Remove versori-skills from marketplace

Remove broken autofix-bot marketplace entry (#1047 )
The entry's source points to ./external_plugins/autofix-bot, which has never existed in this repository.
2026-05-08 04:44:11 +00:00 · 2026-05-07 15:07:10 -05:00 · 2026-05-07 12:41:03 -07:00 · 2026-05-07 12:40:59 -07:00 · 2026-05-07 15:39:28 -04:00 · 2026-05-07 19:30:08 +00:00
2 changed files with 3 additions and 87 deletions
--- a/.claude-plugin/marketplace.json
+++ b/.claude-plugin/marketplace.json
@@ -39,17 +39,6 @@
      },
      "homepage": "https://github.com/adobe/skills/tree/main/plugins/creative-cloud/adobe-for-creativity"
    },
-    {
-      "name": "adspirer-ads-agent",
-      "description": "Cross-platform ad management for Google Ads, Meta Ads, TikTok Ads, and LinkedIn Ads. 91 tools for keyword research, campaign creation, performance analysis, and budget optimization.",
-      "category": "productivity",
-      "source": {
-        "source": "url",
-        "url": "https://github.com/amekala/adspirer-mcp-plugin.git",
-        "sha": "c40623f1aa7b568e960d3f2e2558a6fcf10e6c18"
-      },
-      "homepage": "https://www.adspirer.com"
-    },
    {
      "name": "agent-sdk-dev",
      "description": "Development kit for working with the Claude Agent SDK",
@@ -216,16 +205,6 @@
      },
      "homepage": "https://auth0.com/docs/quickstart/agent-skills"
    },
-    {
-      "name": "autofix-bot",
-      "description": "Code review agent that detects security vulnerabilities, code quality issues, and hardcoded secrets. Combines 5,000+ static analyzers to scan your code and dependencies for CVEs.",
-      "author": {
-        "name": "DeepSource Corp"
-      },
-      "category": "security",
-      "source": "./external_plugins/autofix-bot",
-      "homepage": "https://github.com/anthropics/claude-plugins-public/tree/main/external_plugins/autofix-bot"
-    },
    {
      "name": "aws-agents",
      "description": "Build, deploy, and operate AI agents on AWS. Skills for scaffolding agents with Amazon Bedrock AgentCore, connecting tools, memory, policies, evaluation, debugging, and production hardening.",
@@ -1937,57 +1916,8 @@
      "source": {
        "source": "url",
        "url": "https://github.com/twilio/ai.git",
-        "sha": "137c4679855d31115a8509b93a3887b8bb317da9"
+        "sha": "0713fb1f40b5e871cad4c1c99f603c812431692a"
      },
-      "strict": false,
-      "skills": [
-        "./skills/sendgrid/twilio-sendgrid-account-setup",
-        "./skills/sendgrid/twilio-sendgrid-deliverability-advisor",
-        "./skills/sendgrid/twilio-sendgrid-email-send",
-        "./skills/sendgrid/twilio-sendgrid-email-settings",
-        "./skills/sendgrid/twilio-sendgrid-engagement-quality",
-        "./skills/sendgrid/twilio-sendgrid-inbound-parse",
-        "./skills/sendgrid/twilio-sendgrid-suppressions",
-        "./skills/sendgrid/twilio-sendgrid-webhooks",
-        "./skills/twilio/twilio-account-setup",
-        "./skills/twilio/twilio-call-recordings",
-        "./skills/twilio/twilio-cli-reference",
-        "./skills/twilio/twilio-compliance-onboarding",
-        "./skills/twilio/twilio-compliance-traffic",
-        "./skills/twilio/twilio-conference-calls",
-        "./skills/twilio/twilio-content-template-builder",
-        "./skills/twilio/twilio-conversations-classic-api",
-        "./skills/twilio/twilio-debugging-observability",
-        "./skills/twilio/twilio-email-deliverability-advisor",
-        "./skills/twilio/twilio-iam-auth-setup",
-        "./skills/twilio/twilio-identity-verification-advisor",
-        "./skills/twilio/twilio-lookup-phone-intelligence",
-        "./skills/twilio/twilio-marketing-promotions-advisor",
-        "./skills/twilio/twilio-messaging-channel-advisor",
-        "./skills/twilio/twilio-messaging-overview",
-        "./skills/twilio/twilio-messaging-services",
-        "./skills/twilio/twilio-messaging-webhooks",
-        "./skills/twilio/twilio-notifications-alerts-advisor",
-        "./skills/twilio/twilio-numbers-senders",
-        "./skills/twilio/twilio-organizations-setup",
-        "./skills/twilio/twilio-rcs-messaging",
-        "./skills/twilio/twilio-regulatory-compliance-bundles",
-        "./skills/twilio/twilio-reliability-patterns",
-        "./skills/twilio/twilio-security-api-auth",
-        "./skills/twilio/twilio-security-compliance-hipaa",
-        "./skills/twilio/twilio-security-hardening",
-        "./skills/twilio/twilio-send-message",
-        "./skills/twilio/twilio-sms-isv-setup",
-        "./skills/twilio/twilio-sms-send-message",
-        "./skills/twilio/twilio-taskrouter-routing",
-        "./skills/twilio/twilio-verify-send-otp",
-        "./skills/twilio/twilio-voice-conversation-relay",
-        "./skills/twilio/twilio-voice-outbound-calls",
-        "./skills/twilio/twilio-voice-twiml",
-        "./skills/twilio/twilio-webhook-architecture",
-        "./skills/twilio/twilio-whatsapp-manage-senders",
-        "./skills/twilio/twilio-whatsapp-send-message"
-      ],
      "homepage": "https://www.twilio.com"
    },
    {
@@ -2071,20 +2001,6 @@
      },
      "homepage": "https://github.com/vercel/vercel-plugin"
    },
-    {
-      "name": "versori-skills",
-      "description": "Skills for building data integrations using the Versori platform and versori-run SDK. Claude can bootstrap projects, configure systems and connections, generate type-safe TypeScript workflows, run local validation via Deno, and deploy to production — with a research-first approach that grounds code generation in gathered API documentation.",
-      "author": {
-        "name": "Versori"
-      },
-      "category": "development",
-      "source": {
-        "source": "url",
-        "url": "https://github.com/versori/cli.git",
-        "sha": "134cf334c3065509eee39a5361fd0bcf969dc867"
-      },
-      "homepage": "https://docs.versori.com/latest/ai-tooling/overview"
-    },
    {
      "name": "windsor-ai",
      "description": "Connect Claude Code to 325+ business data sources via Windsor.ai. Query marketing, sales, CRM, ecommerce, finance, and analytics data from Google Ads, Meta, HubSpot, Salesforce, Shopify, Stripe, and hundreds more — directly from your terminal.",
@@ -2143,7 +2059,7 @@
        "url": "https://github.com/zapier/zapier-mcp.git",
        "path": "plugins/zapier",
        "ref": "main",
-        "sha": "76c4669321847c8f72a6e0462c17f29fd437519a"
+        "sha": "f34a7854febed415c9ef766eec1c66529ef0668e"
      },
      "homepage": "https://github.com/zapier/zapier-mcp/tree/main/plugins/zapier"
    },
--- a/.github/workflows/validate-frontmatter.yml
+++ b/.github/workflows/validate-frontmatter.yml
@@ -17,7 +17,7 @@ jobs:
    steps:
      - uses: actions/checkout@v4

