perform binary analysis to enhance their effectiveness.
Core Principle: Decompilation First
LLMs cannot effectively reason about raw bytes or assembly. Always decompile to pseudo-C before LLM analysis. Raw assembly has 98% cosine similarity across different CWE types, making classification impossible without lifting.
Pipeline: Binary → Disassembly → Decompilation (Ghidra) → LLM Enhancement → Vulnerability Analysis
Decompiled Code Optimization
Before sending decompiled output to an LLM, optimize it: