claude-plugins
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The scripts
create-marketplace.shandscaffold-plugin.shexecute standard shell commands to manage local files and directories. They use input validation to ensure plugin and marketplace names adhere to safe formats (kebab-case). - [EXTERNAL_DOWNLOADS] (SAFE): While the scripts and documentation reference external tools like
jq,git, and themcpPython library, these are standard industry tools or official libraries from trusted sources (Anthropic). No unauthorized or obfuscated downloads are performed. - [DATA_EXFILTRATION] (SAFE): The skill does not access sensitive user files or environment variables for the purpose of external transmission. Git configuration is read locally only to populate author metadata in scaffolded projects.
- [REMOTE_CODE_EXECUTION] (SAFE): No remote code execution patterns, such as piping network content directly to a shell, were found. The skill focuses on local project scaffolding and documentation.
Audit Metadata