From agentops
Reverse-engineers authorized repos, binaries, or products into a verifiable feature inventory, spec set, and actionable steal-map for adoption or build-native decisions.
How this skill is triggered — by the user, by Claude, or both
Slash command
/agentops:reverse-engineerThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Reverse-engineer an external system into two things: a **mechanically-verifiable teardown** (feature inventory + registry + specs, optionally a security audit) and a **steal-map** — what to adopt into our surfaces, what to leave behind. The teardown is the evidence; the steal-map is the decision. Separating them works because a decision row that must cite a registry entry can be re-checked by a...
agents/openai.yamlfixtures/cc-sdd-v2.1.0/cli-surface-contracts.txtfixtures/cc-sdd-v2.1.0/clone-metadata.jsonfixtures/cc-sdd-v2.1.0/docs-features.txtfixtures/cc-sdd-v2.1.0/feature-registry.yamlreferences/reverse-engineer.featurereferences/templates/postmortem.md.tmplreferences/templates/security/attack-surface.md.tmplreferences/templates/security/authn-authz.md.tmplreferences/templates/security/crypto-review.md.tmplreferences/templates/security/dataflow.md.tmplreferences/templates/security/findings.md.tmplreferences/templates/security/reproducibility.md.tmplreferences/templates/security/threat-model.md.tmplreferences/templates/spec-architecture.md.tmplreferences/templates/spec-cli-surface.md.tmplreferences/templates/spec-clone-mvp.md.tmplreferences/templates/spec-clone-vs-use.md.tmplreferences/templates/spec-code-map.md.tmplreferences/templates/vibe-report.md.tmplReverse-engineer an external system into two things: a mechanically-verifiable teardown (feature inventory + registry + specs, optionally a security audit) and a steal-map — what to adopt into our surfaces, what to leave behind. The teardown is the evidence; the steal-map is the decision. Separating them works because a decision row that must cite a registry entry can be re-checked by anyone, while a decision made from impressions cannot be re-checked by its own author. The original failure mode this skill exists to prevent: reading a competitor's README and "deciding" from vibes.
Triggers: "reverse-engineer X", "tear down Y", "what should we steal from Z", "evaluate competitor/upstream", "should we fork/adopt/build-native".
Produce evidence, not vibes. The script clones (pinned), scans CLI/config/artifact surface, and writes a feature inventory + machine-checkable registry + spec set.
python3 skills/reverse-engineer/scripts/reverse_engineer.py <product> --mode=repo \
--upstream-repo="https://github.com/org/repo.git" --upstream-ref=v1.0.0 \
--output-dir=".agents/research/<product>/"
Binary mode requires --authorized (see Invocation Contract + Self-Test). Use the bundled demo fixture if you lack authorization for a real binary.
Map each capability the teardown found onto our surfaces. This is the part that turns research into a decision. Emit .agents/research/<product>/steal-map.md with a table; every row cites the teardown evidence and the matching surface in our repo.
| Their capability | Our surface today | Verdict |
|---|---|---|
<feature> | <our file / skill / CLI, or "none"> | have / gap / steal / park / reject |
Verdict rules (hard-won — apply them, do not skip):
Discipline that makes the map trustworthy:
If adopting a steal is a one-way door (an architecture fork, a new bounded context, or a migration), do not decide it here. Hand the steal-map to Plan. Dueling Idea Genies or Premortem may challenge the choice as advisory evidence. Plan alone shapes the selected option in the existing intent source; neither strategy grants readiness or continuation authority.
Required: product_name. Common flags: --mode=repo|binary|both, --upstream-repo, --upstream-ref (pins the clone, records the resolved SHA in clone-metadata.json), --output-dir (default .agents/research/<product>/), --security-audit, --authorized (mandatory for binary mode — refuses without it). Full list: python3 skills/reverse-engineer/scripts/reverse_engineer.py --help.
Phase-1 teardown under output_dir/: feature-inventory.md, feature-registry.yaml, feature-catalog.md, spec-architecture.md, spec-code-map.md, spec-clone-vs-use.md, spec-clone-mvp.md, plus spec-cli-surface.md only when a CLI is detected and clone-metadata.json only when --upstream-ref is supplied. Security mode adds output_dir/security/: threat-model.md, attack-surface.md, dataflow.md, crypto-review.md, authn-authz.md, findings.md, reproducibility.md, validate-security-audit.sh. Phase-2: steal-map.md.
Artifact directory: the exact --output-dir, defaulting to
$REPO/.agents/research/<product>/.
