Plugin Structure
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill functions as a pure knowledge base for plugin architecture. It contains markdown documentation and code examples intended to guide developers in creating well-structured plugins.
- [COMMAND_EXECUTION]: The skill includes documentation and examples of how to use hooks and MCP (Model Context Protocol) servers. While these examples involve executing commands (e.g., running linting scripts via bash or starting servers via node/python), they are provided as illustrative templates for legitimate development tasks (secret scanning, code validation, and CI/CD orchestration) and use portable environment variables like
${CLAUDE_PLUGIN_ROOT}. - [DATA_EXPOSURE]: Examples for manifest and MCP configurations use placeholders for sensitive information (e.g.,
${API_KEY},${GITHUB_TOKEN},${KUBECONFIG}). This is a best practice for configuration templates and does not constitute a secret leak. - [EXTERNAL_DOWNLOADS]: Example scripts reference standard developer tools such as
npx eslintandpylint. These are well-known technology tools used for code quality and do not indicate malicious external activity.
Audit Metadata