plugin-auditor

Solid

Automatically audits Claude Code plugins for security vulnerabilities, best practices, CLAUDE.md compliance, and quality standards when user mentions audit plugin, security review, or best practices check. Specific to claude-code-plugins repository standards.

AI & Automation 2,274 stars 319 forks Updated today MIT

Install

View on GitHub

Quality Score: 96/100

Stars 20%

100

Recency 20%

100

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# Plugin Auditor ## Purpose Automatically audits Claude Code plugins for security vulnerabilities, best practice violations, CLAUDE.md compliance, and quality standards - optimized for claude-code-plugins repository requirements. ## Trigger Keywords - "audit plugin" - "security review" or "security audit" - "best practices check" - "plugin quality" - "compliance check" - "plugin security" ## Audit Categories ### 1. Security Audit **Critical Checks:** - ❌ No hardcoded secrets (passwords, API keys, tokens) - ❌ No AWS keys (AKIA...) - ❌ No private keys (BEGIN PRIVATE KEY) - ❌ No dangerous commands (rm -rf /, eval(), exec()) - ❌ No command injection vectors - ❌ No suspicious URLs (IP addresses, non-HTTPS) - ❌ No obfuscated code (base64 decode, hex encoding) **Security Patterns:** ```bash # Check for hardcoded secrets grep -r "password\s*=\s*['\"]" --exclude-dir=node_modules grep -r "api_key\s*=\s*['\"]" --exclude-dir=node_modules grep -r "secret\s*=\s*['\"]" --exclude-dir=node_modules # Check for AWS keys grep -r "AKIA[0-9A-Z]{16}" --exclude=README.md # Check for private keys grep -r "BEGIN.*PRIVATE KEY" --exclude=README.md # Check for dangerous patterns grep -r "rm -rf /" | grep -v "/var/" | grep -v "/tmp/" grep -r "eval\s*\(" --exclude=README.md ``` ### 2. Best Practices Audit **Plugin Structure:** - ✅ Proper directory hierarchy - ✅ Required files present - ✅ Semantic versioning (x.y.z) - ✅ Clear, concise descriptions - ✅ Proper LICENSE file (MIT/Apache-2.0) - ✅ Comp...

Details

Author: jeremylongshore
Repository: jeremylongshore/claude-code-plugins-plus-skills
Created: 7 months ago
Last Updated: today
Language: Python
License: MIT

Integrates with

Anthropic · AI

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Listed

plugin-audit

Audit vercel-plugin performance on real-world projects. Extracts tool calls from Claude Code conversation logs, tests hook matching against actual inputs, identifies pattern coverage gaps, and checks plugin cache staleness. Use when asked to audit, test, or investigate plugin skill injection on a real project.

1 Updated 5 days ago

build-with-dhiraj

AI & Automation Solid

plugin-validator

Automatically validates Claude Code plugin structure, schemas, and compliance when user mentions validate plugin, check plugin, or plugin errors. Runs comprehensive validation specific to claude-code-plugins repository standards.

2,274 Updated today

jeremylongshore

AI & Automation Solid

plugin-audit

Comprehensive audit pipeline for skills, plugins, agents, and commands. Validates structure, quality, security, marketplace compliance, cross-platform compatibility, and ecosystem integration. Runs all built-in validation tools, invokes domain-appropriate agents for code review, and produces a pass/fail gate report. Usage: /plugin-audit <skill-path>

16,782 Updated 3 days ago

alirezarezvani

AI & Automation Solid

validate-plugin

Validate a Claude Code plugin directory against the official Anthropic spec and Intent Solutions enterprise standard. Runs structural validation (plugin.json fields, file references, permissions) and content validation (SKILL.md grading, command/agent frontmatter). Use when building a new plugin, preparing for marketplace submission, or auditing existing plugins. Trigger with "validate this plugin", "check plugin structure", "grade my plugin", "/validate-plugin".

2,274 Updated today

jeremylongshore

AI & Automation Listed

best-practices-audit

Audits and auto-fixes a project's CLAUDE.md against Anthropic best practices. Activates during ship phase — checks conciseness, enforces @import structure for detailed docs, auto-excludes bloat, identifies hook candidates, and auto-fixes structural issues. Flags content questions for developer review.

0 Updated today

Brite-Nites