Reverse-engineer a product into a mechanically verifiable feature inventory + registry + spec set, with optional security-audit artifacts and validation gates.
Works with
AI-first code editor with Composer
Before installing skills in Cursor, ensure your development environment meets these requirements:
node --versionreverse-engineer-rpiExecute the skills CLI command in your project's root directory to begin installation:
Fetches reverse-engineer-rpi from boshu2/agentops and configures it for Cursor.
The CLI shows a list of agents. Use arrow keys and space to select Cursor:
Confirm successful installation by checking the skill directory location:
Restart Cursor to activate reverse-engineer-rpi. Access via /reverse-engineer-rpi in your agent's command palette.
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Submit your Claude Code skill and start earning
Create detailed user stories, acceptance criteria, and feature specs
Example
Generate user stories for 'password reset feature' with acceptance criteria, edge cases, and test scenarios
Reduce spec writing time by 50%, ensure comprehensive coverage
Research competitors, compare features, identify gaps
Example
Analyze 5 competitor products, create feature comparison matrix, suggest differentiation opportunities
Complete competitive research in 2 hours instead of 2 days
Evaluate features using frameworks (RICE, ICE, Kano) and create prioritized backlogs
Example
Score 20 feature ideas using RICE framework, generate prioritized roadmap with rationale
0
total installs
0
this week
260
GitHub stars
0
upvotes
Run in your terminal
0
installs
0
this week
260
stars
Reverse-engineer a product into a mechanically verifiable feature inventory + registry + spec set, with optional security-audit artifacts and validation gates.
python3 skills/reverse-engineer-rpi/scripts/reverse_engineer_rpi.py ao \
--authorized \
--mode=binary \
--binary-path="$(command -v ao)" \
--output-dir=".agents/research/ao/"
If you do not have explicit written authorization to analyze that binary, do not run the above. Use the included demo fixture instead (see Self-Test below).
Repo-only example (no binary required):
python3 skills/reverse-engineer-rpi/scripts/reverse_engineer_rpi.py cc-sdd \
--mode=repo \
--upstream-repo="https://github.com/gotalab/cc-sdd.git" \
--output-dir=".agents/research/cc-sdd/"
Pinned clone (reproducible):
python3 skills/reverse-engineer-rpi/scripts/reverse_engineer_rpi.py cc-sdd \
--mode=repo \
--upstream-repo="https://github.com/gotalab/cc-sdd.git" \
--upstream-ref=v1.0.0 \
--output-dir=".agents/research/cc-sdd/"
Required:
product_nameOptional:
--docs-sitemap-url (recommended when available; supports https://... and file:///...)--docs-features-prefix (default: auto; detects best local docs prefix, falls back to docs/features/)--upstream-repo (optional)--upstream-ref (pin clone to a specific commit, tag, or branch; records resolved SHA in clone-metadata.json)--local-clone-dir (default: .tmp/<product_name>)--output-dir (default: .agents/research/<product_name>/)--mode (default: repo; allowed: repo|binary|both)--binary-path (required if --mode includes binary)--no-materialize-archives (authorized-only; binary mode extracts embedded ZIPs by default; this disables extraction and keeps index-only)Security audit flags (optional):
--security-audit (enables security artifacts + gates)--sbom (generate SBOM + dependency risk report where possible; may no-op with a note)--fuzz (only if a safe harness exists; timeboxed)Mandatory guardrail flag:
--authorized (required for binary mode; refuses to run binary analysis without it)--upstream-ref)Use --upstream-ref to pin a repo-mode clone to a specific commit, tag, or branch. This makes analysis reproducible and allows golden fixtures to be diffed against a known baseline.
# Pin to a tag (reproducible)
python3 skills/reverse-engineer-rpi/scripts/reverse_engineer_rpi.py cc-sdd \
--mode=repo \
--upstream-repo="https://github.com/gotalab/cc-sdd.git" \
--upstream-ref=v1.0.0 \
--output-dir=".agents/research/cc-sdd/"
# Pin to a specific commit SHA
python3 skills/reverse-engineer-rpi/scripts/reverse_engineer_rpi.py cc-sdd \
--mode=repo \
--upstream-repo="https://github.com/gotalab/cc-sdd.git" \
--upstream-ref=abc1234 \
--output-dir=".agents/research/cc-sdd/"
When --upstream-ref is provided:
git fetch --depth=1 origin <ref> and checked out to FETCH_HEAD.output_dir/clone-metadata.json for traceability.--upstream-ref, a --depth=1 shallow clone of the default branch HEAD is used instead.clone-metadata.json schema:
{
"upstream_repo": "https://github.com/gotalab/cc-sdd.git",
"upstream_ref": "v1.0.0",
"resolved_commit": "<full SHA>",
"clone_date": "YYYY-MM-DD"
}
output_dir/)Repo-mode analysis writes machine-checkable contract files under output_dir/. These files use only relative paths, sorted lists, and stable keys — no absolute paths, no run-specific timestamps — so they can be committed as golden fixtures and diffed across runs.
Primary contract files:
| File | Description |
|---|---|
feature-registry.yaml |
Structured feature inventory with mechanically-extracted CLI, config/env, and artifact surface |
cli-surface-contracts.txt |
CLI surface: commands, flags, help text, framework, language |
docs-features.txt |
Features extracted from documentation (docs say vs code proves) |
clone-metadata.json |
Upstream repo URL, pinned ref, resolved commit SHA, clone date |
Example feature-registry.yaml structure:
schema_version: 1
product_name: cc-sdd
upstream_commit: "abc1234..."
features:
- name: cli-entry
cli:
language: node
bin:
cc-sdd: dist/cli.js
help_text: "Usage: cc-sdd [options] ..."
- name: config-surface
config_env:
config_file: ".cc-sdd/config.json"
env_vars:
- name: CC_SDD_TOKEN
evidence: ["src/config.ts"]
Note: Contract outputs are written by
--mode=repo(or--mode=both). Binary-mode outputs (binary-analysis.md,binary-symbols.txt, etc.) remain directly underoutput_dir/.
Golden fixtures allow regression detection: commit a known-good fixture snapshot (contract files alongside the pinned clone-metadata.json), then diff future runs against it.
bash skills/reverse-engineer-rpi/scripts/repo_fixture_test.sh
This script (implemented in ag-w77.3):
skills/reverse-engineer-rpi/fixtures/cc-sdd-v2.1.0/clone-metadata.json to determine the pinned upstream ref.reverse_engineer_rpi.py in repo mode with that ref into a temp output dir.feature-registry.yaml, cli-surface-contracts.txt, docs-features.txt).The test requires network access to clone the upstream repo.
When contracts legitimately change (new flags, new env vars, schema bumps), update the golden fixtures:
# 1. Re-run with the pinned ref to generate fresh contracts
python3 skills/reverse-engineer-rpi/scripts/reverse_engineer_rpi.py cc-sdd \
--mode=repo \
--upstream-repo="https://github.com/gotalab/cc-sdd.git" \
--upstream-ref=<new-tag-or-sha> \
--output-dir=".tmp/cc-sdd-refresh/"
# 2. Copy contracts into the fixture directory
cp .tmp/cc-sdd-refresh/feature-registry.yaml \
skills/reverse-engineer-rpi/fixtures/cc-sdd-v2.1.0/feature-registry.yaml
# 3. Update the pinned clone metadata
cp .tmp/cc-sdd-refresh/clone-metadata.json \
skills/reverse-engineer-rpi/fixtures/cc-sdd-v2.1.0/clone-metadata.json
# 4. Commit the updated fixtures
git add skills/reverse-engineer-rpi/fixtures/cc-sdd-v2.1.0/
git commit -m "fix(reverse-engineer-rpi): update cc-sdd golden fixtures to <new-tag-or-sha>"
Fixture files that must be committed for the test to pass:
skills/reverse-engineer-rpi/fixtures/cc-sdd-v2.1.0/clone-metadata.jsonskills/reverse-engineer-rpi/fixtures/cc-sdd-v2.1.0/feature-registry.yamlskills/reverse-engineer-rpi/fixtures/cc-sdd-v2.1.0/cli-surface-contracts.txtskills/reverse-engineer-rpi/fixtures/cc-sdd-v2.1.0/docs-features.txtRun:
python3 skills/reverse-engineer-rpi/scripts/reverse_engineer_rpi.py <product_name> --authorized [flags...]
This generates the required outputs under output_dir/ and (when applicable) .agents/council/ and .agents/learnings/.
