claude-code-plugin-development

Enables users to create and manage distributable plugins for Claude Code, enhancing functionality with commands, agents, and skills.

Install this skill

or

39/100

Security score

The claude-code-plugin-development skill was audited on Feb 9, 2026 and we found 9 security issues across 3 threat categories, including 2 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 108

Template literal with variable interpolation in command context

SourceSKILL.md

108	Use `${CLAUDE_PLUGIN_ROOT}` for paths in hooks and MCP configs:

medium line 110

Template literal with variable interpolation in command context

SourceSKILL.md

110

```json

medium line 149

Template literal with variable interpolation in command context

SourceSKILL.md

149	"!`${CLAUDE_PLUGIN_ROOT}/scripts/my-script.sh 2>&1 \|\| true`":

medium line 157

Template literal with variable interpolation in command context

SourceSKILL.md

157

```yaml

medium line 163

Template literal with variable interpolation in command context

SourceSKILL.md

163

```bash

high line 206

Template literal with variable interpolation in command context

SourceSKILL.md

206	- [ ] All paths use `${CLAUDE_PLUGIN_ROOT}` variable

medium line 101

Access to hidden dotfiles in home directory

SourceSKILL.md

101	\| user \| `~/.claude/settings.json` \| Personal plugins (default) \|

medium line 174

Access to hidden dotfiles in home directory

SourceSKILL.md

174	The plugin may be disabled. Check `~/.claude/settings.json`:

low line 10

External URL reference

SourceSKILL.md

10	Official docs: https://code.claude.com/docs/en/plugins-reference

Scanned on Feb 9, 2026

View Security Dashboard

Installation guide →

GitHub Stars 106

Rate this skill

Categorydevelopment

UpdatedMay 21, 2026

claude-code api ml-ai-engineer backend-developer devops-sre development

majiayu000/claude-skill-registry