Most mobile apps expose a network surface (endpoints, auth flows, hardcoded URLs) that matters more for interoperability, security research, and incident response than their UI code. When source is unavailable, the tedious part isn't decompiling per se but locating and documenting the app's HTTP patterns and the call paths that reach them. This Claude Code skill automates that gap: it orchestrates decompilation engines and targeted analyses to produce a focused API map and call-flow traces you can act on.
What Sets It Apart
- Targeted API extraction: hunts for Retrofit interfaces, OkHttp usages, hardcoded URLs, and common auth header/token patterns so you get a concise list of endpoints and auth flows rather than raw decompiled code — which saves manual triage time.
- Multi-engine decompilation and comparison: supports jadx and Fernflower/Vineflower (single or side‑by‑side) to improve readability on obfuscated/complex bytecode and reduce missed references.
- Call-flow tracing: links Activities/Fragments through ViewModels/repositories down to HTTP calls, producing actionable traces that show where in the app network calls originate.
- Plugin + scripts workflow: usable as a Claude Code skill (slash commands and natural-language prompts) and as standalone scripts for automation or CI integration.
Who It's For & Trade-offs
Great fit if you are a security researcher, malware analyst, incident responder, interoperability engineer, or developer needing to document third-party app APIs without source access. It reduces manual search and gives structured outputs suitable for reporting or tests.
Look elsewhere if you need a turnkey commercial GUI with formal licensing support, or if you require binary-level instrumentation or dynamic hooking (this tool focuses on static analysis and extraction workflows, not runtime instrumentation). Also ensure you have legal authorization before analyzing third-party apps — the repository's README stresses lawful use only.
Where It Fits
Best used as part of a reverse-engineering or incident-response pipeline: run decompilation + extraction to produce an API inventory, then use dynamic testing or instrumentation to validate endpoints and auth behaviors.
