FIXED: relative paths

plugins/android-reverse-engineering/commands/decompile.md

@@ -22,7 +22,7 @@ If the user provided a file path as an argument, use that. Otherwise, ask the us
 Run the dependency check:
 
 ```bash
-bash skills/android-reverse-engineering/scripts/check-deps.sh
+bash ${CLAUDE_PLUGIN_ROOT}/skills/android-reverse-engineering/scripts/check-deps.sh
 ```
 
 Parse the output looking for `INSTALL_REQUIRED:` and `INSTALL_OPTIONAL:` lines.
@@ -30,8 +30,8 @@ Parse the output looking for `INSTALL_REQUIRED:` and `INSTALL_OPTIONAL:` lines.
 **If required dependencies are missing**, install them one by one:
 
 ```bash
-bash skills/android-reverse-engineering/scripts/install-dep.sh java
-bash skills/android-reverse-engineering/scripts/install-dep.sh jadx
+bash ${CLAUDE_PLUGIN_ROOT}/skills/android-reverse-engineering/scripts/install-dep.sh java
+bash ${CLAUDE_PLUGIN_ROOT}/skills/android-reverse-engineering/scripts/install-dep.sh jadx
 ```
 
 The install script auto-detects the OS and installs without sudo when possible (user-local install to `~/.local/`). If sudo is needed, it will prompt — if the user declines or sudo is unavailable, the script prints exact manual instructions (exit code 2). Show those instructions to the user and stop.
@@ -46,23 +46,23 @@ Run the decompile script on the target file. Choose the engine based on the inpu
 
 - **APK or XAPK** → use jadx first (handles resources natively; XAPK is auto-extracted):
   ```bash
-  bash skills/android-reverse-engineering/scripts/decompile.sh <file>
+  bash ${CLAUDE_PLUGIN_ROOT}/skills/android-reverse-engineering/scripts/decompile.sh <file>
   ```
 
 - **JAR/AAR** and Fernflower is available → prefer fernflower for better Java output:
   ```bash
-  bash skills/android-reverse-engineering/scripts/decompile.sh --engine fernflower <file>
+  bash ${CLAUDE_PLUGIN_ROOT}/skills/android-reverse-engineering/scripts/decompile.sh --engine fernflower <file>
   ```
 
 - **If jadx output has warnings** or the user wants the best quality → run both and compare:
   ```bash
-  bash skills/android-reverse-engineering/scripts/decompile.sh --engine both <file>
+  bash ${CLAUDE_PLUGIN_ROOT}/skills/android-reverse-engineering/scripts/decompile.sh --engine both <file>
   ```
 
 For obfuscated apps (if the user mentions it or you detect single-letter package names), add `--deobf`:
 
 ```bash
-bash skills/android-reverse-engineering/scripts/decompile.sh --deobf <file>
+bash ${CLAUDE_PLUGIN_ROOT}/skills/android-reverse-engineering/scripts/decompile.sh --deobf <file>
 ```
 
 ### Step 4: Analyze structure
@@ -83,4 +83,4 @@ Tell the user what they can do next:
 - **Analyze specific classes**: "Point me to a specific class or feature to analyze"
 - **Re-decompile with Fernflower**: If jadx output has warnings, offer to re-run with `--engine both` for comparison
 
-Refer to the full skill documentation in `skills/android-reverse-engineering/SKILL.md` for the complete workflow.
+Refer to the full skill documentation in `${CLAUDE_PLUGIN_ROOT}/skills/android-reverse-engineering/SKILL.md` for the complete workflow.

plugins/android-reverse-engineering/skills/android-reverse-engineering/SKILL.md

@@ -11,10 +11,10 @@ Decompile Android APK, XAPK, JAR, and AAR files using jadx and Fernflower/Vinefl
 This skill requires **Java JDK 17+** and **jadx** to be installed. **Fernflower/Vineflower** and **dex2jar** are optional but recommended for better decompilation quality. Run the dependency checker to verify:
 
 ```bash
-bash skills/android-reverse-engineering/scripts/check-deps.sh
+bash ${CLAUDE_PLUGIN_ROOT}/skills/android-reverse-engineering/scripts/check-deps.sh
 ```
 
-If anything is missing, follow the installation instructions in `skills/android-reverse-engineering/references/setup-guide.md`.
+If anything is missing, follow the installation instructions in `${CLAUDE_PLUGIN_ROOT}/skills/android-reverse-engineering/references/setup-guide.md`.
 
 ## Workflow
 
@@ -25,7 +25,7 @@ Before decompiling, confirm that the required tools are available — and instal
 **Action**: Run the dependency check script.
 
 ```bash
-bash skills/android-reverse-engineering/scripts/check-deps.sh
+bash ${CLAUDE_PLUGIN_ROOT}/skills/android-reverse-engineering/scripts/check-deps.sh
 ```
 
 The output contains machine-readable lines:
@@ -35,7 +35,7 @@ The output contains machine-readable lines:
 **If required dependencies are missing** (exit code 1), install them automatically:
 
 ```bash
-bash skills/android-reverse-engineering/scripts/install-dep.sh <dep>
+bash ${CLAUDE_PLUGIN_ROOT}/skills/android-reverse-engineering/scripts/install-dep.sh <dep>
 ```
 