Core outputs under output_dir/:
feature-inventory.mdfeature-registry.yamlvalidate-feature-registry.pyfeature-catalog.mdspec-architecture.mdspec-code-map.mdspec-cli-surface.md (Node, Python, or Go CLI detected; otherwise a note is written to spec-code-map.md)spec-clone-vs-use.mdspec-clone-mvp.md (original MVP spec; do not copy from target)clone-metadata.json (when --upstream-repo is used; records resolved commit SHA)Binary-mode extras:
binary-analysis.md (best-effort summary)binary-embedded-archives.md (index only; no dumps)Repo-mode extras:
spec-artifact-surface.md (best-effort; template/manifest driven install surface)artifact-registry.json (best-effort; hashed template inventory when manifests/templates exist)If --security-audit, also create output_dir/security/:
threat-model.mdattack-surface.mddataflow.mdcrypto-review.mdauthn-authz.mdfindings.mdreproducibility.mdvalidate-security-audit.shEnd-to-end fixture (safe, owned demo binary with embedded ZIP):
bash skills/reverse-engineer-rpi/scripts/self_test.sh
This must show:
validate-security-audit.sh exits 0 and secret scan passesUser says: /reverse-engineer-rpi cc-sdd --mode=repo --upstream-repo="https://github.com/gotalab/cc-sdd.git" --upstream-ref=v1.0.0
What happens:
v1.0.0 and records the resolved SHA in clone-metadata.json.feature-inventory.md, feature-registry.yaml, contract JSON, and all spec files under the output directory.Result: A complete feature catalog and machine-checkable feature-registry.yaml are generated under .agents/research/cc-sdd/, ready for golden-fixture diffing.
User says: /reverse-engineer-rpi ao --authorized --mode=binary --binary-path="$(command -v ao)" --security-audit
What happens:
ao binary (file metadata, linked libraries, embedded archive signatures) and writes binary-analysis.md and binary-embedded-archives.md.threat-model.md, attack-surface.md, findings.md, etc.) under output_dir/security/ and runs the secret-scan gate over all outputs.Result: Binary analysis artifacts plus a validated security audit are produced; validate-security-audit.sh exits 0 confirming all security deliverables are present and secrets-clean.
| Problem | Cause | Solution |
|---|---|---|
| Script refuses to run binary analysis | Missing --authorized flag |
Add --authorized to confirm you have explicit written authorization to analyze the binary. |
clone-metadata.json not generated |
--upstream-repo was not provided |
Pass --upstream-repo (and optionally --upstream-ref) to enable clone metadata tracking. |
| Fixture test diff fails unexpectedly | Upstream repo changed or golden fixtures are stale | Re-run with the pinned ref, copy fresh contracts into fixtures/, and commit the updated golden files (see Updating Fixtures). |
spec-cli-surface.md not generated |
No recognized CLI framework (Node/Python/Go) detected in the repo | Check that the target repo has a discoverable CLI entry point; otherwise the CLI surface is documented in spec-code-map.md instead. |
| Network error during repo clone | Firewall, VPN, or GitHub rate limit blocking the shallow clone | Verify network connectivity, authenticate with gh auth login if the repo is private, or use --local-clone-dir to point at a pre-cloned directory. |
Make data-driven prioritization decisions faster
Draft PRDs, status updates, and stakeholder presentations
Example
Create executive summary of Q3 roadmap, monthly progress report, feature launch announcement
Save 3-5 hours/week on communication overhead
Prerequisites
Time Estimate
30-60 minutes to see productivity improvements
Steps
Common Pitfalls
✓ Do
✗ Don't
💡 Pro Tips
✓ Use when
Use for user story writing, competitive research, roadmap prioritization, stakeholder communication, and PRD drafting. Best for reducing repetitive documentation and research work.
✗ Avoid when
Avoid for strategic product vision (requires deep customer empathy), pricing decisions (needs market and financial expertise), or when face-to-face customer discovery is more valuable than speed.
mattpocock/skills
parcadei/continuous-claude-v3
cursor/plugins
ailabs-393/ai-labs-claude-skills
pproenca/dot-skills
mattpocock/skills
Registry listing for reverse-engineer-rpi matched our evaluation — installs cleanly and behaves as described in the markdown.
Useful defaults in reverse-engineer-rpi — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
reverse-engineer-rpi has been reliable in day-to-day use. Documentation quality is above average for community skills.
reverse-engineer-rpi has been reliable in day-to-day use. Documentation quality is above average for community skills.
Useful defaults in reverse-engineer-rpi — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
I recommend reverse-engineer-rpi for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
Solid pick for teams standardizing on skills: reverse-engineer-rpi is focused, and the summary matches what you get after install.
We added reverse-engineer-rpi from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
Keeps context tight: reverse-engineer-rpi is the kind of skill you can hand to a new teammate without a long onboarding doc.
reverse-engineer-rpi fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
showing 1-10 of 44