By tsiakoulias
Binary reverse engineering, malware analysis, firmware security, and software protection research for authorized security research, CTF competitions, and defensive security
Expert malware analyst specializing in defensive malware research, threat intelligence, and incident response. Masters sandbox analysis, behavioral analysis, and malware family identification. Handles static/dynamic analysis, unpacking, and IOC extraction. Use PROACTIVELY for malware triage, threat hunting, incident response, or security research.
Expert firmware analyst specializing in embedded systems, IoT security, and hardware reverse engineering. Masters firmware extraction, analysis, and vulnerability research for routers, IoT devices, automotive systems, and industrial controllers. Use PROACTIVELY for firmware security audits, IoT penetration testing, or embedded systems research.
Expert reverse engineer specializing in binary analysis, disassembly, decompilation, and software analysis. Masters IDA Pro, Ghidra, radare2, x64dbg, and modern RE toolchains. Handles executable analysis, library inspection, protocol extraction, and vulnerability research. Use PROACTIVELY for binary analysis, CTF challenges, security research, or understanding undocumented software.
Understand anti-reversing, obfuscation, and protection techniques encountered during software analysis. Use this skill when analyzing malware evasion techniques, when implementing anti-debugging protections for CTF challenges, when reverse engineering packed binaries, or when building security research tools that need to detect virtualized environments.
Master binary analysis patterns including disassembly, decompilation, control flow analysis, and code pattern recognition. Use when analyzing executables, understanding compiled code, or performing static analysis on binaries.
Master memory forensics techniques including memory acquisition, process analysis, and artifact extraction using Volatility and related tools. Use when analyzing memory dumps, investigating incidents, or performing malware analysis from RAM captures.
Master network protocol reverse engineering including packet analysis, protocol dissection, and custom protocol documentation. Use when analyzing network traffic, understanding proprietary protocols, or debugging network communication.
Uses power tools
Uses Bash, Write, or Edit tools
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
Production-ready agentic workflow building blocks: 83 plugins, 191 agents, 155 skills, 102 commands — built for Claude Code and consumed natively by OpenAI Codex CLI, Cursor, OpenCode, Gemini CLI, and GitHub Copilot from a single Markdown source.
[!NOTE] One source-of-truth (
plugins/), five harnesses. Each harness gets idiomatic, harness-native artifacts — not lowest-common-denominator translations. See docs/harnesses.md for the capability matrix.
Pick your harness:
/plugin marketplace add wshobson/agents
/plugin install python-development # or any of 83 plugins
→ Full Claude Code setup, troubleshooting, and plugin catalog
Codex and Cursor install natively from the committed registries (which point at the source plugins/):
npx codex-marketplace add wshobson/agents # Codex; then install individual plugins
# Cursor: add the marketplace, then `/plugin install <name>` (reads .cursor-plugin/ + source)
Gemini and OpenCode install via clone + generate (the transformed trees are gitignored):
gh repo clone wshobson/agents ~/agents && cd ~/agents
make generate HARNESS=gemini && gemini extensions install . # Gemini
make install-opencode # OpenCode (runs generate + symlinks)
Setup details and per-harness gotchas: docs/harnesses.md. Gemini-specific setup: GEMINI.md (also auto-loaded by Gemini CLI).
| Count | What it is | |
|---|---|---|
| Plugins | 83 | Granular, single-purpose installable units (81 local + 2 external via git-subdir) |
| Agents | 191 | Domain experts (architecture, languages, infra, security, data, ML, docs, business, SEO) |
| Skills | 155 | Modular knowledge packages with progressive disclosure (load when activated) |
| Commands | 102 | Slash commands: scaffolding, security scans, test gen, infrastructure setup |
| Orchestrators | 16 | Multi-agent coordination workflows (full-stack, security, ML, incident response) |
Browse the catalog: docs/plugins.md · docs/agents.md · docs/agent-skills.md
Each plugin is isolated and composable: agents, commands, and skills are auto-discovered from directory structure. Installing a plugin loads only its components into context — not the whole marketplace.
plugins/python-development/
├── .claude-plugin/plugin.json
├── agents/ # 3 Python agents (python-pro, django-pro, fastapi-pro)
├── commands/ # 1 scaffolding command
└── skills/ # 16 specialized skills (async, testing, packaging, …)
Three-tier model strategy:
| Tier | Model | Use |
|---|---|---|
| 1 | Opus 4.7 | Architecture, security, code review, production-critical |
| 2 | inherit | User-chosen — backend, frontend, AI/ML, specialized |
| 3 | Sonnet | Docs, testing, debugging, API references |
| 4 | Haiku | Fast operational tasks, SEO, deployment, content |
This marketplace ships to five agentic harnesses from one Markdown source. Each adapter emits harness-native artifacts (not lowest-common-denominator translations):
| Harness | Generates | Notes |
|---|---|---|
| Claude Code | (source-of-truth) | Native marketplace.json + plugins/ |
| Codex CLI | .agents/plugins/marketplace.json + plugins/*/.codex-plugin/plugin.json (committed); .codex/skills/, .codex/agents/ (gitignored) | 8 KB skill cap respected; commands → skills |
| Cursor | .cursor-plugin/, .cursor/rules/ | Thin marketplace + curated rules; reuses .claude/ |
| OpenCode | .opencode/agents/, .opencode/commands/, .opencode/skills/ | permission: block from tools: allowlist; OpenCode-safe skill names |
| Gemini CLI | skills/, agents/, commands/ (TOML) | Native skills + subagents (April 2026 spec) |
| Copilot | .copilot/agents/, .copilot/skills/, .copilot/commands/ | Markdown agent profiles + SKILL.md skills + commands-as-skills; model maps to GPT-5 family |
npx claudepluginhub tsiakoulias/wshobson-agents --plugin reverse-engineeringHarness-native ECC operator layer - 67 agents, 278 skills, 94 legacy command shims, reusable hooks, rules, selective install profiles, and production-ready workflows for Claude Code, Codex, OpenCode, Cursor, and related agent harnesses
Binary reverse engineering, malware analysis, firmware security, and software protection research for authorized security research, CTF competitions, and defensive security
Comprehensive .NET development skills for modern C#, ASP.NET, MAUI, Blazor, Aspire, EF Core, Native AOT, testing, security, performance optimization, CI/CD, and cloud-native applications
Complete collection of battle-tested Claude Code configs from an Anthropic hackathon winner - agents, skills, hooks, and rules evolved over 10+ months of intensive daily use
Framework updates, migration planning, and architectural transformation workflows
Smart contract development with Solidity, DeFi protocol implementation, NFT platforms, and Web3 application architecture
Essential developer skills including Git workflows, SQL optimization, error handling, code review, E2E testing, authentication, debugging, and monorepo management
JVM language development including Java, Scala, and C# with enterprise patterns and frameworks
Error analysis, trace debugging, and multi-agent problem diagnosis