diff --git a/bincapz.yaml b/bincapz.yaml
deleted file mode 100644
index 87dd5a4698..0000000000
--- a/bincapz.yaml
+++ /dev/null
@@ -1,67 +0,0 @@
-package:
-  name: bincapz
-  version: 0.19.0
-  epoch: 1
-  description: enumerate binary capabilities, including malicious behaviors
-  copyright:
-    - license: Apache-2.0
-  dependencies:
-    runtime:
-      - ca-certificates-bundle
-      - yara
-
-environment:
-  contents:
-    packages:
-      - openssl-dev
-      - yara-dev
-
-pipeline:
-  - uses: git-checkout
-    with:
-      repository: https://github.com/chainguard-dev/bincapz
-      tag: v${{package.version}}
-      expected-commit: f80e63dec5fa83b3e8da275bbd8e61fb0c7787bd
-
-  - uses: go/build
-    with:
-      packages: .
-      ldflags: -s -w
-      output: bincapz
-
-  - uses: strip
-
-test:
-  environment:
-    contents:
-      packages:
-        - openssl
-        - crane
-  pipeline:
-    - name: Verify bincapz on itself
-      runs: |
-        set -o pipefail
-        output=$(bincapz /usr/bin/bincapz)
-        test -z "$output"
-    - name: Verify bincapz on yara
-      runs: |
-        set -o pipefail
-        bincapz /usr/bin/yara | grep LOW
-    - name: Verify bincapz on openssl
-      runs: |
-        set -o pipefail
-        bincapz /usr/bin/openssl | grep MED
-    - name: Verify bincapz on crane
-      runs: |
-        set -o pipefail
-        bincapz /usr/bin/crane | grep MED
-    - name: Verify bincapz diff
-      runs: |
-        set -o pipefail
-        bincapz -diff /usr/bin/openssl /usr/bin/crane | grep "[+]MED.*archives/zip"
-
-update:
-  enabled: true
-  github:
-    identifier: chainguard-dev/bincapz
-    strip-prefix: v
diff --git a/malcontent.yaml b/malcontent.yaml
new file mode 100644
index 0000000000..4587516b7f
--- /dev/null
+++ b/malcontent.yaml
@@ -0,0 +1,67 @@
+package:
+  name: malcontent
+  version: 1.0.1
+  epoch: 0
+  description: enumerate file capabilities, including malicious behaviors
+  copyright:
+    - license: Apache-2.0
+  dependencies:
+    runtime:
+      - ca-certificates-bundle
+      - yara
+
+environment:
+  contents:
+    packages:
+      - openssl-dev
+      - yara-dev
+
+pipeline:
+  - uses: git-checkout
+    with:
+      repository: https://github.com/chainguard-dev/malcontent
+      tag: v${{package.version}}
+      expected-commit: b9d01fd45e030fa201b13679f843ed4a6e5473fd
+
+  - uses: go/build
+    with:
+      packages: .
+      ldflags: -s -w
+      output: mal
+
+  - uses: strip
+
+test:
+  environment:
+    contents:
+      packages:
+        - openssl
+        - crane
+  pipeline:
+    - name: Verify malcontent version
+      runs: |
+        set -o pipefail
+        output=$(mal --version)
+        test "$output" == "malcontent version v${{package.version}}"
+    - name: Verify malcontent on yara
+      runs: |
+        set -o pipefail
+        mal analyze /usr/bin/yara | grep LOW
+    - name: Verify malcontent on openssl
+      runs: |
+        set -o pipefail
+        mal analyze /usr/bin/openssl | grep MED
+    - name: Verify malcontent on crane
+      runs: |
+        set -o pipefail
+        mal analyze /usr/bin/crane | grep MED
+    - name: Verify malcontent diff
+      runs: |
+        set -o pipefail
+        mal diff /usr/bin/openssl /usr/bin/crane | grep "[+]MED.*archives/zip"
+
+update:
+  enabled: true
+  github:
+    identifier: chainguard-dev/malcontent
+    strip-prefix: v