heatdrop.ai

The hottest AI & LLM repositories on GitHub — measured, ranked, and explained.

← all repositories
zhaoxuya520/reverse-skill

A sysadmin's cheat sheet for making AI agents do reverse engineering

This PowerShell-heavy repo turns Claude Code and friends into a guided missile for APK analysis, CTFs, and binary diffing—if you can survive the bootstrap ritual.

1.3k stars Shell Domain AppsAgents
View on GitHub
reverse-skill
Velocity · 7d
+49
★ / day
Trend
steady
star history

What it does

reverse-skill is a routing layer and documentation pack that tells AI coding agents (Claude Code, Cursor, Cline, etc.) how to handle security tasks. Drop it in a project, run a bootstrap script to index your local tools, and the agent supposedly knows whether to reach for jadx, radare2, or a 40-skill CTF playbook instead of hallucinating its way through an APK.

The interesting bit

The README is literally written to the AI first, with a mandatory bootstrap flow the agent must execute before doing anything else. It’s a rare case of documentation that treats the human as secondary—there’s even a separate OVERVIEW.md for people who still read things. The routing matrix in routing.md and auto-generated tool-index.md are the actual engine; everything else is scaffolding to make agents self-configuring across Windows, Kali, and macOS.

Key highlights

  • Task routing, not tool installation: Classifies jobs (APK reverse, JS deobfuscation, firmware pentest, EDR bypass) before touching binaries
  • CTF Sandbox Orchestrator: 40+ sub-skills for competition workflows, kept in a separate directory with relative-path coupling to routing.md
  • Cross-platform bootstrap scripts: PowerShell for Windows, Bash for Linux/macOS/Kali, with OS auto-detection
  • Auto-evolving field journal: Logs experience under skills/field-journal/ (exact format unclear from README)
  • MCP and hook integration: Designed to plug into Claude Code hooks, Cursor Rules, Cline custom instructions, etc.

Caveats

  • PowerShell-primary, despite the security audience: Linux/macOS support exists but feels secondary; Windows paths like D:\APP\IDA are hardcoded as examples throughout
  • Bootstrap is mandatory and brittle: tool-index.md is gitignored and doesn’t exist until you run the script; the README warns that skipping this breaks RULES.md entirely
  • No actual tools included: This is pure orchestration glue—you still need to install jadx, radare2, IDA Pro, apktool, etc. yourself
  • CTF directory placement is finicky: Move CTF-Sandbox-Orchestrator outside the package root and you must manually patch routing.md

Verdict

Worth a look if you’re already using Claude Code or Cursor for security work and tired of re-explaining Ghidra’s UI to an agent. Skip it if you want actual tools, one-click installers, or a workflow that doesn’t require editing hardcoded Windows paths in five files before your first run.

heatdrop uses Google Analytics to see which pages get read — nothing else. Your call. How we handle data.