Does it support Model Context Protocol (MCP) plugins?

Yes, it includes specialized checks for MCP plugins, verifying package.json configurations, TypeScript settings, and SDK dependencies.

Can the Auditor fix issues automatically?

Yes, it has auto-fix capabilities for several common issues including script permissions (chmod +x), JSON/Markdown formatting, and version synchronization.

What security risks does the Plugin Auditor check for?

It scans for hardcoded API keys, secrets, AWS credentials, private keys, command injection vectors, and dangerous shell commands like 'rm -rf /' or obfuscated code.

How do I trigger an audit for my plugin?

You can trigger it by mentioning keywords like 'audit plugin', 'security review', 'best practices check', or 'compliance check' while Claude is focused on your project.

Claude Plugin Auditor

Name: Claude Plugin Auditor
Author: jeremylongshore

byjeremylongshore

•

883

Security & Testing

Automates security reviews and quality audits for Claude Code plugins to ensure repository compliance and production readiness.

About

The Plugin Auditor is a comprehensive diagnostic tool designed specifically for developers building and maintaining Claude Code plugins. It automatically scans plugin directories for security vulnerabilities like hardcoded secrets and command injection, verifies adherence to repository structure standards, and checks for CLAUDE.md compliance. By evaluating code quality, performance efficiency, and marketplace readiness, this skill provides a detailed quality score and actionable recommendations to help developers ship safe, high-quality AI extensions with confidence.

Key Features

Automated compliance checks for marketplace and CLAUDE.md standards
Comprehensive security scanning for secrets and dangerous commands
Detailed quality reports with prioritized severity levels and scores
Auto-fix capabilities for common issues like permissions and formatting
Best practices verification including directory structure and metadata
883 GitHub stars

Use Cases

Reviewing a new plugin for security vulnerabilities before public release
Preparing a plugin for submission to the marketplace catalog
Ensuring consistent repository standards across a large suite of plugins

About

Key Features

Automated compliance checks for marketplace and CLAUDE.md standards
Comprehensive security scanning for secrets and dangerous commands
Detailed quality reports with prioritized severity levels and scores
Auto-fix capabilities for common issues like permissions and formatting
Best practices verification including directory structure and metadata
883 GitHub stars

Use Cases

Reviewing a new plugin for security vulnerabilities before public release
Preparing a plugin for submission to the marketplace catalog
Ensuring consistent repository standards across a large suite of plugins