By dxas90
Binary reverse engineering, malware analysis, firmware security, and software protection research for authorized security research, CTF competitions, and defensive security
Expert firmware analyst specializing in embedded systems, IoT security, and hardware reverse engineering. Masters firmware extraction, analysis, and vulnerability research for routers, IoT devices, automotive systems, and industrial controllers. Use PROACTIVELY for firmware security audits, IoT penetration testing, or embedded systems research.
Expert malware analyst specializing in defensive malware research, threat intelligence, and incident response. Masters sandbox analysis, behavioral analysis, and malware family identification. Handles static/dynamic analysis, unpacking, and IOC extraction. Use PROACTIVELY for malware triage, threat hunting, incident response, or security research.
Expert reverse engineer specializing in binary analysis, disassembly, decompilation, and software analysis. Masters IDA Pro, Ghidra, radare2, x64dbg, and modern RE toolchains. Handles executable analysis, library inspection, protocol extraction, and vulnerability research. Use PROACTIVELY for binary analysis, CTF challenges, security research, or understanding undocumented software.
Understand anti-reversing, obfuscation, and protection techniques encountered during software analysis. Use this skill when analyzing malware evasion techniques, when implementing anti-debugging protections for CTF challenges, when reverse engineering packed binaries, or when building security research tools that need to detect virtualized environments.
Master binary analysis patterns including disassembly, decompilation, control flow analysis, and code pattern recognition. Use when analyzing executables, understanding compiled code, or performing static analysis on binaries.
Master memory forensics techniques including memory acquisition, process analysis, and artifact extraction using Volatility and related tools. Use when analyzing memory dumps, investigating incidents, or performing malware analysis from RAM captures.
Master network protocol reverse engineering including packet analysis, protocol dissection, and custom protocol documentation. Use when analyzing network traffic, understanding proprietary protocols, or debugging network communication.
Uses power tools
Uses Bash, Write, or Edit tools
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
Production-ready agentic workflow building blocks: 92 plugins, 199 agents, 162 skills, 106 commands — built for Claude Code and consumed natively by OpenAI Codex CLI, Cursor, OpenCode, Gemini CLI, and GitHub Copilot from a single Markdown source.
[!NOTE] One source-of-truth (
plugins/), five harnesses. Each harness gets idiomatic, harness-native artifacts — not lowest-common-denominator translations. See docs/harnesses.md for the capability matrix.
Pick your harness:
/plugin marketplace add wshobson/agents
/plugin install python-development # or any of 92 plugins
→ Full Claude Code setup, troubleshooting, and plugin catalog
Codex and Cursor install natively from the committed registries (which point at the source plugins/):
npx codex-marketplace add wshobson/agents # Codex; then install individual plugins
# Cursor: add the marketplace, then `/plugin install <name>` (reads .cursor-plugin/ + source)
Gemini and OpenCode install via clone + generate (the transformed trees are gitignored):
gh repo clone wshobson/agents ~/agents && cd ~/agents
make generate HARNESS=gemini && gemini extensions install . # Gemini
make install-opencode # OpenCode (runs generate + symlinks)
Setup details and per-harness gotchas: docs/harnesses.md. Gemini-specific setup: GEMINI.md (also auto-loaded by Gemini CLI).
| Count | What it is | |
|---|---|---|
| Plugins | 92 | Granular, single-purpose installable units (88 local + 4 external via git-subdir) |
| Agents | 199 | Domain experts (architecture, languages, infra, security, data, ML, docs, business, SEO) |
| Skills | 162 | Modular knowledge packages with progressive disclosure (load when activated) |
| Commands | 106 | Slash commands: scaffolding, security scans, test gen, infrastructure setup |
| Orchestrators | 16 | Multi-agent coordination workflows (full-stack, security, ML, incident response) |
Browse the catalog: docs/plugins.md · docs/agents.md · docs/agent-skills.md
Each plugin is isolated and composable: agents, commands, and skills are auto-discovered from directory structure. Installing a plugin loads only its components into context — not the whole marketplace.
plugins/python-development/
├── .claude-plugin/plugin.json
├── agents/ # 3 Python agents (python-pro, django-pro, fastapi-pro)
├── commands/ # 1 scaffolding command
└── skills/ # 16 specialized skills (async, testing, packaging, …)
Tiered model strategy:
| Tier | Model | Use |
|---|---|---|
| 0 | Fable 5 | Longest-horizon autonomous work — large migrations, multi-hour runs (opt-in, premium cost) |
| 1 | Opus | Architecture, security, code review, production-critical |
| 2 | inherit | User-chosen — backend, frontend, AI/ML, specialized |
| 3 | Sonnet | Docs, testing, debugging, API references |
| 4 | Haiku | Fast operational tasks, SEO, deployment, content |
This marketplace ships to five agentic harnesses from one Markdown source. Each adapter emits harness-native artifacts (not lowest-common-denominator translations):
| Harness | Generates | Notes |
|---|---|---|
| Claude Code | (source-of-truth) | Native marketplace.json + plugins/ |
| Codex CLI | .agents/plugins/marketplace.json + plugins/*/.codex-plugin/plugin.json (committed); .codex/skills/, .codex/agents/ (gitignored) | 8 KB skill cap respected; commands → skills |
| Cursor | .cursor-plugin/, .cursor/rules/ | Thin marketplace + curated rules; reuses .claude/ |
| OpenCode | .opencode/agents/, .opencode/commands/, .opencode/skills/ | permission: block from tools: allowlist; OpenCode-safe skill names |
| Gemini CLI | skills/, agents/, commands/ (TOML) | Native skills + subagents (April 2026 spec) |
| Copilot | .copilot/agents/, .copilot/skills/, .copilot/commands/ | Markdown agent profiles + SKILL.md skills + commands-as-skills; model maps to native Claude models |
npx claudepluginhub p/dxas90-reverse-engineering-plugins-reverse-engineeringDocumentation generation, code explanation, and technical writing with automated doc generation and tutorial creation
Interactive debugging, developer experience optimization, and smart debugging workflows
Error analysis, trace debugging, and multi-agent problem diagnosis
Performance analysis, test coverage review, and AI-powered code quality assessment
Git workflow automation, pull request enhancement, and team onboarding processes
Harness-native ECC operator layer - 64 agents, 261 skills, 84 legacy command shims, reusable hooks, rules, selective install profiles, and production-ready workflows for Claude Code, Codex, OpenCode, Cursor, and related agent harnesses
Binary reverse engineering, malware analysis, firmware security, and software protection research for authorized security research, CTF competitions, and defensive security
Comprehensive .NET development skills for modern C#, ASP.NET, MAUI, Blazor, Aspire, EF Core, Native AOT, testing, security, performance optimization, CI/CD, and cloud-native applications
Complete collection of battle-tested Claude Code configs from an Anthropic hackathon winner - agents, skills, hooks, and rules evolved over 10+ months of intensive daily use