Promote binary-analysis; supersede windows-reversing

[monoxgas]

What

Promotes binary-analysis from dreadnode/capabilities-internal into the public catalog and removes windows-reversing, which it supersedes.

Why

binary-analysis is the cross-platform successor to windows-reversing (Windows-PE-only). It consolidates the predecessor's three MCP servers and three skills into a broader, better-tested surface:

windows-reversing	→	binary-analysis
pe_triage MCP (PE only)	→	static_triage — PE/ELF/Mach-O via LIEF, capa, FLOSS, YARA, debuginfod
ghidra MCP	→	ghidra_mcp composition server — pyghidra-mcp superset: FID similarity, HighFunction dataflow, emulation, two-binary diffing, BSim
qiling MCP (one-shot tools)	→	skill-taught Qiling Python templates (adaptable per-binary hooks)
3 Windows-only skills	→	1 consolidated cross-platform binary-analysis skill (8-phase, SANS FOR610-grounded)

No capability references windows-reversing (verified across both repos); the only mentions were binary-analysis's own design-rationale prose, reworded here.

Touch-ups applied during the move

• ghidra_mcp.py header now records the ghidriff differentiator — GPL-3.0 → clean-room reimplementation of its match cascade against Ghidra's Apache-2.0 API, deliberately not vendored. (Previously lived only in internal dev docs/, which is gitignored and doesn't ship.)
• qiling-emulation.md no longer names the now-removed windows-reversing; the rationale (Python templates over a pinned MCP surface) is preserved.

Verification

• dreadnode capability validate ./capabilities/binary-analysis → ✓ green
• static_triage tests: 22 passed; ghidra_mcp tests: 8 passed (in the new location)
• pre-commit clean (ruff, ruff-format, gitleaks, yaml)
• Copied via git archive — tracked files only; internal dev docs/, caches, and \$HOME/ cruft excluded.

Note

Removing binary-analysis from capabilities-internal ships as a separate PR there (no duplicates across repos).

🤖 Generated with Claude Code