 The install script detects the OS and package manager, then:
@@ -54,7 +54,7 @@ Use the decompile wrapper script to process the target file. The script supports
 **Action**: Choose the engine and run the decompile script. The script handles APK, XAPK, JAR, and AAR files.
 
 ```bash
-bash skills/android-reverse-engineering/scripts/decompile.sh [OPTIONS] <file>
+bash ${CLAUDE_PLUGIN_ROOT}/skills/android-reverse-engineering/scripts/decompile.sh [OPTIONS] <file>
 ```
 
 For **XAPK** files (ZIP bundles containing multiple APKs, used by APKPure and similar stores): the script automatically extracts the archive, identifies all APK files inside (base + split APKs), and decompiles each one into a separate subdirectory. The XAPK manifest is copied to the output for reference.
@@ -79,7 +79,7 @@ When using `--engine both`, the outputs go into `<output>/jadx/` and `<output>/f
 
 For APK files with Fernflower, the script automatically uses dex2jar as an intermediate step. dex2jar must be installed for this to work.
 
-See `references/jadx-usage.md` and `references/fernflower-usage.md` for the full CLI references.
+See `${CLAUDE_PLUGIN_ROOT}/skills/android-reverse-engineering/references/jadx-usage.md` and `${CLAUDE_PLUGIN_ROOT}/skills/android-reverse-engineering/references/fernflower-usage.md` for the full CLI references.
 
 ### Phase 3: Analyze Structure
 
@@ -124,7 +124,7 @@ Follow execution paths from user-facing entry points down to network calls.
 
 5. **Handle obfuscated code**: When class names are mangled, use string literals and library API calls as anchors. Retrofit annotations and URL strings are never obfuscated.
 
-See `references/call-flow-analysis.md` for detailed techniques and grep commands.
+See `${CLAUDE_PLUGIN_ROOT}/skills/android-reverse-engineering/references/call-flow-analysis.md` for detailed techniques and grep commands.
 
 ### Phase 5: Extract and Document APIs
 
@@ -133,19 +133,19 @@ Find all API endpoints and produce structured documentation.
 **Action**: Run the API search script for a broad sweep.
 
 ```bash
-bash skills/android-reverse-engineering/scripts/find-api-calls.sh <output>/sources/
+bash ${CLAUDE_PLUGIN_ROOT}/skills/android-reverse-engineering/scripts/find-api-calls.sh <output>/sources/
 ```
 
 Targeted searches:
 ```bash
 # Only Retrofit
-bash skills/android-reverse-engineering/scripts/find-api-calls.sh <output>/sources/ --retrofit
+bash ${CLAUDE_PLUGIN_ROOT}/skills/android-reverse-engineering/scripts/find-api-calls.sh <output>/sources/ --retrofit
 
 # Only hardcoded URLs
-bash skills/android-reverse-engineering/scripts/find-api-calls.sh <output>/sources/ --urls
+bash ${CLAUDE_PLUGIN_ROOT}/skills/android-reverse-engineering/scripts/find-api-calls.sh <output>/sources/ --urls
 
 # Only auth patterns
-bash skills/android-reverse-engineering/scripts/find-api-calls.sh <output>/sources/ --auth
+bash ${CLAUDE_PLUGIN_ROOT}/skills/android-reverse-engineering/scripts/find-api-calls.sh <output>/sources/ --auth
 ```
 
 Then, for each discovered endpoint, read the surrounding source code to extract:
@@ -171,7 +171,7 @@ Then, for each discovered endpoint, read the surrounding source code to extract:
 - **Called from**: `LoginActivity → LoginViewModel → UserRepository → ApiService`
 ```
 
-See `references/api-extraction-patterns.md` for library-specific search patterns and the full documentation template.
+See `${CLAUDE_PLUGIN_ROOT}/skills/android-reverse-engineering/references/api-extraction-patterns.md` for library-specific search patterns and the full documentation template.
 
 ## Output
 
@@ -184,8 +184,8 @@ At the end of the workflow, deliver:
 
 ## References
 
-- `references/setup-guide.md` — Installing Java, jadx, Fernflower/Vineflower, dex2jar, and optional tools
-- `references/jadx-usage.md` — jadx CLI options and workflows
-- `references/fernflower-usage.md` — Fernflower/Vineflower CLI options, when to use, APK workflow
-- `references/api-extraction-patterns.md` — Library-specific search patterns and documentation template
-- `references/call-flow-analysis.md` — Techniques for tracing call flows in decompiled code
+- `${CLAUDE_PLUGIN_ROOT}/skills/android-reverse-engineering/references/setup-guide.md` — Installing Java, jadx, Fernflower/Vineflower, dex2jar, and optional tools
+- `${CLAUDE_PLUGIN_ROOT}/skills/android-reverse-engineering/references/jadx-usage.md` — jadx CLI options and workflows
+- `${CLAUDE_PLUGIN_ROOT}/skills/android-reverse-engineering/references/fernflower-usage.md` — Fernflower/Vineflower CLI options, when to use, APK workflow
+- `${CLAUDE_PLUGIN_ROOT}/skills/android-reverse-engineering/references/api-extraction-patterns.md` — Library-specific search patterns and documentation template
+- `${CLAUDE_PLUGIN_ROOT}/skills/android-reverse-engineering/references/call-flow-analysis.md` — Techniques for tracing call flows in decompiled code