Does it provide any automated fixes?

The skill can automatically resolve minor issues like script permissions (chmod +x), JSON/Markdown formatting, and version synchronization problems.

How do I trigger an audit for my plugin?

You can activate the auditor by asking Claude to 'audit plugin', 'run security review', or 'check best practices' within your plugin directory.

Does it support Model Context Protocol (MCP) plugins?

Yes, it includes specific checks for MCP-based plugins, including package.json dependencies, TypeScript configuration, and proper mcp/*.json settings.

Can this skill help with Claude Marketplace submissions?

Yes, it validates plugin.json schemas, marketplace catalog entries, and repository structures to ensure they meet the official marketplace requirements.

What specific security risks does the Plugin Auditor check for?

It scans for hardcoded secrets, API tokens, AWS keys, private keys, dangerous shell commands (like rm -rf /), command injection vectors, and unencrypted URLs.

Claude Plugin Auditor

Name: Claude Plugin Auditor
Author: intent-solutions-io

byintent-solutions-io

0•

Security & Testing

Automates security, compliance, and quality audits for Claude Code plugins to ensure they meet production standards.

The Claude Plugin Auditor is a specialized skill designed to maintain high standards across the Claude Code ecosystem. It performs rigorous scans for security vulnerabilities such as hardcoded secrets and dangerous shell commands, while simultaneously enforcing best practices and CLAUDE.md compliance. By validating repository structures, marketplace metadata, and documentation completeness, this skill provides developers with a clear quality score and actionable recommendations to ensure their plugins are secure, performant, and ready for distribution.

Key Features

010 GitHub stars

02Comprehensive security scanning for secrets, AWS keys, and command injection

03Automatic fixing of script permissions, formatting, and versioning sync issues

04Detailed audit reporting with severity-coded warnings and performance scores

05Automated CLAUDE.md and marketplace schema compliance verification

06Best practices auditing for code quality, directory structure, and documentation

Use Cases

01Performing a final security review before publishing a plugin to the marketplace

02Ensuring internal development projects follow standardized Claude Code repository structures

03Automating quality assurance checks during the plugin development lifecycle

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add intent-solutions-io/plugins-nixtla plugin-auditor

For use in Claude.ai and ChatGPT

Download Skill