Advanced ARG (Alternate Reality Game) investigation toolkit for Claude Code. Features 6 specialized opus-powered agents that work autonomously in a flat architecture - each agent investigates directly, cracks puzzles through original analysis, and recommends next steps for Claude Code to orchestrate.
"BE RELENTLESS. BE THOROUGH. CRACK THE ARG."
This toolkit prioritizes direct investigation over community search. The agents probe, analyze, decode, and follow puzzle chains themselves - only referencing community findings after exhausting original investigation.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β FLAT AGENT ARCHITECTURE β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β User Request β
β β β
β βΌ β
β βββββββββββ β
β β Claude β Decides which specialist to spawn based on input β
β β Code β β
β ββββββ¬βββββ β
β β β
β βΌ Spawns ONE agent at a time β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β SELF-SUFFICIENT AGENTS (work independently) β β
β β β β
β β ββββββββββββ ββββββββββββ ββββββββββββ ββββββββββββ β β
β β β stego β β crypto β β osint β β media β β β
β β β analyst β β decoder β β recon β β forensic β β β
β β ββββββββββββ ββββββββββββ ββββββββββββ ββββββββββββ β β
β β ββββββββββββ ββββββββββββ β β
β β β web β β arg β β Guide + Direct Investigatorβ β
β β β analyst β βorchestr. β β β
β β ββββββββββββ ββββββββββββ β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β β
β βΌ Returns structured findings β
β βββββββββββ β
β β Claude β Reads report, decides next agent to spawn β
β β Code β β
β ββββββ¬βββββ β
β β β
β βΌ Spawns next recommended agent... β
β β
β π ~/Downloads/${ARG_NAME}_ARG_Investigation/ β
β βββ All findings saved to ARG-specific folder β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Key Architecture Features:
- No hierarchical orchestration - Claude Code spawns agents directly
- Self-sufficient agents - Each creates its own investigation folder if needed
- Structured output - Agents return findings with
π RECOMMENDED NEXT AGENTS - ARG-specific folders - Each investigation gets its own folder named after the ARG
# Clone the repo
git clone https://github.com/CMLKevin/ClaudeCode_ARGBuster.git
# Start Claude Code with the plugin loaded
claude --plugin-dir ./ClaudeCode_ARGBuster# Copy to Claude Code plugins directory
cp -r ClaudeCode_ARGBuster ~/.claude/plugins/local/arg-investigation
# Start Claude Code with the plugin
claude --plugin-dir ~/.claude/plugins/local/arg-investigationAdd to your ~/.zshrc or ~/.bashrc:
alias claude-arg='claude --plugin-dir ~/.claude/plugins/local/arg-investigation'Then use claude-arg to start Claude Code with ARG capabilities.
# After starting Claude with the plugin loaded:
/arg https://mysterious-arg-site.com # Full investigation
/decode SGVsbG8gV29ybGQ= # Quick decode
/stego:spectrogram ~/audio.mp3 # Audio spectrogramClaude Code spawns the appropriate agent based on what you have:
| You Have | Agent to Use | Why |
|---|---|---|
| Website URL | web-analyst | Analyze HTML, JS, hidden elements, browser automation |
| Image file | stego-analyst | LSB extraction, spectrograms, color channels |
| Audio file | stego-analyst | Spectrogram analysis, phase analysis, reversed audio |
| Encoded text | crypto-decoder | 50+ cipher types, multi-layer decoding |
| Domain/IP | osint-recon | WHOIS, DNS, certs, Wayback Machine |
| Unknown file | media-forensics | binwalk, magic bytes, embedded files |
| Need guidance | arg-orchestrator | Investigation methodology, patterns |
| Model | Color | Role |
|---|---|---|
| opus | magenta | Guide & Direct Investigator (not a coordinator) |
What It Does:
