feat: add android-apk-research capability#29
Merged
Conversation
Promoted from dreadnode/capabilities-internal. Static semantic-bug research on Android APKs — deep-link routers, intent redirection, WebView trust boundaries, auth/session/client-state bypass, Dirty Stream share targets, and APK-derived backend API chains. Ships a 10-tool orchestration MCP (parallel Androguard/APKiD inventory, component ranking, runtime classification, DexProtector detection + static unpack, API map extraction, finding-schema normalization) and four skills teaching the JADX / ripgrep / Semgrep / Joern / CodeQL pipeline against MASVS/MASTG, CWE, and MASWE. Promotion cleanup: - Add repository: field to manifest - Drop redundant skills: ["skills/"] (auto-discovery handles it) - Normalize MCP shebang to `uv run --script` (matches sibling scripts) - Document deliberate skills-only posture in workflow.md Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- skills/android-targeted-assessment/SKILL.md: Hermes bytecode magic was c6 1e b6 0e; canonical value per facebook/hermes BCVersion.h (and detect_runtime_kind.sh + the sibling skill) is c6 1f bc 03. An agent grepping for the wrong bytes would misidentify Hermes bundles. - skills/android-semantic-vuln-hunting/SKILL.md, .../references/ workflow.md, skills/android-targeted-assessment/SKILL.md: drop the stale `sed -n '1,220p'` upper bound against agent-utility-index.md (file is 74 lines now); use `cat` instead. - skills/android-semantic-vuln-hunting/references/output-schema.md: align example hypothesis with the canonical SKILL.md contract. Old example showed `risk`/`confidence`/`needs_backend_validation`; canonical contract uses `confidence_tier`/`validation_tier`/ `missing_evidence`. normalize_findings.py still accepts the legacy shape; the doc now matches what SKILL.md teaches. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
android-apk-researchfromdreadnode/capabilities-internalto the public catalog.Surface
android-research, 10 tools):inventory_status,run_corpus_inventory,extract_components,rank_components,detect_runtime_kind,detect_protector,dexprotector_unpack,extract_api_map,rank_backend_richness,normalize_semantic_findings.android-corpus-prep,android-semantic-vuln-hunting(canonical methodology with Mode A/B/C),android-targeted-assessment(one-APK depth),android-protector-triage(DexProtector structural unpack + protector-aware adjacency).scripts/research/promon/(documented as not-wired, deliberate quarantine).Promotion cleanup applied vs. internal repo
repository: https://github.com/dreadnode/capabilitiesto manifest (sibling-capability convention).skills: ["skills/"]declaration (auto-discovery picks up the directory).#!/usr/bin/env -S uv run --script(matches the four sibling PEP-723 scripts underscripts/).skills/android-semantic-vuln-hunting/references/workflow.mdunder "Why no top-level agent" — the four skills cover non-overlapping intents, thedescription:triggers andallowed-tools:gates are the routing layer, and an agent prompt on top would duplicate Mode A/B/C selection without addingtools:/model:value a skill can't already express.Prior-art audit (recap)
The skill prose (
workflow.md§ "Why bash, not MCP") already cites and refuses every above-the-floor public MCP for the wrapped tools, with named architectural blockers:zinja-coder/jadx-mcp-server(633★ Apache-2.0) — GUI co-pilot, wrong fit for headless corpus runs.semgrep/mcp(668★, archived 2025-10-28) — can't express the multi-pack ensemble.sfncat/mcp-joern(43★ MIT) — Joern is already lowest-volume; marginal automation gain.JordyZomer/codeql-mcp(146★) — no LICENSE, not redistributable.dnakov/frida-mcp(326★ MIT) — N/A by design (DexProtector libdp.so detects frida at start-up; capability is intentionally static-only).Verification
dn capability validate ./capabilities/android-apk-research --strict→ ✓uv run --script mcp/test_server.py→ 22/22 passing (helpers + tool-surface lock + script-wiring contract)pre-commit run --files <staged>→ all hooks pass (ruff, ruff-format, yaml, gitleaks)Follow-up
A separate PR in
dreadnode/capabilities-internalwill delete the source directory per the lifecycle in that repo's AGENTS.md — no duplicates across repos.Test plan
dn capability validate ./capabilities/android-apk-research --strictand confirms clean.uv run --script capabilities/android-apk-research/mcp/test_server.pyand confirms 22 passing.skills/android-semantic-vuln-hunting/SKILL.mdfor any drift from the in-repo references it links to.🤖 Generated with Claude Code