claude-code-test-plugin
Validates plugin functionality through a comprehensive test suite, ensuring all hooks and commands operate correctly.
Install this skill
Security score
The claude-code-test-plugin skill was audited on Feb 9, 2026 and we found 33 security issues across 2 threat categories, including 7 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 23 | !`echo "=== Bluera Base Plugin Test ===" && echo "Hooks: $(ls "${CLAUDE_PLUGIN_ROOT:-$(pwd)}/hooks/"*.sh 2>/dev/null | wc -l | tr -d ' ') files" && echo "Skills: $(ls -d "${CLAUDE_PLUGIN_ROOT:-$(pwd)} |
Template literal with variable interpolation in command context
| 56 | ```bash |
Template literal with variable interpolation in command context
| 66 | ```bash |
Template literal with variable interpolation in command context
| 87 | ```bash |
Template literal with variable interpolation in command context
| 98 | ```bash |
Template literal with variable interpolation in command context
| 109 | ```bash |
Template literal with variable interpolation in command context
| 121 | ```bash |
Template literal with variable interpolation in command context
| 134 | ```bash |
Template literal with variable interpolation in command context
| 150 | ```bash |
Template literal with variable interpolation in command context
| 168 | ```bash |
Template literal with variable interpolation in command context
| 181 | ```bash |
Template literal with variable interpolation in command context
| 198 | ```bash |
Template literal with variable interpolation in command context
| 229 | ```bash |
Template literal with variable interpolation in command context
| 253 | ```bash |
Template literal with variable interpolation in command context
| 273 | ```bash |
Template literal with variable interpolation in command context
| 283 | ```bash |
Template literal with variable interpolation in command context
| 293 | ```bash |
Template literal with variable interpolation in command context
| 305 | ```bash |
Template literal with variable interpolation in command context
| 318 | ```bash |
Template literal with variable interpolation in command context
| 333 | ```bash |
Template literal with variable interpolation in command context
| 423 | ```bash |
Template literal with variable interpolation in command context
| 435 | ```bash |
Template literal with variable interpolation in command context
| 446 | ```bash |
Template literal with variable interpolation in command context
| 457 | ```bash |
Template literal with variable interpolation in command context
| 469 | ```bash |
Template literal with variable interpolation in command context
| 480 | ```bash |
Piping content to bash shell
| 89 | echo '{"tool_input": {"command": "npm version patch"}}' | bash "$PLUGIN_PATH/hooks/block-manual-release.sh" 2>&1 |
Piping content to bash shell
| 100 | echo '{"tool_input": {"command": "git tag v1.0.0"}}' | bash "$PLUGIN_PATH/hooks/block-manual-release.sh" 2>&1 |
Piping content to bash shell
| 111 | echo '{"tool_input": {"command": "__SKILL__=release npm version patch"}}' | bash "$PLUGIN_PATH/hooks/block-manual-release.sh" |
Piping content to bash shell
| 123 | echo '{"tool_input": {"command": "npm install express"}}' | bash "$PLUGIN_PATH/hooks/block-manual-release.sh" |
Piping content to bash shell
| 172 | echo '{"transcript_path": "/tmp/test.jsonl"}' | bash "$PLUGIN_PATH/hooks/milhouse-stop.sh" 2>&1 |
Piping content to bash shell
| 186 | echo '{"transcript_path": "/tmp/test.jsonl"}' | bash "$PLUGIN_PATH/hooks/milhouse-stop.sh" 2>&1 |
Access to hidden dotfiles in home directory
| 17 | | `/clean` | **DANGEROUS** - Modifies `~/.claude` which is Claude Code's own brain. Can wipe plugin caches, break running sessions, and corrupt config. DO NOT RUN AUTOMATICALLY. | |