ClawHub

Apktool

v0.0.2

反向工程 Android APK 文件的命令行工具

0· 329·0 current·0 all-time
byKGTAF@killgfat
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description (Apktool reverse-engineering) matches the binaries and instructions. One minor inconsistency: the declared required binaries list includes 'jadx' as mandatory, but the SKILL.md and docs treat jadx as an optional complementary tool (used only if the user wants Java-source decompilation). Making jadx a hard requirement is stricter than needed for the stated purpose.
Instruction Scope
Runtime instructions are limited to local reverse-engineering tasks (apktool commands, edit files, recompile/sign). They do not instruct reading unrelated system files, exfiltrating data, or posting results to third-party endpoints. Install-related commands (curl/wget) fetch releases from GitHub, which is expected for tool installation.
Install Mechanism
Primary install spec uses package managers (brew/apt) which is low risk. The provided manual install script for jadx downloads a zip from a GitHub releases URL and unpacks it into /opt and symlinks into /usr/local/bin — a common pattern but it executes sudo, curl/wget, unzip and writes to system paths. This is moderate risk only because it executes remote-downloaded binaries; the source is a GitHub release (traceable) rather than an unknown personal server.
Credentials
No environment variables, credentials, or config paths are requested. The skill does not ask for unrelated secrets or permissions; requested binaries (apktool, java, optionally jadx) are proportionate to its function.
Persistence & Privilege
The skill does not request always:true, does not claim system-wide persistent privileges, and contains no instructions to modify other skills or global agent configuration. Autonomous invocation is allowed (platform default) but not combined with other concerning privileges.
Assessment
This skill appears to be what it says: a wrapper/documentation for Apktool. Before installing, consider: (1) jadx is listed as a required binary even though it’s optional — you can remove it from requirements if you don't need Java decompilation. (2) The manual install runs sudo + curl/wget/unzip and writes to /opt and /usr/local/bin — review the script and the GitHub release links before running with elevated privileges. (3) Prefer your OS package manager (brew/apt) where possible rather than running arbitrary install scripts. (4) Be mindful of legal/ethical constraints when reverse-engineering third-party APKs. If you want higher assurance, request a versioned checksum for the downloaded archives or install tools manually from their official release pages.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ashwq34kg6zevr8dk5z26an8218sr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsapktool, java, jadx

Install

安装 Apktool (macOS Homebrew)

SKILL.md

Apktool 技能

🔧 反向工程 Android APK 文件的命令行工具

📦 依赖声明

必需二进制文件

  • apktool - Android APK 反向工程工具
  • java - Java 运行时(Apktool 基于 Java)

检查依赖

# 检查 apktool 是否已安装
which apktool
apktool --version

# 检查 Java 是否已安装
java -version

安装指引

如未安装,请阅读 references/install.md 获取详细安装步骤。

🎯 核心功能

  • 反编译(Disassemble) - 将 APK 解码为近乎原始形式(smali 代码、资源文件)
  • 编译(Assemble) - 将修改后的代码和资源重新打包为 APK
  • 分析(Analyze) - 快速检查资源清单和配置文件,无需重建

🚀 快速开始

反编译 APK

# 基本反编译
apktool d app.apk

# 指定输出目录
apktool d app.apk -o output_folder

# 仅分析不生成文件(-m 模式)
apktool d app.apk -m

重新编译 APK

# 编译反编译后的文件夹
apktool b app_folder

# 指定输出 APK 路径
apktool b app_folder -o modified_app.apk

典型工作流

# 1. 反编译
apktool d target.apk -o target_decompiled

# 2. 修改资源或代码
# 编辑 target_decompiled/ 中的文件

# 3. 重新编译
apktool b target_decompiled -o target_modified.apk

# 4. 签名 APK(需要额外工具)
# apksigner 或 jarsigner

📚 详细文档

主题文档
🔧 安装指南references/install.md
📖 完整用法references/usage.md
🛠️ 常见问题references/troubleshooting.md

🔐 安全提示

  • 合法使用 - 仅对您拥有权限的 APK 进行反向工程
  • 学习研究 - 适用于安全研究、应用分析、本地化翻译等合法用途
  • 遵守法律 - 请勿用于侵犯版权或绕过软件保护

🤝 使用示例

示例 1:查看 APK 结构

# 快速分析 APK 结构(不生成文件)
apktool d app.apk -m

# 查看 AndroidManifest.xml
cat apktool.yml

示例 2:修改应用资源

# 反编译
apktool d myapp.apk

# 修改 res/values/strings.xml 进行本地化
# 编辑文件...

# 重新编译
apktool b myapp -o myapp_localized.apk

示例 3:分析权限配置

# 反编译并查看 AndroidManifest.xml
apktool d target.apk -m
cat target/AndroidManifest.xml | grep permission

💡 提示

  • 反编译后的代码为 smali 格式(Android 的汇编语言)
  • 如需 Java 源代码,可配合 jadx 工具使用
  • 修改后的 APK 需要重新签名才能安装到设备
  • 大型 APK 反编译可能需要数分钟

版本: 0.0.2
最后更新: 2026-02-28

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…