Make Scan Plugins a viable required check; auto-dispatch on bump PRs

Scan Plugins is meant to gate every change to marketplace.json, but two
gaps made that unenforceable:

1. The bump workflow opens PRs with GITHUB_TOKEN, which GitHub exempts
   from on:pull_request triggers. Weekly bump PRs (e.g. #1809) get no
   scan check at all.
2. The workflow had a paths filter, so a required-check ruleset for
   `scan` would block every PR that doesn't touch marketplace.json
   (no check run = pending forever).

Fixes:

scan-plugins.yml
- Drop the paths filter; replace with a step-level `git diff --quiet`
  early-exit on the same paths. The check now reports on every PR,
  which makes it safe to require.
- Fail closed when ANTHROPIC_API_KEY is unset and a scan is needed.
  The shared action no-ops gracefully in that case (right default for
  community repos), but a required check that silently does nothing is
  a rubber stamp.

bump-plugin-shas.yml
- After the action opens the bump PR, `gh workflow run scan-plugins.yml
  --ref bump/plugin-shas`. workflow_dispatch is exempt from the
  GITHUB_TOKEN recursion guard, and the resulting check run lands on
  the branch HEAD (= PR head), so it satisfies the required check.
- Add `actions: write` so the dispatch is allowed.

Follow-up: add a repo ruleset on main requiring the `scan` check
(integration: github-actions) once this merges.

