Does it remember previous scans?

Yes, the skill computes a unique hash for each plugin version and saves the results locally to avoid re-scanning plugins that haven't changed.

How does this skill scan plugins?

It identifies enabled plugins in your Claude settings, locates their source code in the local cache, and launches parallel subagents to analyze the code for specific security risks.

What types of vulnerabilities does it detect?

It searches for command injection risks, data exfiltration attempts, file system abuse, privilege escalation, obfuscated code, hook abuse, and sandbox bypasses.

Can I scan local plugins I am developing?

Yes. If a plugin is not found in the official cache, the skill will ask you for the directory path to perform a manual security review.

What should I do if a critical issue is found?

The skill provides recommended actions, typically suggesting you disable the plugin immediately and report the findings to the marketplace maintainer.

Plugin Security Auditor

Name: Plugin Security Auditor
Author: hibukki

byhibukki

•

セキュリティとテスト

Audits and scans installed Claude Code plugins for security vulnerabilities, malicious code, and privacy risks using parallel subagents.

概要

This skill provides a comprehensive security framework for Claude Code environments by systematically scanning enabled plugins for common threats. It automatically detects installed plugins, launches specialized subagents to analyze source code for command injection, data exfiltration, and sandbox bypasses, and generates actionable reports with severity ratings. By persisting review results and proactively suggesting scans for new installations, it helps developers maintain a secure local environment while leveraging the power of third-party extensions.

主な機能

Persistent review caching to prevent redundant scans of verified code
Automated discovery of enabled plugins from system settings
1 GitHub stars
Detection of command injection, data leaks, and file system abuse
Parallel subagent scanning for rapid security analysis
Detailed reporting with severity levels and recommended actions

ユースケース

Auditing third-party plugins before enabling them in a sensitive development environment
Identifying malicious code or hidden hooks in newly downloaded marketplace plugins
Automating security compliance checks for a custom suite of Claude Code extensions

概要

主な機能

Persistent review caching to prevent redundant scans of verified code
Automated discovery of enabled plugins from system settings
1 GitHub stars
Detection of command injection, data leaks, and file system abuse
Parallel subagent scanning for rapid security analysis
Detailed reporting with severity levels and recommended actions

ユースケース

Auditing third-party plugins before enabling them in a sensitive development environment
Identifying malicious code or hidden hooks in newly downloaded marketplace plugins
Automating security compliance checks for a custom suite of Claude Code extensions