Skill

analyzing-android-malware-with-apktool

Statically analyzes Android APK malware samples using apktool, jadx, and androguard for permission analysis, manifest inspection, and suspicious API call detection. Useful for mobile malware reverse engineering and threat hunting.

Android

security

npx claudepluginhub costrict-plugins-repo/mukul975-anthropic-cybersecurity-skills-cybersecurity-skills

Popularity

Stars

Forks

Shared by

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/cybersecurity-skills:analyzing-android-malware-with-apktool

User invocable

Model invocable

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Android malware distributed as APK files can be statically analyzed to extract permissions, activities, services, broadcast receivers, and suspicious API calls without executing the sample. This skill uses androguard for programmatic APK analysis, identifying dangerous permission combinations, obfuscated code patterns, dynamic code loading, reflection-based API calls, and network communication ...

Supporting Files

LICENSEreferences/api-reference.mdscripts/agent.py

SKILL.md

69 lines · ~573 tokens

Similar Skills

healthcare-eval-harness

209.3k

Runs automated patient safety test suites for healthcare deployments, blocking on CRITICAL failures in CDSS accuracy, PHI exposure, and data integrity.

ecc

Stats

LanguagePython

Stars5

Forks3

MaintenanceGood

Last CommitJun 4, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Stats

Actions

Help us improve

Share bugs, ideas, or general feedback.

Analyzing Android Malware with Apktool

Overview

When to Use

When investigating security incidents that require analyzing android malware with apktool

When building detection rules or threat hunting queries for this domain

When SOC analysts need structured procedures for this analysis type

When validating security monitoring coverage for related attack techniques

Prerequisites

Python 3.9+ with androguard

apktool (for resource decompilation)

jadx (for Java source recovery, optional)

Isolated analysis environment (VM or sandbox)

Sample APK files for analysis

Steps

Parse APK with androguard to extract manifest metadata

Enumerate requested permissions and flag dangerous combinations

List activities, services, receivers, and providers from manifest

Scan for suspicious API calls (reflection, crypto, SMS, telephony)

Detect dynamic code loading patterns (DexClassLoader, Runtime.exec)

Extract hardcoded URLs, IPs, and C2 indicators from strings

Generate risk assessment report with MITRE ATT&CK mobile mappings

Expected Output

JSON report with permission analysis, component listing, suspicious API calls, network indicators, and risk score

Extracted strings and potential IOCs from the APK