Adds the /create-docker-mcp-tunnel command, which drives the MCP tunnels
Docker Compose quickstart end to end: preflight checks, certificate
generation, proxy config, cloudflared, an optional sample FastMCP server,
and verification from Managed Agents and the Messages API.
Migrated from anthropic-experimental/mcp-tunnel-skills.
🏠 Remote-Dev: homespace
Bumps the mercadopago plugin pin from 1de8d97e to 63ff263c (latest main).
v2 replaces the mcp-launcher.sh keychain-read / npx -y mcp-remote
wrapper with a plain type:"http" MCP entry pointing at
https://mcp.mercadopago.com/mcp, and consolidates 13 skills into 4
orchestration skills. The pinned SHA also includes the May 19 fix
that gates the PreToolUse hook on project relevance so it no longer
runs on unrelated projects.
Description updated to match the partner's v2 self-description.
https://claude.ai/code/session_01KRC2Uv6UaFFdrt7sjn45yT
Co-authored-by: Claude <noreply@anthropic.com>
* Bump 26 plugin SHA pins to upstream HEAD
* Revert mercadopago SHA bump
The new upstream SHA adds a PreToolUse hook that fires on every
Bash/Edit/Write/Read in all sessions and globally blocks reading .env
files, regardless of project relevance. The policy scan flags this as
out of scope for what the plugin description advertises. Leave at the
prior pin until the upstream gates the hook on project relevance.
* Fix broken plugin source configs and bump their SHAs
Several external plugins had source configs that no longer matched the
upstream layout, so the automated SHA bump skipped them indefinitely.
Add the missing path field where the manifest moved into a subdirectory,
correct stale ref/commit metadata, and update the skills list for the
one strict:false skills-only entry.
- rc, revenuecat: upstream moved the plugin from repo root into
revenuecat/. Add path and bump SHA.
- zilliz: plugin moved from repo root into plugins/zilliz/. Add path
and bump SHA.
- sumup: plugin lives at providers/claude/plugin/ (declared by the
upstream marketplace.json) but our entry never had a path. Add it
and bump SHA.
- mintlify: pure SHA bump. Repo layout unchanged between SHAs; the
upstream remains a marketplace-style repo with no plugin.json, same
as the currently pinned SHA.
- netsuite-suitecloud (strict:false skills entry): bump SHA and add
the four new skill directories upstream added since the last pin.
- 42crunch-api-security-testing: ref said v1.0.1 but the pinned SHA
is actually v1.5.5. Correct the label; the SHA is already current.
- jfrog: commit and sha fields had drifted apart. Set both to
upstream HEAD.
Each new SHA verified to be on the upstream default branch and the
referenced manifest validated with claude plugin validate.
* Revert mintlify and netsuite-suitecloud changes
The validate-plugins check requires a plugin manifest at the pinned SHA
even for strict:false entries. Neither repo has one at any SHA, so a
SHA bump fails CI. Leave them at the existing pin until either the
upstream adds a manifest or the validator learns to honor strict:false.
* chore: modify data-agent-kit-starter-pack plugin details
Updated the description and homepage of the data-agent-kit-starter-pack plugin, and changed the SHA.
* update sha for latest commit
The ServiceNow/sdk repository's default branch is 'master' and there is
no 'main' branch. The pinned SHA (06adf37) is the current head of
'master'. Update the ref so future SHA bumps target the correct branch.
Adds the airtable marketplace entry. Sourced from Airtable/skills at
plugins/airtable, pinned to aaeb4f3e (latest main, tag 2026-05-06).
Bundles the official Airtable MCP server (mcp.airtable.com/mcp) plus
skills for the Airtable data model and filter syntax.
https://claude.ai/code/session_01Vom6RzMA4p6erqGiZxg8yE
Co-authored-by: Claude <noreply@anthropic.com>
Mercado Pago full-product integration toolkit — 13 skills, agents, and a
bundled MCP for live API data. Sourced from
mercadopago/mercadopago-claude-marketplace at plugins/mercadopago, pinned
to 1de8d97e.
Closes#1272https://claude.ai/code/session_01XCupEyAPLqxo2eHgVoWevi
Co-authored-by: Claude <noreply@anthropic.com>
CAP CDS work as one cohesive unit, split out of #1616 to keep that PR
narrowly scoped to sap-hana-cli (which is currently held on an upstream
plugin.json fix).
- Adds new sap-cds-mcp entry alongside existing cds-mcp (additive,
non-breaking — both point to cap-js/mcp-server). Pinned at 8ce2e13a.
