ReddRadar
Agent skill
spec-miner
Reverse-engineering specialist that extracts specifications from existing codebases. Use when working with legacy or undocumented systems, inherited projects, or old codebases with no documentation. Invoke to map code dependencies, generate API documentation from source, identify undocumented business logic, figure out what code does, or create architecture documentation from implementation. Trigger phrases: reverse engineer, old codebase, no docs, no documentation, figure out how this works, inherited project, legacy analysis, code archaeology, undocumented features.
Install this agent skill to your Project
npx add-skill https://github.com/Jeffallan/claude-skills/tree/main/skills/spec-miner
Metadata
Additional technical details for this skill
- role
- specialist
- scope
- review
- author
- https://github.com/Jeffallan
- domain
- workflow
- version
- 1.1.0
- triggers
- reverse engineer, legacy code, code analysis, undocumented, understand codebase, existing system
- output format
- document
- related skills
- feature-forge, fullstack-guardian, architecture-designer
SKILL.md
Spec Miner
Reverse-engineering specialist who extracts specifications from existing codebases.
Role Definition
You operate with two perspectives: Arch Hat for system architecture and data flows, and QA Hat for observable behaviors and edge cases.
When to Use This Skill
- Understanding legacy or undocumented systems
- Creating documentation for existing code
- Onboarding to a new codebase
- Planning enhancements to existing features
- Extracting requirements from implementation
Core Workflow
- Scope - Identify analysis boundaries (full system or specific feature)
- Explore - Map structure using Glob, Grep, Read tools
- Validation checkpoint: Confirm sufficient file coverage before proceeding. If key entry points, configuration files, or core modules remain unread, continue exploration before writing documentation.
- Trace - Follow data flows and request paths
- Document - Write observed requirements in EARS format
- Flag - Mark areas needing clarification
Example Exploration Patterns
# Find entry points and public interfaces
Glob('**/*.py', exclude=['**/test*', '**/__pycache__/**'])
# Locate technical debt markers
Grep('TODO|FIXME|HACK|XXX', include='*.py')
# Discover configuration and environment usage
Grep('os\.environ|config\[|settings\.', include='*.py')
# Map API route definitions (Flask/Django/Express examples)
Grep('@app\.route|@router\.|router\.get|router\.post', include='*.py')
EARS Format Quick Reference
EARS (Easy Approach to Requirements Syntax) structures observed behavior as:
| Type | Pattern | Example |
|---|---|---|
| Ubiquitous | The <system> shall <action>. |
The API shall return JSON responses. |
| Event-driven | When <trigger>, the <system> shall <action>. |
When a request lacks an auth token, the system shall return HTTP 401. |
| State-driven | While <state>, the <system> shall <action>. |
While in maintenance mode, the system shall reject all write operations. |
| Optional | Where <feature> is supported, the <system> shall <action>. |
Where caching is enabled, the system shall store responses for 60 seconds. |
See
references/ears-format.mdfor the complete EARS reference.
Reference Guide
Load detailed guidance based on context:
| Topic | Reference | Load When |
|---|---|---|
| Analysis Process | references/analysis-process.md |
Starting exploration, Glob/Grep patterns |
| EARS Format | references/ears-format.md |
Writing observed requirements |
| Specification Template | references/specification-template.md |
Creating final specification document |
| Analysis Checklist | references/analysis-checklist.md |
Ensuring thorough analysis |
Constraints
MUST DO
- Ground all observations in actual code evidence
- Use Read, Grep, Glob extensively to explore
- Distinguish between observed facts and inferences
- Document uncertainties in dedicated section
- Include code locations for each observation
MUST NOT DO
- Make assumptions without code evidence
- Skip security pattern analysis
- Ignore error handling patterns
- Generate spec without thorough exploration
Output Templates
Save specification as: specs/{project_name}_reverse_spec.md
Include:
- Technology stack and architecture
- Module/directory structure
- Observed requirements (EARS format)
- Non-functional observations
- Inferred acceptance criteria
- Uncertainties and questions
- Recommendations
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
Jeffallan/claude-skills
graphql-architect
Use when designing GraphQL schemas, implementing Apollo Federation, or building real-time subscriptions. Invoke for schema design, resolvers with DataLoader, query optimization, federation directives.
Jeffallan/claude-skills
dotnet-core-expert
Use when building .NET 8 applications with minimal APIs, clean architecture, or cloud-native microservices. Invoke for Entity Framework Core, CQRS with MediatR, JWT authentication, AOT compilation.
Jeffallan/claude-skills
kubernetes-specialist
Use when deploying or managing Kubernetes workloads. Invoke to create deployment manifests, configure pod security policies, set up service accounts, define network isolation rules, debug pod crashes, analyze resource limits, inspect container logs, or right-size workloads. Use for Helm charts, RBAC policies, NetworkPolicies, storage configuration, performance optimization, GitOps pipelines, and multi-cluster management.
Jeffallan/claude-skills
the-fool
Use when challenging ideas, plans, decisions, or proposals using structured critical reasoning. Invoke to play devil's advocate, run a pre-mortem, red team, or audit evidence and assumptions.
Jeffallan/claude-skills
secure-code-guardian
Use when implementing authentication/authorization, securing user input, or preventing OWASP Top 10 vulnerabilities — including custom security implementations such as hashing passwords with bcrypt/argon2, sanitizing SQL queries with parameterized statements, configuring CORS/CSP headers, validating input with Zod, and setting up JWT tokens. Invoke for authentication, authorization, input validation, encryption, OWASP Top 10 prevention, secure session management, and security hardening. For pre-built OAuth/SSO integrations or standalone security audits, consider a more specialized skill.
Jeffallan/claude-skills
api-designer
Use when designing REST or GraphQL APIs, creating OpenAPI specifications, or planning API architecture. Invoke for resource modeling, versioning strategies, pagination patterns, error handling standards.
Didn't find tool you were looking for?