Open-source Claude Code skill extracts Android APIs
SimoneAvogadro/android-reverse-engineering-skill is a Claude Code skill for Android reverse engineering that decompiles APK, XAPK, JAR, and AAR files, then extracts HTTP APIs, auth patterns, hardcoded URLs, and call flows so developers can document or reproduce app behavior without source access. The repo packages a guided workflow, slash command, and standalone scripts around tools like jadx, Fernflower/Vineflower, and dex2jar, with support for obfuscated code and side-by-side decompiler comparison. It is released under Apache-2.0 and framed for lawful security research, interoperability analysis, and malware analysis.
This is a genuinely useful developer/security workflow package, not just a prompt wrapper, because it bundles decompilation, API discovery, and call-flow tracing into something repeatable.
- –Strong practical scope: it targets the exact pain points in Android RE work, especially Retrofit/OkHttp endpoint extraction and navigation through obfuscated code.
- –Good packaging: the repo includes a Claude Code skill, a plugin manifest, reference docs, and helper scripts, which makes it easier to adopt than a one-off command list.
- –Security-adjacent positioning is clear: the README explicitly calls out lawful use cases and limitations, which matters for a reverse-engineering tool.
- –The main constraint is dependency friction: users still need JDK 17+ and external decompilers, so the value is highest for people already doing Android analysis.
DISCOVERED
2h ago
2026-04-16
PUBLISHED
2h ago
2026-04-16
RELEVANCE