mirror of https://github.com/anthropics/claude-plugins-official.git synced 2026-05-08 12:52:40 +00:00

Go to file

tobin 7eebc68699 Tighten policy scan: hook scope, telemetry, disclosure; make blocking

policy/prompt.md — adds Part 2 (hook scope and disclosure):
- Enumerate every registered hook and read its source.
- Flag has_broad_scope_hooks when UserPromptSubmit/PreToolUse/
  PostToolUse runs without a project-relevance gate, or any hook
  reads user data beyond the plugin's stated scope — regardless of
  whether it makes network calls.
- Flag has_undisclosed_telemetry when any hook or shipped code calls
  a non-MCP host without explicit disclosure + opt-out.
- Flag description_matches_behavior=false when the install
  description would not lead a reasonable user to expect the
  hooks/telemetry/data-access found.
- passes=false when any of the above trip. Violations must cite the
  specific hook/file and what the user wasn't told.

The bar is now "handles user data responsibly," not merely "isn't
malicious." A non-malicious plugin that observes more than its stated
purpose justifies will fail.

policy/schema.json — adds required hooks[], has_broad_scope_hooks,
has_undisclosed_telemetry, description_matches_behavior.

scan-plugins.yml:
- fail-on-findings: true (blocking — loosen later if FP rate too high)
- workflow_dispatch with scan_all input for full re-review of all
  external entries
- timeout-minutes: 360 (full scan of 117 entries at ~96s each ≈ 3h)
- trigger on .github/policy/** so prompt edits get scanned

2026-05-07 22:08:21 +00:00

.claude-plugin

Remove flint from marketplace (#1769 )

2026-05-07 14:01:43 -07:00

.github

Tighten policy scan: hook scope, telemetry, disclosure; make blocking

2026-05-07 22:08:21 +00:00

external_plugins

telegram: gate /start, /help, /status behind dmPolicy (#894 )

2026-04-23 12:02:34 -07:00

plugins

cwc-makers: curl+tar fallback when git is missing (#1731 )

2026-05-05 18:04:20 -07:00

.gitignore

updated readme

2025-11-20 14:26:30 -08:00

README.md

updates(staging): merge staging additions into main (#677 )

2026-03-17 02:00:28 +00:00

README.md

Claude Code Plugins Directory

A curated directory of high-quality plugins for Claude Code.

⚠️ Important: Make sure you trust a plugin before installing, updating, or using it. Anthropic does not control what MCP servers, files, or other software are included in plugins and cannot verify that they will work as intended or that they won't change. See each plugin's homepage for more information.

Structure

/plugins - Internal plugins developed and maintained by Anthropic
/external_plugins - Third-party plugins from partners and the community

Installation

Plugins can be installed directly from this marketplace via Claude Code's plugin system.

To install, run /plugin install {plugin-name}@claude-plugins-official

or browse for the plugin in /plugin > Discover

Contributing

Internal Plugins

Internal plugins are developed by Anthropic team members. See /plugins/example-plugin for a reference implementation.

External Plugins

Third-party partners can submit plugins for inclusion in the marketplace. External plugins must meet quality and security standards for approval. To submit a new plugin, use the plugin directory submission form.

Plugin Structure

Each plugin follows a standard structure:

plugin-name/
├── .claude-plugin/
│   └── plugin.json      # Plugin metadata (required)
├── .mcp.json            # MCP server configuration (optional)
├── commands/            # Slash commands (optional)
├── agents/              # Agent definitions (optional)
├── skills/              # Skill definitions (optional)
└── README.md            # Documentation

License

Please see each linked plugin for the relevant LICENSE file.

Documentation

For more information on developing Claude Code plugins, see the official documentation.

Languages

Python 31.6%

TypeScript 28.9%

HTML 19.5%

Shell 13%

JavaScript 7%