-      - uses: oven-sh/setup-bun@v2
+      - uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0 (sha-pinned)

      - name: Install dependencies
        run: cd .github/scripts && bun install yaml
Author	SHA1	Message	Date
Bryan Thompson	2c2066bbf5	Remove versori-skills from marketplace	2026-05-07 15:07:10 -05:00
Dickson Tsai	f71a8fabde	Remove broken autofix-bot marketplace entry (#1047 ) The entry's source points to ./external_plugins/autofix-bot, which has never existed in this repository.	2026-05-07 12:41:03 -07:00
Tobin South	d26df37553	Remove adspirer-ads-agent from marketplace (#1716 )	2026-05-07 12:40:59 -07:00
Joe Portner	ec1bcc3a6e	Merge pull request #1712 from anthropics/devsec/pin-actions Pin GitHub Actions to commit SHAs	2026-05-07 15:39:28 -04:00
jportner	693d467cb3	Pin GitHub Actions to commit SHAs	2026-05-07 19:30:08 +00:00
Tobin South	95cc50d132	Adopt validate-plugins action suite; pin all external SHAs (#1762 ) * Adopt validate-plugins action suite; pin all external SHAs Replaces the hand-rolled marketplace validator and bot-based bump workflow with the shared composite actions (pinned at f846a0b). marketplace.json: - 62 external entries that were missing a `sha` are now pinned to their current upstream HEAD (resolved via git ls-remote). Workflows: - validate-plugins.yml: invariants I1-I11 + claude plugin validate + diff-gated clone-at-SHA validation of changed external entries. SHA-pin (I5) is a hard error. I8/I11 stay warnings until the 15 known data issues (vendored dirs without manifests; one dotted name) are cleaned up. - bump-plugin-shas.yml: bot-free weekly refresh. Validates each new SHA with claude plugin validate before opening one PR; works with the default GITHUB_TOKEN (contents:write + pull-requests:write). - scan-plugins.yml: Claude policy scan of changed external entries. Non-blocking; graceful no-op if ANTHROPIC_API_KEY isn't set. Removed: - validate-marketplace.yml + the two TS helper scripts (superseded by step 11/20 of validate-plugins). validate-frontmatter.yml is kept — it's complementary (targeted checks on agent/skill/command files for in-repo plugins). * Remove 5 external entries that fail validation at HEAD Step 30 (clone at pinned SHA + claude plugin validate) fails for these at their current HEAD: aiven Unrecognized key "logo" in plugin.json atlassian-forge-skills skill YAML frontmatter parse error sagemaker-ai skill YAML frontmatter parse error speakai no plugin manifest at repo root stagehand no plugin manifest at repo root These can be re-added once the upstream repos are fixed. * Wire scan-plugins to the detailed policy prompt Adds .github/policy/prompt.md and schema.json (the full security review rubric — malicious code, privacy, deception, safety circumvention, exfiltration; plus network-call and software-install flags) and points scan-plugins at it via the policy-prompt input. With ANTHROPIC_API_KEY now configured on the repo, scan-plugins runs the actual policy review on changed external entries instead of no-op'ing. * Bump scan-plugins action pin to include L11/L12 fixes	2026-05-07 14:18:52 -05:00
Bryan Thompson	c51f5c1513	Bump zapier plugin SHA to f34a785 (#1753 )	2026-05-07 19:53:08 +01:00
Bryan Thompson	9e1dad648d	Update twilio-developer-kit plugin — refresh SHA, simplify entry (#1757 ) approved	2026-05-07 19:52:44 +01:00