Can I scan plugins directly from GitHub?

Yes, the skill supports scanning via GitHub repository URLs or 'owner/repo' identifiers to audit code before you clone or install it.

Does this skill protect against MCP server vulnerabilities?

Yes, it specifically audits .mcp.json files to check for suspicious commands, arguments, and environment variables that could compromise your system.

How does it distinguish between security tools and actual threats?

The skill uses context evaluation to differentiate between legitimate use cases, like vulnerability examples in documentation, and actual malicious execution patterns.

What files does the Plugin Security Scanner analyze?

It scans Markdown instructions, shell scripts, JavaScript/TypeScript code, YAML/JSON configurations, and MCP server settings for potential threats.

Plugin Security Scanner

Name: Plugin Security Scanner
Author: thkt

bythkt

•

Security & Testing

Scans Claude Code plugins and skills to detect malicious code, deceptive instructions, and unauthorized credential access.

About

The Plugin Security Scanner is a critical safety tool designed to protect your development environment by auditing third-party Claude Code plugins and skills. It performs deep analysis on local directories and GitHub repositories, scanning diverse file types including shell scripts, JavaScript, and Model Context Protocol (MCP) configurations. By distinguishing between legitimate educational content and malicious execution patterns, this skill ensures that external integrations are safe to use before they are ever installed or executed.

Key Features

Deep scan of GitHub repositories and local plugin directories
Multi-format analysis of JS, TS, Shell, YAML, and Markdown files
MCP server configuration auditing for dangerous commands and env vars
Heuristic detection for deceptive instructions and malicious hooks
Context-aware evaluation to reduce false positives in security docs
3 GitHub stars

Use Cases

Auditing a third-party Claude skill from a public repository before installation
Verifying the security of locally cached plugins in the .claude directory
Identifying unauthorized credential access patterns in external skill configurations

About

Key Features

Deep scan of GitHub repositories and local plugin directories
Multi-format analysis of JS, TS, Shell, YAML, and Markdown files
MCP server configuration auditing for dangerous commands and env vars
Heuristic detection for deceptive instructions and malicious hooks
Context-aware evaluation to reduce false positives in security docs
3 GitHub stars

Use Cases

Auditing a third-party Claude skill from a public repository before installation
Verifying the security of locally cached plugins in the .claude directory
Identifying unauthorized credential access patterns in external skill configurations