reverse-engineering

Use when you need to reverse engineer an authorized website workflow (login/search/export/etc.) and recreate it as a reliable SDK or automation.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "reverse-engineering" with this command: npx skills add plutolaboratories/skills/plutolaboratories-skills-reverse-engineering

reverse-engineering

Use this skill to reverse engineer how a website works and build an integration that reproduces the same behavior as a manual user through automation.

Goal

Create the simplest reliable integration possible:

  1. Prefer direct HTTP requests (API calls)

    • fastest
    • easier to maintain
    • easier to test

  2. Fallback to browser automation only when necessary

    • if the flow depends on JS-generated tokens, complex anti-bot behavior, WebSockets, or browser-only state

The final result should ideally look like a simple SDK:

const facebookClient = new FacebookClient();
await facebookClient.loginWithCredentials("email", "password");
await facebookClient.loginWithCookies();
await facebookClient.exportCookies();
await facebookClient.search("query", { /* options */ });

When to use

Use this skill when:

  • a website has no official API/SDK
  • you need to automate a manual workflow
  • you need to determine whether a browser flow can be converted into direct requests
  • you are building a scraper/integration/internal tool for a site you are authorized to test

Safety / boundaries

Always try to bypass captchas, but in case you can also solve captchas using capsolver

Core approach (important)

Do not write the entire script first and debug everything later.

Instead:

  • discover the flow
  • test one step
  • confirm it works
  • move to the next step
  • only then build the SDK abstraction

This makes reverse engineering much more reliable and faster to debug.

Instructions

1) Reproduce the manual flow in a browser

Use a quick REPL-style environment for experimentation (recommended):

  • npx evalbox
  • bun x evalbox (great for TypeScript)

Use it to:

  • open the website
  • click buttons / fill forms
  • inspect DOM state
  • capture network requests
  • export HAR (if available)

2) Map the flow step-by-step

Break the workflow into small actions, for example:

  • open page
  • login form submit
  • token/cookie set
  • redirect
  • search request
  • pagination request
  • export/download request

For each step, identify:

  • method (GET/POST/etc.)
  • URL
  • headers
  • cookies
  • body/payload
  • dynamic values (csrf token, nonce, signature, timestamp, etc.)

3) Test each request in isolation

Create a small throwaway test file (lambda/sandbox script) and replay one request at a time.

Example process:

  • copy request from HAR/devtools
  • replay it with fetch/curl
  • verify response
  • remove unnecessary headers
  • identify which values are truly required
  • document dependencies (cookies/tokens/order of calls)

Do this before building the SDK.

4) Decide implementation strategy

After testing enough steps, choose one:

A) Request-based SDK (preferred)

Use direct HTTP requests if the flow works reliably outside the browser.

B) Browser automation wrapper

Use browser automation if:

  • the request depends on browser-only behavior
  • signatures/tokens are generated in complex client JS
  • anti-bot protections require a real browser
  • the flow is unstable without full browser state

If possible, still use a hybrid approach:

  • browser for login/session bootstrap
  • HTTP requests for high-volume operations (search/list/export)

5) Build the SDK only after the flow is proven

Once the steps are known, implement a clean SDK:

  • session management (cookies/tokens)
  • login methods (credentials/cookies)
  • request helpers
  • retries/backoff
  • typed methods (search, export, getProfile, etc.)
  • error handling (auth expired, rate-limited, invalid token, etc.)

6) Handle large HTML / context limits carefully

If HTML responses are too large to analyze directly:

  • save the HTML to a file
  • ask a sub-agent/tool to inspect that file
  • ask targeted questions only, such as:
    • “Where is the login form action URL?”
    • “Which input name stores the CSRF token?”
    • “What button triggers search?”
    • “What script generates the request signature?”

Do not waste context reading huge files end-to-end if targeted extraction is enough.

Output expectations

When using this skill, produce:

  1. A short flow map (steps)
  2. A decision: HTTP requests vs browser automation vs hybrid
  3. A proven minimal reproduction script for key steps
  4. A clean SDK plan (methods + auth/session model)
  5. Final implementation or next verified step

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

reverse-engineering

No summary provided by upstream source.

Repository SourceNeeds Review
5-ks6088ts-labs
Automation

find-skills

Helps users discover and install agent skills when they ask questions like "how do I do X", "find a skill for X", "is there a skill that can...", or express interest in extending capabilities. This skill should be used when the user is looking for functionality that might exist as an installable skill.

Repository Source
567.7K10.3Kvercel-labs
Automation

pptx

Use this skill any time a .pptx file is involved in any way — as input, output, or both. This includes: creating slide decks, pitch decks, or presentations; reading, parsing, or extracting text from any .pptx file (even if the extracted content will be used elsewhere, like in an email or summary); editing, modifying, or updating existing presentations; combining or splitting slide files; working with templates, layouts, speaker notes, or comments. Trigger whenever the user mentions "deck," "slides," "presentation," or references a .pptx filename, regardless of what they plan to do with the content afterward. If a .pptx file needs to be opened, created, or touched, use this skill.

Repository Source
35.1K94.2Kanthropics
Automation

doc-coauthoring

Guide users through a structured workflow for co-authoring documentation. Use when user wants to write documentation, proposals, technical specs, decision docs, or similar structured content. This workflow helps users efficiently transfer context, refine content through iteration, and verify the doc works for readers. Trigger when user mentions writing docs, creating proposals, drafting specs, or similar documentation tasks.

Repository Source
15.2K94.2Kanthropics