* Adopt validate-plugins action suite; pin all external SHAs
Replaces the hand-rolled marketplace validator and bot-based bump
workflow with the shared composite actions (pinned at f846a0b).
marketplace.json:
- 62 external entries that were missing a `sha` are now pinned to
their current upstream HEAD (resolved via git ls-remote).
Workflows:
- validate-plugins.yml: invariants I1-I11 + claude plugin validate +
diff-gated clone-at-SHA validation of changed external entries.
SHA-pin (I5) is a hard error. I8/I11 stay warnings until the 15
known data issues (vendored dirs without manifests; one dotted
name) are cleaned up.
- bump-plugin-shas.yml: bot-free weekly refresh. Validates each new
SHA with claude plugin validate before opening one PR; works with
the default GITHUB_TOKEN (contents:write + pull-requests:write).
- scan-plugins.yml: Claude policy scan of changed external entries.
Non-blocking; graceful no-op if ANTHROPIC_API_KEY isn't set.
Removed:
- validate-marketplace.yml + the two TS helper scripts (superseded
by step 11/20 of validate-plugins).
validate-frontmatter.yml is kept — it's complementary (targeted
checks on agent/skill/command files for in-repo plugins).
* Remove 5 external entries that fail validation at HEAD
Step 30 (clone at pinned SHA + claude plugin validate) fails for
these at their current HEAD:
aiven Unrecognized key "logo" in plugin.json
atlassian-forge-skills skill YAML frontmatter parse error
sagemaker-ai skill YAML frontmatter parse error
speakai no plugin manifest at repo root
stagehand no plugin manifest at repo root
These can be re-added once the upstream repos are fixed.
* Wire scan-plugins to the detailed policy prompt
Adds .github/policy/prompt.md and schema.json (the full security
review rubric — malicious code, privacy, deception, safety
circumvention, exfiltration; plus network-call and software-install
flags) and points scan-plugins at it via the policy-prompt input.
With ANTHROPIC_API_KEY now configured on the repo, scan-plugins runs
the actual policy review on changed external entries instead of
no-op'ing.
* Bump scan-plugins action pin to include L11/L12 fixes
/maker-setup now falls back to GitHub's tarball endpoint when git isn't
on PATH, instead of detouring through a package-manager git install.
curl and tar ship with macOS, Linux, and Windows 10 1803+ out of the
box, so this is zero-install on every target platform — and a CwC
attendee just needs the files once to flash a device, not git history.
- maker-setup.md: git-clone fast path, curl|tar (Unix) / curl+tar+
Rename-Item (PowerShell) fallback, normalizes the -main suffix
- m5-onboard/SKILL.md: drop git from required deps + per-OS git
bootstrap block; keep Python bootstrap
- README: git now listed as optional
Linear: CC-1975
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
🏠 Remote-Dev: homespace
* Add cwc-makers plugin: /keep-thinking Cardputer onboarding
Packages the Code-with-Claude Makers (claude.com/cwc-makers) Cardputer
experience as a one-command flow for event attendees:
- commands/keep-thinking.md: user entry point — clones
moremas/build-with-claude and runs the m5-onboard provisioning flow
- skills/m5-onboard/SKILL.md: vendored from upstream onboard/SKILL.md;
Installation section replaced with clone-location note; explicit
'relay physical button steps to user' directive added
- skills/cardputer-buddy/SKILL.md: post-onboarding app iteration
All three are user-invocable; /keep-thinking is the intended entry
point. Skill content is Apache-2.0 from the upstream repo.
Linear: CC-1975
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
🏠 Remote-Dev: homespace
* Rename /keep-thinking → /start-making
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
🏠 Remote-Dev: homespace
* Rename /start-making → /maker-setup
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
🏠 Remote-Dev: homespace
Several agent files used <example> blocks containing user: "..." /
assistant: "..." turn markers, embedded as \n-escaped strings inside
the YAML frontmatter description: field. Replace those with flat prose
trigger descriptions in description: and a 'When to invoke' section
in the agent body containing prose-bullet scenarios.
Affected files:
- 5 agent definitions:
- plugins/hookify/agents/conversation-analyzer.md
- plugins/pr-review-toolkit/agents/code-reviewer.md
- plugins/pr-review-toolkit/agents/pr-test-analyzer.md
- plugins/pr-review-toolkit/agents/type-design-analyzer.md
- plugins/pr-review-toolkit/agents/comment-analyzer.md
- 5 agent-development skill files updated to teach the new format:
- plugins/plugin-dev/skills/agent-development/SKILL.md
- .../references/triggering-examples.md
- .../references/agent-creation-system-prompt.md
- .../examples/complete-agent-examples.md
- .../examples/agent-creation-prompt.md
Routing is unaffected: each description: still names the trigger
surface in plain English.
Adobe's Creative Cloud skills for image editing, design automation,
background removal, vectorization, and retouching. Points at the
plugins/creative-cloud/adobe-for-creativity subdir of adobe/skills.
The 'Validate frontmatter' step interpolated step output directly into a
double-quoted shell string, allowing a fork PR that adds a file named
e.g. agents/$(curl ...).md to execute arbitrary commands on the runner.
- Pass the file list via env: and reference as "$FILES" so the shell
never re-evaluates the contents
- Pass PR number via env: for consistency (no ${{ }} inside run:)
- Gate the job on same-repo PRs only, since fork PRs are auto-closed by
close-external-prs.yml anyway
Impact was bounded (fork PRs get a read-only token with no secrets), but
this closes the RCE-on-runner vector entirely.