Filename convention: the fixed phase-1 and phase-2 names above; security
files live only in the security/ child directory.
Serialization/schema format: registry is YAML, clone metadata is one JSON object, and inventories/specs/steal-map are nonempty Markdown files.
Validator command: with $output_dir, $security_audit, $sbom, and
$upstream_ref_set (each flag 0|1) set:
set -euo pipefail
required=(feature-inventory.md feature-registry.yaml feature-catalog.md spec-architecture.md spec-code-map.md spec-clone-vs-use.md spec-clone-mvp.md analysis-root-path.txt validate-feature-registry.py steal-map.md)
for name in "${required[@]}"; do
test -f "$output_dir/$name"
test ! -L "$output_dir/$name"
test -s "$output_dir/$name"
done
test -f "$output_dir/docs-features.txt"
test ! -L "$output_dir/docs-features.txt"
test ! -L "$output_dir/spec-cli-surface.md"
if [[ -e "$output_dir/spec-cli-surface.md" ]]; then
test -f "$output_dir/spec-cli-surface.md"
test -s "$output_dir/spec-cli-surface.md"
fi
python3 "$output_dir/validate-feature-registry.py"
if [[ "$upstream_ref_set" == 1 ]]; then
test -f "$output_dir/clone-metadata.json"
test ! -L "$output_dir/clone-metadata.json"
jq -e 'type == "object"' "$output_dir/clone-metadata.json" >/dev/null
else
[[ "$upstream_ref_set" == 0 ]]
fi
grep -Fqx '| Their capability | Our surface today | Verdict |' "$output_dir/steal-map.md"
if [[ "$security_audit" == 1 ]]; then
test -x "$output_dir/security/validate-security-audit.sh"
if [[ "$sbom" == 1 ]]; then
"$output_dir/security/validate-security-audit.sh" "$output_dir" --sbom
else
[[ "$sbom" == 0 ]]
"$output_dir/security/validate-security-audit.sh" "$output_dir" --no-sbom
fi
else
[[ "$security_audit" == 0 ]]
[[ "$sbom" == 0 ]]
fi
Downstream handoff: give the validated steal-map.md to Plan for
one-way-door candidates; ordinary have, park, and
reject decisions remain evidence-backed terminal rows.
--upstream-ref pins the clone (fetch FETCH_HEAD, record SHA) so contracts can be committed as golden fixtures and diffed across runs. Regression test: bash skills/reverse-engineer/scripts/repo_fixture_test.sh. To update a fixture when contracts legitimately change, re-run with the new pinned ref, copy the contract files into fixtures/<product>/, and commit.
bash skills/reverse-engineer/scripts/self_test.sh
Must show: feature inventory generated, registry generated, registry validator exits 0; in security mode validate-security-audit.sh exits 0 and the secret scan passes.
Run the skill for cc-sdd with --mode=repo --upstream-repo="https://github.com/gotalab/cc-sdd.git" --upstream-ref=v1.0.0. It clones the pinned source, scans the surface, writes inventory/registry/specs, and maps each feature onto our surfaces (have, gap, steal, park, or reject) in steal-map.md. Supply selected steals to Plan.
Run the skill for ao with --authorized --mode=binary --binary-path="$(command -v ao)" --security-audit. It performs authorized static analysis plus the security suite under output_dir/security/; the secret-scan check must pass.
| Problem | Cause | Solution |
|---|---|---|
| Refuses binary analysis | Missing --authorized | Add --authorized (explicit written authorization required). |
No clone-metadata.json | --upstream-repo not passed | Pass --upstream-repo (and optionally --upstream-ref). |
| Fixture diff fails | Upstream changed / stale golden | Re-run pinned, refresh fixtures/, commit. |
spec-cli-surface.md missing | No Node/Python/Go CLI detected | Surface is documented in spec-code-map.md instead. |
| Steal-map is all "steal" | Skipped the park/reject rules | Substrate we delegate is park; doctrine conflicts are reject — not everything novel is worth adopting. |
have/gap/steal/park/reject — not everything marked "steal".npx claudepluginhub boshu2/agentops --plugin agentopsProvides a structured methodology for reverse engineering software via multi-source intelligence analysis, behavioral specification, and provenance tracking with a 7-layer pipeline and verification gates.
Analyzes external systems, repos, or descriptions and produces a spec for replicating or adapting features into the current project. Supports compare, copy, improve, and port modes.
Discover, clone, update, and analyze competitor repositories for evidence-based competitive intelligence. Use when tracking competitors, reviewing source code, or comparing product capabilities.