.claude-plugin/marketplace.json

@@ -19,7 +19,7 @@
         "url": "https://github.com/42Crunch-AI/claude-plugins.git",
         "path": "plugins/api-security-testing",
         "ref": "v1.0.1",
-        "sha": "69534e359680de7e3c40f39aadb343ce3cb53701"
+        "sha": "56273e0e20762d76640838300a7431c4260cad32"
       },
       "homepage": "https://42crunch.com"
     },
@@ -35,7 +35,7 @@
         "url": "https://github.com/adobe/skills.git",
         "path": "plugins/creative-cloud/adobe-for-creativity",
         "ref": "main",
-        "sha": "7cc6b49b8e2e2681314f59ea1026122330362aa7"
+        "sha": "0f1ad97af8b4de2107c2417184fc4c3114bda9d3"
       },
       "homepage": "https://github.com/adobe/skills/tree/main/plugins/creative-cloud/adobe-for-creativity"
     },
@@ -57,7 +57,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/SalesforceAIResearch/agentforce-adlc.git",
-        "sha": "d645d2c8ce0689a568224436061872ab9f0ab179"
+        "sha": "9ef4d9b1958d4ed21179017d0452a81ec13c1de2"
       },
       "homepage": "https://github.com/SalesforceAIResearch/agentforce-adlc"
     },
@@ -81,22 +81,6 @@
       },
       "homepage": "https://github.com/AikidoSec/aikido-claude-plugin"
     },
-    {
-      "name": "airtable",
-      "description": "Airtable is the database and operations layer for your agents — whether running product, marketing, sales, ops, HR, or a custom business app. It combines structured data with multiplayer visual surfaces (grid, kanban, calendar, gallery, timeline) humans and agents share — plus sync integrations to Jira, Salesforce, Zendesk, Google Drive, Databricks, and the rest of your stack, all backed by enterprise governance. This plugin makes Claude fluent in Airtable: creating bases and schema, working with records, and sharing UI for collaboration. Bundles the official Airtable MCP server.",
-      "author": {
-        "name": "Airtable"
-      },
-      "category": "productivity",
-      "source": {
-        "source": "git-subdir",
-        "url": "https://github.com/Airtable/skills.git",
-        "path": "plugins/airtable",
-        "ref": "main",
-        "sha": "aaeb4f3ec8d462d694a13fe5c3d249c291bf8899"
-      },
-      "homepage": "https://www.airtable.com"
-    },
     {
       "name": "alloydb",
       "description": "Create, connect, and interact with an AlloyDB for PostgreSQL database and data.",
@@ -107,7 +91,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/gemini-cli-extensions/alloydb.git",
-        "sha": "4a75653275b095fcacf1508796b0fee8cc758c07"
+        "sha": "0723d3ada808fe8f33e1b2808fd7a843c3d63ad2"
       },
       "homepage": "https://cloud.google.com/alloydb"
     },
@@ -120,7 +104,7 @@
         "url": "https://github.com/awslabs/agent-plugins.git",
         "path": "plugins/amazon-location-service",
         "ref": "main",
-        "sha": "08bbd67c02fbbbcc84673efedad62c89c9865e3f"
+        "sha": "6cfb70e55aa142a8eda66e6ef7966d5921bdf9a2"
       },
       "homepage": "https://github.com/awslabs/agent-plugins"
     },
@@ -165,7 +149,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/astronomer/agents.git",
-        "sha": "535a040ca9e27aaed6da13f0f959625fb3294820"
+        "sha": "5935c4330dea4dfb8e93568956b10a543ecdb3d1"
       },
       "homepage": "https://github.com/astronomer/agents"
     },
@@ -175,7 +159,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/atlanhq/agent-toolkit.git",
-        "sha": "790398c87378f128bdc74c31bb7ecfb8e4695f29"
+        "sha": "acdf284da6aa98b14f8dad90a9827006d8df425c"
       },
       "homepage": "https://docs.atlan.com/"
     },
@@ -217,7 +201,7 @@
         "url": "https://github.com/auth0/agent-skills.git",
         "path": "plugins/auth0",
         "ref": "main",
-        "sha": "010dd3bf860404708c3dc5fe8e1a50df1f914e3c"
+        "sha": "f7724bf7984c5b00496cac0f54526bb1cf505dcb"
       },
       "homepage": "https://auth0.com/docs/quickstart/agent-skills"
     },
@@ -233,7 +217,7 @@
         "url": "https://github.com/aws/agent-toolkit-for-aws.git",
         "path": "plugins/aws-agents",
         "ref": "main",
-        "sha": "01fdfa8d13ca898a210d638c43a3062657056733"
+        "sha": "750230758fbf23acd60d075dedd7ead4092127ce"
       },
       "homepage": "https://github.com/aws/agent-toolkit-for-aws"
     },
@@ -246,7 +230,7 @@
         "url": "https://github.com/awslabs/agent-plugins.git",
         "path": "plugins/aws-amplify",
         "ref": "main",
-        "sha": "08bbd67c02fbbbcc84673efedad62c89c9865e3f"
+        "sha": "6cfb70e55aa142a8eda66e6ef7966d5921bdf9a2"
       },
       "homepage": "https://github.com/awslabs/agent-plugins"
     },
@@ -262,7 +246,7 @@
         "url": "https://github.com/aws/agent-toolkit-for-aws.git",
         "path": "plugins/aws-core",
         "ref": "main",
-        "sha": "01fdfa8d13ca898a210d638c43a3062657056733"
+        "sha": "750230758fbf23acd60d075dedd7ead4092127ce"
       },
       "homepage": "https://github.com/aws/agent-toolkit-for-aws"
     },
@@ -278,7 +262,7 @@
         "url": "https://github.com/aws/agent-toolkit-for-aws.git",
         "path": "plugins/aws-data-analytics",
         "ref": "main",
-        "sha": "01fdfa8d13ca898a210d638c43a3062657056733"
+        "sha": "750230758fbf23acd60d075dedd7ead4092127ce"
       },
       "homepage": "https://github.com/aws/agent-toolkit-for-aws"
     },
@@ -307,7 +291,7 @@
         "url": "https://github.com/awslabs/agent-plugins.git",
         "path": "plugins/aws-serverless",
         "ref": "main",
-        "sha": "08bbd67c02fbbbcc84673efedad62c89c9865e3f"
+        "sha": "6cfb70e55aa142a8eda66e6ef7966d5921bdf9a2"
       },
       "homepage": "https://github.com/awslabs/agent-plugins"
     },
@@ -318,7 +302,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/microsoft/azure-skills.git",
-        "sha": "2fc301fe5ab66ede17d2d738da8398e077e900d9"
+        "sha": "ed25b85a13ec001c53f538b07e0bfbe732673885"
       },
       "homepage": "https://github.com/microsoft/azure-skills"
     },
@@ -340,7 +324,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/base44/skills.git",
-        "sha": "ec420cf2edd2c7e9a523d5afe2e71498a6357fa4"
+        "sha": "c7039b37eca0e2916a565a7395040c00055bcf8b"
       },
       "homepage": "https://docs.base44.com"
     },
@@ -356,7 +340,7 @@
         "url": "https://github.com/Bigdata-com/bigdata-plugins-marketplace.git",
         "path": "plugins/bigdata-com",
         "ref": "main",
-        "sha": "c77a09caabdc8783adbcbf8bbe05a0f57da12b19"
+        "sha": "274b5365bdc61130225de736d3f3ca5210c0e37d"
       },
       "homepage": "https://docs.bigdata.com"
     },
@@ -367,7 +351,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/box/box-for-ai.git",
-        "sha": "16f1a0427710b0812519ea634cd5ce6830bde8fc"
+        "sha": "0fb23244e3c35cd562206c80eff1e22c456046ea"
       },
       "homepage": "https://github.com/box/box-for-ai"
     },
@@ -377,7 +361,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/brightdata/skills.git",
-        "sha": "d357bf7bc3a2cd39eb3ef66491e3a40f91a055fb"
+        "sha": "44b24797d82cfd535c5b97831d5c6ba86c9d60df"
       },
       "homepage": "https://docs.brightdata.com"
     },
@@ -393,7 +377,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/cap-js/mcp-server.git",
-        "sha": "8ce2e13ac70bd78415aedeaab0061af9396d3372"
+        "sha": "4d59d7070a52761a9b8028cbe710c8d7477cbc92"
       },
       "homepage": "https://cap.cloud.sap/"
     },
@@ -404,7 +388,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/ChromeDevTools/chrome-devtools-mcp.git",
-        "sha": "178b79049318a63d1df1bd40e069f0627fa06fcc"
+        "sha": "a1612be8e01401cf1711c64bc2ef5da5763ba956"
       },
       "homepage": "https://github.com/ChromeDevTools/chrome-devtools-mcp"
     },