plugin-settings

The skill set describes a pattern for storing plugin-specific configuration in .claude/plugin-name.local.md files. The analysis covered 9 files, primarily documentation (SKILL.md, references/*.md) and example/utility bash scripts (examples/*.sh, scripts/*.sh).

1. SKILL.md: This is a documentation file outlining the plugin settings pattern. It contains illustrative bash snippets for parsing frontmatter and markdown bodies. No direct threats were identified within this file itself, as it serves as a guide.

2. examples/create-settings-command.md: This command definition describes how to create a settings file based on user input. It explicitly emphasizes the importance of validating user input before writing, which is a good security practice.

3. examples/example-settings.md: This file provides template examples of settings files. It is benign and contains no executable code or malicious patterns.

4. examples/read-settings-hook.sh: This bash script is a key example of how to read and apply plugin settings within a hook. It demonstrates strong defensive programming: * Command Execution & File System Access: The script uses standard shell commands (sed, grep, jq, cat, echo, exit) and accesses local files ($SETTINGS_FILE). These operations are within the expected scope of a hook. * Input Validation (CRITICAL MITIGATION): The script explicitly extracts file_path and content from tool_input (user-controlled data) and performs robust validation. It includes checks to deny access if file_path contains path traversal sequences (..), refers to sensitive files (.env, secret), or targets system paths (/etc/, /sys/). This proactive validation significantly reduces the risk of command injection or unauthorized file access. * Data Exfiltration: No attempts to exfiltrate data were detected. The script's sensitive file checks actively prevent access to such files.

5. references/memory-rules-system.md: This documentation file explains Claude Code's memory and rules system. It is informational and contains no direct threats.

6. references/parsing-techniques.md: This file provides a detailed guide to parsing settings files in bash. It includes bash snippets and highlights several security best practices: * Atomic Updates: It explicitly demonstrates and recommends using mktemp and mv for atomic file updates, which prevents file corruption and race conditions. * Input Validation: It provides examples of validating field values and numeric ranges. * Anti-patterns: It warns against common anti-patterns like unquoted variables and non-atomic updates, promoting secure coding. * Unverifiable Dependencies (LOW/INFO): It mentions yq as an alternative for complex YAML parsing and notes that it requires installation (brew install yq). This is an external dependency, but it is optional, clearly documented, and not automatically installed or executed by the skill itself. This finding is downgraded to LOW/INFO as it's an optional, well-documented external tool.

7. references/real-world-examples.md: This file provides real-world examples of plugin settings usage. It includes bash snippets that further illustrate secure practices: * tmux send-keys: The multi-agent-swarm example uses tmux send-keys -t "$COORDINATOR_SESSION" "$NOTIFICATION" Enter. While send-keys typically sends literal input, there's a theoretical, minor risk of unintended terminal interaction if COORDINATOR_SESSION or NOTIFICATION could be maliciously crafted in a user-controlled settings file. However, this is a very low-severity edge case given the context of user-managed configuration. * Prompt Handling: The ralph-wiggum example uses the markdown body of the settings file as a prompt for Claude. This is an intended feature for users to configure Claude's behavior, not a prompt injection by the skill itself. * Anti-patterns: Similar to parsing-techniques.md, it explicitly warns against several anti-patterns, reinforcing secure development.

8. scripts/parse-frontmatter.sh: This is a utility bash script for extracting frontmatter fields. It is designed for parsing and does not execute arbitrary commands based on parsed content, making it safe.

9. scripts/validate-settings.sh: This is a utility bash script for validating the structure of settings files. It performs various checks for file existence, readability, frontmatter markers, and field formats. It is a validation tool and does not introduce vulnerabilities.

Conclusion: The skill set is well-designed with a strong emphasis on security best practices for handling user-defined configuration. The examples actively demonstrate and promote secure coding, making this skill set safe for use.