- Provides investigation methodology and checklists
- Direct browser automation for site investigation
- Agent selection guidance for Claude Code
- Reference for common ARG patterns and hiding techniques
When to Use:
- When you need guidance on HOW to investigate
- When you want direct browser-based investigation
- When unsure which specialist to use
| Model | Color | Role |
|---|---|---|
| opus | cyan | Steganography detection & extraction |
Capabilities:
- Image: LSB extraction (all channels), color channel separation, bit plane analysis
- Audio: Spectrogram generation (multiple ranges), phase analysis, reversed audio
- Tools: exiftool, binwalk, sox, convert, zbarimg, tesseract
Recommends Next: crypto-decoder (encoded data), media-forensics (embedded files)
| Model | Color | Role |
|---|---|---|
| opus | yellow | Advanced cryptanalysis & 50+ cipher types |
5-Tier Encoding Detection Matrix:
| Tier | Category | Cipher Types |
|---|---|---|
| 1 | Basic | Base64, Hex, Binary, URL, HTML entities |
| 2 | Classic | Caesar/ROT1-25, Atbash, ROT47, Vigenère |
| 3 | Numeric/Symbolic | A1Z26, ASCII, Morse, T9 Phone, Tap Code |
| 4 | ARG-Specific | W.D. Gaster (Wingdings), Standard Galactic, Braille, Runes, Pigpen, Bacon's Cipher |
| 5 | Esoteric | Polybius, Playfair, Rail Fence, Bifid, Book Cipher |
Advanced Cryptanalysis:
- Index of Coincidence (IC) analysis for cipher identification
- Kasiski Examination for Vigenère key length detection
- Automated Vigenère cracker with chi-squared frequency analysis
- Rail Fence brute-forcer (2-10 rails)
- Substitution cipher frequency analysis
- Multi-layer decode chain tracking
- ARG keyword dictionary attack
Recommends Next: web-analyst (decoded URLs), stego-analyst (decoded reveals image clues)
| Model | Color | Role |
|---|---|---|
| opus | green | Open source intelligence gathering |
Research Capabilities:
- WHOIS (including historical changes)
- DNS records (A, MX, TXT, NS, CNAME, SPF, DMARC)
- SSL certificates via crt.sh (find subdomains)
- Wayback Machine deep dive
- Username/email cross-platform search
- Reverse WHOIS (other domains by same registrant)
Community Cross-Reference: Checks GameDetectives, Reddit ARG communities, ARGNet after own investigation
Recommends Next: web-analyst (discovered subdomains), crypto-decoder (encoded TXT records)
| Model | Color | Role |
|---|---|---|
| opus | red | Deep file forensic analysis |
Capabilities:
- Magic bytes validation (detect disguised files)
- Embedded file extraction (binwalk, foremost)
- Comprehensive metadata analysis (exiftool)
- QR code detection (zbarimg)
- OCR text extraction (tesseract)
- Hash verification
- Polyglot file detection
Recommends Next: crypto-decoder (extracted text), stego-analyst (extracted images)
| Model | Color | Role |
|---|---|---|
| opus | blue | Web analysis + browser automation |
Mandatory Investigation Protocol:
- Extract ALL hidden elements (7 detection methods)
- Probe 50+ common ARG paths
- Analyze raw source (Base64, hex, comments, data-* attributes)
- Execute and analyze JavaScript
- Check console messages for hidden clues
- Recursive investigation of discovered URLs
Browser Automation (claude-in-chrome MCP):
read_page- Accessibility tree examinationjavascript_tool- Inspect localStorage, sessionStorage, variablesread_console_messages- Hidden console.log cluesnavigate- Follow discovered linkscomputer(screenshot) - Visual analysis
Recommends Next: crypto-decoder (encoded content), osint-recon (new domains), stego-analyst (images)
| Command | Description |
|---|---|
/arg [target] |
Full ARG investigation workflow |
/decode [text] |
