create-cowork-plugin

Guides users in creating a new plugin from scratch in a Cowork session, covering all phases from discovery to packaging.

Install this skill

or

35/100

Security score

The create-cowork-plugin skill was audited on May 14, 2026 and we found 5 security issues across 1 threat category, including 4 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

medium line 127

Template literal with variable interpolation in command context

SourceSKILL.md

127

```

high line 131

Template literal with variable interpolation in command context

SourceSKILL.md

131	Use `${CLAUDE_PLUGIN_ROOT}` for all intra-plugin path references in hooks and MCP configs. Never hardcode absolute paths.

high line 228

Template literal with variable interpolation in command context

SourceSKILL.md

228	- Hooks config goes in `hooks/hooks.json`. Use `${CLAUDE_PLUGIN_ROOT}` for script paths. Prefer prompt-based hooks for complex logic.

high line 229

Template literal with variable interpolation in command context

SourceSKILL.md

229	- MCP configs go in `.mcp.json` at plugin root. Use `${CLAUDE_PLUGIN_ROOT}` for local server paths. Document required env vars in README.

high line 264

Template literal with variable interpolation in command context

SourceSKILL.md

264	- Portability: Always use `${CLAUDE_PLUGIN_ROOT}` for intra-plugin paths, never hardcoded paths.

Scanned on May 14, 2026

View Security Dashboard

Installation guide →

GitHub Stars 12.2K

Rate this skill

Categorysales

UpdatedMay 20, 2026

claude-cowork api sdr product-manager technical-pm growth-pm ux-designer sales product design

anthropics/knowledge-work-plugins