Plugin Auditor

Automates the auditing of Claude Code plugins for security vulnerabilities and compliance with best practices and quality standards.

Install this skill

25/100

Security score

The Plugin Auditor skill was audited on Mar 3, 2026 and we found 5 security issues across 3 threat categories, including 2 critical. Review the findings below before installing.

Categories Tested

Security Issues

critical line 28

Direct command execution function call

SourceSKILL.md

28	- ❌ No dangerous commands (rm -rf /, eval(), exec())

critical line 28

Eval function call - arbitrary code execution

SourceSKILL.md

28	- ❌ No dangerous commands (rm -rf /, eval(), exec())

high line 66

Template literal with variable interpolation in command context

SourceSKILL.md

66	- ✅ Uses `${CLAUDE_PLUGIN_ROOT}` in hooks

medium line 110

Access to .env file

SourceSKILL.md

110	- ✅ No .env files

medium line 31

Base64 decode operation

SourceSKILL.md

31	- ❌ No obfuscated code (base64 decode, hex encoding)

Scanned on Mar 3, 2026

View Security Dashboard

Installation guide →

GitHub Stars 2.2K

Rate this skill

Categorydevelopment

UpdatedMay 21, 2026

claude-code backend ml-ai-engineer backend-developer devops-sre development

jeremylongshore/claude-code-plugins-plus-skills