Quick multi-encoding decode |
/stego:spectrogram [audio] |
Generate audio spectrograms |
| Skill | Triggers |
|---|---|
| Cipher Identification | Encoded text, "decode this" |
| Puzzle Chain Tracking | "what did we find", investigation state |
| ARG Patterns | "typical ARG puzzles", hiding techniques |
| Script | Purpose |
|---|---|
scripts/lsb-extract.py |
LSB steganography extraction |
scripts/metadata-extract.sh |
Comprehensive metadata dump |
Each ARG investigation gets its own folder:
~/Downloads/${ARG_NAME}_ARG_Investigation/
βββ clues/ # KEY FINDINGS - discovered secrets, decoded messages
βββ reports/ # Auto-generated investigation reports
βββ spectrograms/ # Audio spectrograms
βββ extracted/ # Downloaded & extracted files
βββ logs/ # Raw analysis logs
Examples:
~/Downloads/cicada_ARG_Investigation/~/Downloads/deltarune_ARG_Investigation/~/Downloads/mysterious_ARG_Investigation/
All agents document findings in real-time:
| Agent | Report Pattern | Finding Types |
|---|---|---|
| Orchestrator | investigation-*.md |
π π πΌοΈ π π¬ π» π π₯οΈ π‘ β |
| Stego | stego-*.md |
πΌοΈ π΅ π π π² β |
| Crypto | crypto-*.md |
π (with full decode chain) |
| OSINT | osint-*.md |
π π‘ π π π π€ |
| Forensics | forensics-*.md |
π π π² π |
| Web | web-*.md |
π¬ π» π π π π₯οΈ π¦ |
Each agent ends its analysis with structured output:
## π ANALYSIS COMPLETE
### Findings Summary
- [Key discoveries]
### Files Created
- $ARG_DIR/clues/[findings].txt
### π RECOMMENDED NEXT AGENTS
1. **crypto-decoder** - [WHY: Found Base64 in hidden element]
2. **osint-recon** - [WHY: Discovered new subdomain]
### Investigation Leads
- [URLs to follow]
- [Patterns to investigate]Claude Code reads these recommendations and decides which agent to spawn next.
# macOS
brew install exiftool binwalk sox ffmpeg zbar tesseract imagemagick foremost
# Python
pip3 install pillowAdd these permissions to ~/.claude/settings.json for unrestricted web fetching:
{
"permissions": {
"allow": [
"Bash(curl:*)",
"Bash(wget:*)"
]
}
}Note: The built-in
WebFetchtool has domain verification that may fail on some networks. Usingcurlvia Bash bypasses this limitation and provides more control over headers, cookies, and redirects.
# 1. Start with a mysterious website
User: "Investigate https://mysterious-arg.com"
# 2. Claude Code spawns web-analyst
CC β web-analyst β Finds hidden Base64 in data-secret attribute
β Recommends: crypto-decoder
# 3. Claude Code spawns crypto-decoder
CC β crypto-decoder β Decodes to URL: puzzle.mysterious-arg.com
β Recommends: osint-recon, web-analyst
# 4. Claude Code spawns osint-recon
CC β osint-recon β Finds 5 subdomains via crt.sh
β Recommends: web-analyst for each
# 5. Investigation continues until puzzle is solved| Traditional Approach | ARGBuster Approach |
|---|---|
| Search for solutions first | Investigate directly first |
| Look up community writeups | Crack puzzles yourself |
| Single-page analysis | Recursive chain following |
| Manual path checking | Automated 50+ path probing |
| Passive investigation | Aggressive content analysis |
| Hierarchical orchestration | Flat autonomous agents |
| Limited cipher support | 50+ cipher types |
| No ARG-specific ciphers | Gaster, Standard Galactic, etc. |
After completing their own investigation, agents cross-reference with:
- Reddit: r/ARG, r/gamedetectives, r/codes, r/cicada
- Game Detectives Wiki: wiki.gamedetectives.net
- ARGNet: argn.com
- Unfiction: forums.unfiction.com
This identifies novel discoveries the community may have missed.
Author: Kevin Lin Version: 1.2.0
"The truth is out there... hidden in LSBs, spectrograms, and Base64."