Can it scan remote repositories?

Yes, it can scan GitHub repositories by owner/repo name or URL before you decide to install them, allowing for safe evaluation of third-party tools.

Does it block benign code by mistake?

The skill uses context evaluation to distinguish between safe uses (such as educational vulnerability examples) and actual malicious intent (like unauthorized data access).

What file types does it analyze?

The scanner analyzes Markdown instructions, Shell scripts, JavaScript/TypeScript code, YAML/JSON configurations, and .mcp.json server settings.

When should I use this skill?

You should use it whenever you are installing a new plugin, auditing external skills, or performing a general safety check on your local project configuration.

What does the Plugin Security Scanner do?

It audits Claude Code plugins and skills for malicious code, dangerous shell commands, and deceptive instructions to ensure your development environment remains secure.

Claude Plugin Security Scanner

Name: Claude Plugin Security Scanner
Author: thkt

bythkt

•

보안 및 테스팅

Scans Claude Code plugins and skills for malicious code or deceptive instructions before installation or execution.

소개

The Scanning Plugins skill provides an essential security layer for Claude Code by auditing third-party plugins, local skills, and GitHub repositories for potential threats. It intelligently distinguishes between legitimate code use and malicious intent, such as unauthorized credential access or dangerous shell command execution. By analyzing a wide range of file formats—including Markdown instructions, shell scripts, and MCP configurations—it ensures that any custom capability added to your environment meets safety standards and protects your system from malicious actors.

주요 기능

Distinguishes between educational vulnerability examples and actual malicious intent
Scans local plugin caches and project-specific Claude configurations for vulnerabilities
Supports multi-file format scanning including JavaScript, TypeScript, Shell scripts, and Markdown
Audits remote GitHub repositories for security risks before installation
3 GitHub stars
Analyzes MCP server configurations for dangerous arguments or environment variables

사용 사례

Performing a routine safety scan of all installed skills in the local directory
Running a security check on a project's .claude configuration to ensure no hidden malicious instructions exist
Auditing a third-party Claude plugin from GitHub before adding it to your local environment

소개

주요 기능

Distinguishes between educational vulnerability examples and actual malicious intent
Scans local plugin caches and project-specific Claude configurations for vulnerabilities
Supports multi-file format scanning including JavaScript, TypeScript, Shell scripts, and Markdown
Audits remote GitHub repositories for security risks before installation
3 GitHub stars
Analyzes MCP server configurations for dangerous arguments or environment variables

사용 사례

Performing a routine safety scan of all installed skills in the local directory
Running a security check on a project's .claude configuration to ensure no hidden malicious instructions exist
Auditing a third-party Claude plugin from GitHub before adding it to your local environment