Knowledge Hub · capability
Capabilities
What Decoder can do — every analysis, chat and origin-detection flow shipped today.
- Analysis#security#malware#staticStatic Malware Analysis
Static malware analysis inspects code and binaries without executing them. Decoder runs it locally on your upload and surfaces suspicious patterns, entropy spikes and known indicators — no API key required.
- Analysis#repo#github#zipRepository Analysis
Repository Analysis turns a codebase into something you can read, search and interrogate. Upload a ZIP or import a public GitHub project; Decoder indexes structure, runs static checks and gates AI features behind your own key.
- Privacy#privacy#ai#localLocal AI Inference
Local AI lets you use Decoder's explain and chat features against a model running on your own hardware via Ollama or LM Studio — useful when code cannot leave your environment.
- Analysis#ai#origin#reviewAI-Origin Detection
AI-Origin Detection estimates whether a code artefact was likely produced by an LLM, and explains why. The goal is informed review, not gatekeeping.
- Analysis#chat#ai#repoChat with Your Code
Chat with Your Code turns a repository into a queryable knowledge surface. Ask 'where is auth handled?' or 'what does this script do?' and get answers grounded in your actual files.
- Analysis#binary#pe#malwareBinary (PE) Analysis
Decoder parses Windows PE binaries to expose the structural signals a reviewer needs: sections, imports, exports, per-section entropy and known IoCs.
- Malware#obfuscation#entropy#malwareObfuscation Detection — Spotting hidden code
Obfuscation hides intent. Decoder flags suspicious entropy, base64 walls, eval chains, and packing markers so reviewers can focus on what's actually hidden.
- Analysis#secrets#api-keys#credentialsSecret Detection — Finding leaked keys
A leaked key is the most common breach vector. Decoder combines provider-specific regex (AWS, GitHub, Stripe…) with entropy to flag secrets that don't belong in code.
- Analysis#dependencies#sca#supply-chainDependency Analysis — Inspecting third-party code
Most code in any modern project isn't yours. Decoder reads manifests and lockfiles to map the dependency surface and flag suspicious entries.