apk-redteam-pipeline
Automates the red-team pipeline for Android APKs, enabling APK acquisition, decompilation, and security analysis.
Install this skill
or
53/100
Security score
The apk-redteam-pipeline skill was audited on May 26, 2026 and we found 19 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 29
Curl to non-GitHub URL
SourceSKILL.md
| 29 | curl -sk -A "Mozilla/5.0" "https://play.google.com/store/apps/developer?id=<Brand+Name>" -o /tmp/dev.html |
medium line 75
Curl to non-GitHub URL
SourceSKILL.md
| 75 | curl -sk -A "Mozilla/5.0" "https://www.apkmirror.com/?post_type=app_release&searchtype=apk&s=<brand>" \ |
medium line 81
Curl to non-GitHub URL
SourceSKILL.md
| 81 | curl -sk "https://apkpure.com/search?q=<brand>" | grep -oE 'data-dt-app="[^"]+"' |
medium line 237
Curl to non-GitHub URL
SourceSKILL.md
| 237 | curl -s "https://firestore.googleapis.com/v1/projects/<project_id>/databases/(default)/documents/users" |
medium line 240
Curl to non-GitHub URL
SourceSKILL.md
| 240 | curl -s "https://<project_id>.firebaseio.com/.json" |
medium line 243
Curl to non-GitHub URL
SourceSKILL.md
| 243 | curl -s "https://firebasestorage.googleapis.com/v0/b/<bucket>/o" |
medium line 370
Curl to non-GitHub URL
SourceSKILL.md
| 370 | curl -sk -L --max-time 60 "https://d.apkpure.net/b/APK/$pkg?version=latest" -o "$pkg.apk" |
low line 29
External URL reference
SourceSKILL.md
| 29 | curl -sk -A "Mozilla/5.0" "https://play.google.com/store/apps/developer?id=<Brand+Name>" -o /tmp/dev.html |
low line 67
External URL reference
SourceSKILL.md
| 67 | "https://d.apkpure.net/b/APK/<package_id>?version=latest" \ |
low line 75
External URL reference
SourceSKILL.md
| 75 | curl -sk -A "Mozilla/5.0" "https://www.apkmirror.com/?post_type=app_release&searchtype=apk&s=<brand>" \ |
low line 81
External URL reference
SourceSKILL.md
| 81 | curl -sk "https://apkpure.com/search?q=<brand>" | grep -oE 'data-dt-app="[^"]+"' |
low line 173
External URL reference
SourceSKILL.md
| 173 | https://api.<client>.example/<path-token>/<resource-token>?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.<payload>.<sig> |
low line 232
External URL reference
SourceSKILL.md
| 232 | # project_id → can guess Firestore / RTDB URL: https://<project_id>.firebaseio.com/.json |
low line 237
External URL reference
SourceSKILL.md
| 237 | curl -s "https://firestore.googleapis.com/v1/projects/<project_id>/databases/(default)/documents/users" |
low line 240
External URL reference
SourceSKILL.md
| 240 | curl -s "https://<project_id>.firebaseio.com/.json" |
low line 243
External URL reference
SourceSKILL.md
| 243 | curl -s "https://firebasestorage.googleapis.com/v0/b/<bucket>/o" |
low line 321
External URL reference
SourceSKILL.md
| 321 | # - Pull from http://mitm.it on the device, or |
low line 338
External URL reference
SourceSKILL.md
| 338 | | Google API key (AIza*) | Test against `https://www.googleapis.com/customsearch/v1` etc. — see what API the key activates | |
low line 370
External URL reference
SourceSKILL.md
| 370 | curl -sk -L --max-time 60 "https://d.apkpure.net/b/APK/$pkg?version=latest" -o "$pkg.apk" |
Scanned on May 26, 2026
View Security DashboardGitHub Stars 2.2K
Rate this skill
Categorydevelopment
UpdatedJune 15, 2026
openclawmobilebackendapiml-ai-engineersecurity-engineerbackend-developerdata-engineerqa-engineerdevelopment
elementalsouls/Claude-BugHunter