- Adds the unified SAP SE author block to existing cds-mcp.
Per the SAP namespace policy agreed with SAP (Tobin 2026-04-29 +
Florian/Klaus/Avital 2026-05-04 email).
Metadata-only refresh per the SAP namespace policy (Florian/Klaus/Avital,
2026-05-04). No slug renames, no new entries.
- sap-mdk-server: expand author from {"name":"SAP"} to the unified
SAP SE block with ospo@sap.com.
- ui5: add unified UI5 author block (openui5@sap.com per Florian's
carve-out for the SAPUI5/OpenUI5 brand).
- ui5-typescript-conversion: same UI5 author block as ui5.
Split out of #1616 to keep that PR scoped to sap-hana-cli only.
MCP server for SAP Fiori development tools — build and modify SAP Fiori
applications with AI assistance. Pinned at d9d4ab7e (latest main of
SAP/open-ux-tools).
* Tighten policy scan: hook scope, telemetry, disclosure; make blocking
policy/prompt.md — adds Part 2 (hook scope and disclosure):
- Enumerate every registered hook and read its source.
- Flag has_broad_scope_hooks when UserPromptSubmit/PreToolUse/
PostToolUse runs without a project-relevance gate, or any hook
reads user data beyond the plugin's stated scope — regardless of
whether it makes network calls.
- Flag has_undisclosed_telemetry when any hook or shipped code calls
a non-MCP host without explicit disclosure + opt-out.
- Flag description_matches_behavior=false when the install
description would not lead a reasonable user to expect the
hooks/telemetry/data-access found.
- passes=false when any of the above trip. Violations must cite the
specific hook/file and what the user wasn't told.
The bar is now "handles user data responsibly," not merely "isn't
malicious." A non-malicious plugin that observes more than its stated
purpose justifies will fail.
policy/schema.json — adds required hooks[], has_broad_scope_hooks,
has_undisclosed_telemetry, description_matches_behavior.
scan-plugins.yml:
- fail-on-findings: true (blocking — loosen later if FP rate too high)
- workflow_dispatch with scan_all input for full re-review of all
external entries
- timeout-minutes: 360 (full scan of 117 entries at ~96s each ≈ 3h)
- trigger on .github/policy/** so prompt edits get scanned
* Bump vercel SHA to test the tightened scan against it
* Adopt validate-plugins action suite; pin all external SHAs
Replaces the hand-rolled marketplace validator and bot-based bump
workflow with the shared composite actions (pinned at f846a0b).
marketplace.json:
- 62 external entries that were missing a `sha` are now pinned to
their current upstream HEAD (resolved via git ls-remote).
Workflows:
- validate-plugins.yml: invariants I1-I11 + claude plugin validate +
diff-gated clone-at-SHA validation of changed external entries.
SHA-pin (I5) is a hard error. I8/I11 stay warnings until the 15
known data issues (vendored dirs without manifests; one dotted
name) are cleaned up.
- bump-plugin-shas.yml: bot-free weekly refresh. Validates each new
SHA with claude plugin validate before opening one PR; works with
the default GITHUB_TOKEN (contents:write + pull-requests:write).
- scan-plugins.yml: Claude policy scan of changed external entries.
Non-blocking; graceful no-op if ANTHROPIC_API_KEY isn't set.
Removed:
- validate-marketplace.yml + the two TS helper scripts (superseded
by step 11/20 of validate-plugins).
validate-frontmatter.yml is kept — it's complementary (targeted
checks on agent/skill/command files for in-repo plugins).
* Remove 5 external entries that fail validation at HEAD
Step 30 (clone at pinned SHA + claude plugin validate) fails for
these at their current HEAD:
aiven Unrecognized key "logo" in plugin.json
atlassian-forge-skills skill YAML frontmatter parse error
sagemaker-ai skill YAML frontmatter parse error
speakai no plugin manifest at repo root
stagehand no plugin manifest at repo root
These can be re-added once the upstream repos are fixed.
* Wire scan-plugins to the detailed policy prompt
Adds .github/policy/prompt.md and schema.json (the full security
review rubric — malicious code, privacy, deception, safety
circumvention, exfiltration; plus network-call and software-install
flags) and points scan-plugins at it via the policy-prompt input.
With ANTHROPIC_API_KEY now configured on the repo, scan-plugins runs
the actual policy review on changed external entries instead of
no-op'ing.
* Bump scan-plugins action pin to include L11/L12 fixes
