taardisaa/write-ida-script
claude/skills/write-ida-script/SKILL.md
Write an IDAPython script using verified API workflows from the IDA SDK MCP server
$ install --global
skillsauthnpx skillsauth add taardisaa/ida-script-helper write-ida-scriptInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 15, 2026, 4:10 AM19.7s1 file scanned
SKILL.md
- name:
- write-ida-script
- description:
- Write an IDAPython script using verified API workflows from the IDA SDK MCP server
- user_invocable:
- true
Write IDA Script
Write an IDAPython script by first consulting the ida-api-mcp MCP tools to retrieve verified API call sequences, then composing the script from those patterns.
Process
Follow these steps in order:
1. Decompose the request
Break the user's request into discrete sub-tasks. For example, "list all functions and their cross-references" becomes:
- Sub-task A: enumerate all functions
- Sub-task B: get cross-references for each function
2. Retrieve workflows
For each sub-task, call get_workflows with a natural-language description:
get_workflows("enumerate all functions in the database")
get_workflows("get cross references to a function")
3. Look up unfamiliar APIs
For any API function in the workflow results that you're not confident about, call get_api_doc:
get_api_doc("xrefblk_t")
get_api_doc("get_func_name")
4. Find companion APIs if needed
If a workflow seems incomplete (e.g., you have iteration but no formatting), call list_related_apis:
list_related_apis("get_func")
5. Write the script
Compose the script following these conventions:
- Explicit imports:
import ida_funcs, notfrom ida_funcs import * main()wrapper: All logic insidedef main():withif __name__ == "__main__": main()- None checks: Always check return values —
get_func(),decompile(), etc. can returnNone print()for output: Useprint()in IDAPython, notida_kernwin.msg()- Module-qualified calls:
ida_funcs.get_func(ea), not bareget_func(ea)
Canonical style example:
"""
Short summary of what the script does.
Longer description of the workflow: what it takes as input,
what it produces, and any prerequisites.
Usage: Run in IDA Pro via File -> Script file...
"""
import ida_funcs
import ida_hexrays
import ida_kernwin
def main():
ea = ida_kernwin.ask_addr(0, "Enter function address:")
if ea is None:
return
pfn = ida_funcs.get_func(ea)
if pfn is None:
print("No function found at 0x%X" % ea)
return
print("Function: 0x%X - 0x%X" % (pfn.start_ea, pfn.end_ea))
cf = ida_hexrays.decompile(pfn.start_ea)
if cf is None:
print("Decompilation failed at 0x%X" % pfn.start_ea)
return
print(str(cf))
if __name__ == "__main__":
main()
6. Explain the script
After writing the script, briefly explain:
- Which workflows/API patterns were used
- What each major section does
- Any limitations or assumptions
Example
User: "write an IDAPython script that lists all functions with their sizes"
- Sub-tasks: enumerate functions, compute size, format output
get_workflows("enumerate all functions")→ revealsidautils.Functions()+ida_funcs.get_func()get_api_doc("get_func")→ confirmsfunc_thas.start_eaand.end_ea- Write script using
idautils.Functions()iterator,ida_funcs.get_func()for each, size =end_ea - start_ea
Related Skills
taardisaa/ida-api
development
VerifiedTrustedCommunity
Look up IDA SDK API documentation, related APIs, or task workflows
1SKILL.mdUpdated Apr 15, 2026
openclaw/taskflow
tools
VerifiedTrustedCommunity
Use when work should span one or more detached tasks but still behave like one job with a single owner context. TaskFlow is the durable flow substrate under authoring layers like Lobster, ACPX, plugins, or plain code. Keep conditional logic in the caller; use TaskFlow for flow identity, child-task linkage, waiting state, revision-checked mutations, and user-facing emergence.
357,764SKILL.mdUpdated Apr 10, 2026
openclaw/extensions/lobster
tools
VerifiedTrustedCommunity
# Lobster Lobster executes multi-step workflows with approval checkpoints. Use it when: - User wants a repeatable automation (triage, monitor, sync) - Actions need human approval before executing (send, post, delete) - Multiple tool calls should run as one deterministic operation ## When to use Lobster | User intent | Use Lobster? | | ------------------------------------------------------ | --------------------------
357,764SKILL.mdUpdated Apr 10, 2026
steipete/extensions/lobster
tools
VerifiedTrustedCommunity
# Lobster Lobster executes multi-step workflows with approval checkpoints. Use it when: - User wants a repeatable automation (triage, monitor, sync) - Actions need human approval before executing (send, post, delete) - Multiple tool calls should run as one deterministic operation ## When to use Lobster | User intent | Use Lobster? | | ------------------------------------------------------ | --------------------------
357,588SKILL.mdUpdated Apr 13, 2026