Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

gswangg/inspect-claude-source

Name: inspect-claude-source
Author: gswangg

/SKILL.md

npx skillsauth add gswangg/inspect-claude-source inspect-claude-source

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Inspect Claude Code Source

Extract or stage Claude Code's JavaScript source from the installed CLI. Works for both Bun-compiled builds and npm-installed cli.js bundles.

Step 1: Determine current version

VERSION="$(python3 ~/.claude/skills/inspect-claude-source/extract.py --print-version)"

To see which Claude install is being inspected:

python3 ~/.claude/skills/inspect-claude-source/extract.py --print-binary

Step 2: Extract or stage source (if not already done)

Check if /tmp/claude-source/$VERSION/src/entrypoints/cli.js exists. If not, run the extraction script bundled with this skill:

python3 ~/.claude/skills/inspect-claude-source/extract.py --text-only

The script auto-detects the install type and:

Resolves claude from PATH by default (or uses --binary PATH)
Detects the installed version from Claude Code package metadata when available
If Claude is a bundled cli.js, stages it directly to /tmp/claude-source/<version>/src/entrypoints/cli.js
If Claude is a Bun-compiled binary, locates the embedded Bun module graph and extracts modules
Formats the resulting JS for easier reading by default using fast newline insertion, or prettier with --pretty
Saves everything to /tmp/claude-source/<version>/
Skips work if that version is already present

Options:

--text-only - skip binary modules (.node, .wasm) when extracting Bun builds
--pretty - use prettier via bunx for full prettification (slower)
--binary PATH - inspect a different Claude executable or cli.js
--output-dir DIR - change output directory (default: /tmp/claude-source)
--print-version - print the resolved Claude Code version and exit
--print-binary - print the resolved Claude Code path and exit

Step 3: Search or read the source

The main source file is:

/tmp/claude-source/<version>/src/entrypoints/cli.js

If the user provided a search term ($ARGUMENTS), search for it:

grep -n "$ARGUMENTS" /tmp/claude-source/$VERSION/src/entrypoints/cli.js | head -50

For broader exploration, use Grep/Glob/Read against /tmp/claude-source/<version>/.

Tips for reverse engineering Claude Code features

Search for user-facing strings: command names, error text, help text, setting keys, event names.
Look for protocol/event markers like assistant, result, system, tool_use, stream, permission.
Search for CLI flags to find the command-line parsing path.
Search for model/provider names to find API integration logic.
Search for literal UI text to find TUI components and interaction flows.
When you find a string match, read upward for schema definitions and downward for handlers.
Expect minified/bundled code: variable names may be short, but string literals and many dependency function names survive.

gswangg/inspect-claude-source

/SKILL.md

Extract or stage Claude Code source from the installed CLI so you can inspect internals and reverse engineer features. Use when the user wants to understand how Claude Code works, trace a behavior, or find where a feature is implemented.

tools

Updated May 22, 2026

$ install --global

skillsauth

npx skillsauth add gswangg/inspect-claude-source inspect-claude-source

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 22, 2026, 7:16 AM132.7s3 files scanned

SKILL.md

name:: inspect-claude-source
description:: Extract or stage Claude Code source from the installed CLI so you can inspect internals and reverse engineer features. Use when the user wants to understand how Claude Code works, trace a behavior, or find where a feature is implemented.
allowed-tools:: Read, Grep, Glob, Bash(python3 *), Bash(grep *), Bash(wc *), Bash(ls *), Bash(readlink *), Bash(basename *), Bash(command -v *), Bash(find *)
argument-hint:: [search-term]

Inspect Claude Code Source

Extract or stage Claude Code's JavaScript source from the installed CLI. Works for both Bun-compiled builds and npm-installed cli.js bundles.

Step 1: Determine current version

VERSION="$(python3 ~/.claude/skills/inspect-claude-source/extract.py --print-version)"

To see which Claude install is being inspected:

python3 ~/.claude/skills/inspect-claude-source/extract.py --print-binary

Step 2: Extract or stage source (if not already done)

Check if /tmp/claude-source/$VERSION/src/entrypoints/cli.js exists. If not, run the extraction script bundled with this skill:

python3 ~/.claude/skills/inspect-claude-source/extract.py --text-only

The script auto-detects the install type and:

Resolves claude from PATH by default (or uses --binary PATH)
Detects the installed version from Claude Code package metadata when available
If Claude is a bundled cli.js, stages it directly to /tmp/claude-source/<version>/src/entrypoints/cli.js
If Claude is a Bun-compiled binary, locates the embedded Bun module graph and extracts modules
Formats the resulting JS for easier reading by default using fast newline insertion, or prettier with --pretty
Saves everything to /tmp/claude-source/<version>/
Skips work if that version is already present

Options:

--text-only - skip binary modules (.node, .wasm) when extracting Bun builds
--pretty - use prettier via bunx for full prettification (slower)
--binary PATH - inspect a different Claude executable or cli.js
--output-dir DIR - change output directory (default: /tmp/claude-source)
--print-version - print the resolved Claude Code version and exit
--print-binary - print the resolved Claude Code path and exit

Step 3: Search or read the source

The main source file is:

/tmp/claude-source/<version>/src/entrypoints/cli.js

If the user provided a search term ($ARGUMENTS), search for it:

grep -n "$ARGUMENTS" /tmp/claude-source/$VERSION/src/entrypoints/cli.js | head -50

For broader exploration, use Grep/Glob/Read against /tmp/claude-source/<version>/.

Tips for reverse engineering Claude Code features

Search for user-facing strings: command names, error text, help text, setting keys, event names.
Look for protocol/event markers like assistant, result, system, tool_use, stream, permission.
Search for CLI flags to find the command-line parsing path.
Search for model/provider names to find API integration logic.
Search for literal UI text to find TUI components and interaction flows.
When you find a string match, read upward for schema definitions and downward for handlers.
Expect minified/bundled code: variable names may be short, but string literals and many dependency function names survive.

Related Skills

openclaw/taskflow

tools

VerifiedTrustedCommunity

Use when work should span one or more detached tasks but still behave like one job with a single owner context. TaskFlow is the durable flow substrate under authoring layers like Lobster, ACPX, plugins, or plain code. Keep conditional logic in the caller; use TaskFlow for flow identity, child-task linkage, waiting state, revision-checked mutations, and user-facing emergence.

357,764SKILL.mdUpdated Apr 10, 2026

openclaw/extensions/lobster

tools

VerifiedTrustedCommunity

# Lobster Lobster executes multi-step workflows with approval checkpoints. Use it when: - User wants a repeatable automation (triage, monitor, sync) - Actions need human approval before executing (send, post, delete) - Multiple tool calls should run as one deterministic operation ## When to use Lobster | User intent | Use Lobster? | | ------------------------------------------------------ | --------------------------

357,764SKILL.mdUpdated Apr 10, 2026

openclaw/extensions/lobster

steipete/extensions/lobster

tools

VerifiedTrustedCommunity

357,588SKILL.mdUpdated Apr 13, 2026

steipete/extensions/lobster

steipete/xurl

tools

VerifiedTrustedCommunity

A CLI tool for making authenticated requests to the X (Twitter) API. Use this skill when you need to post tweets, reply, quote, search, read posts, manage followers, send DMs, upload media, or interact with any X API v2 endpoint.

356,423SKILL.mdUpdated Apr 13, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/gswangg/inspect-claude-source.git

# Copy into Claude Code skills folder (global)
cp -r inspect-claude-source/ ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

gswangg/inspect-claude-source

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT