Scan Plugins is meant to gate every change to marketplace.json, but two
gaps made that unenforceable:
1. The bump workflow opens PRs with GITHUB_TOKEN, which GitHub exempts
from on:pull_request triggers. Weekly bump PRs (e.g. #1809) get no
scan check at all.
2. The workflow had a paths filter, so a required-check ruleset for
`scan` would block every PR that doesn't touch marketplace.json
(no check run = pending forever).
Fixes:
scan-plugins.yml
- Drop the paths filter; replace with a step-level `git diff --quiet`
early-exit on the same paths. The check now reports on every PR,
which makes it safe to require.
- Fail closed when ANTHROPIC_API_KEY is unset and a scan is needed.
The shared action no-ops gracefully in that case (right default for
community repos), but a required check that silently does nothing is
a rubber stamp.
bump-plugin-shas.yml
- After the action opens the bump PR, `gh workflow run scan-plugins.yml
--ref bump/plugin-shas`. workflow_dispatch is exempt from the
GITHUB_TOKEN recursion guard, and the resulting check run lands on
the branch HEAD (= PR head), so it satisfies the required check.
- Add `actions: write` so the dispatch is allowed.
Follow-up: add a repo ruleset on main requiring the `scan` check
(integration: github-actions) once this merges.
Adds the airtable marketplace entry. Sourced from Airtable/skills at
plugins/airtable, pinned to aaeb4f3e (latest main, tag 2026-05-06).
Bundles the official Airtable MCP server (mcp.airtable.com/mcp) plus
skills for the Airtable data model and filter syntax.
https://claude.ai/code/session_01Vom6RzMA4p6erqGiZxg8yE
Co-authored-by: Claude <noreply@anthropic.com>
The pinned version of anthropics/claude-plugins-community's
bump-plugin-shas action creates the bump commit with a local git commit,
which is unsigned and unmergeable under the required_signatures ruleset
on main. The new SHA creates the commit via the GraphQL
createCommitOnBranch mutation, which GitHub signs server-side, so weekly
bump PRs (e.g. #1809) become mergeable.
Mercado Pago full-product integration toolkit — 13 skills, agents, and a
bundled MCP for live API data. Sourced from
mercadopago/mercadopago-claude-marketplace at plugins/mercadopago, pinned
to 1de8d97e.
Closes#1272https://claude.ai/code/session_01XCupEyAPLqxo2eHgVoWevi
Co-authored-by: Claude <noreply@anthropic.com>
CAP CDS work as one cohesive unit, split out of #1616 to keep that PR
narrowly scoped to sap-hana-cli (which is currently held on an upstream
plugin.json fix).
- Adds new sap-cds-mcp entry alongside existing cds-mcp (additive,
non-breaking — both point to cap-js/mcp-server). Pinned at 8ce2e13a.
- Adds the unified SAP SE author block to existing cds-mcp.
Per the SAP namespace policy agreed with SAP (Tobin 2026-04-29 +
Florian/Klaus/Avital 2026-05-04 email).
Metadata-only refresh per the SAP namespace policy (Florian/Klaus/Avital,
2026-05-04). No slug renames, no new entries.
- sap-mdk-server: expand author from {"name":"SAP"} to the unified
SAP SE block with ospo@sap.com.
- ui5: add unified UI5 author block (openui5@sap.com per Florian's
carve-out for the SAPUI5/OpenUI5 brand).
- ui5-typescript-conversion: same UI5 author block as ui5.
Split out of #1616 to keep that PR scoped to sap-hana-cli only.
MCP server for SAP Fiori development tools — build and modify SAP Fiori
applications with AI assistance. Pinned at d9d4ab7e (latest main of
SAP/open-ux-tools).
* Tighten policy scan: hook scope, telemetry, disclosure; make blocking
policy/prompt.md — adds Part 2 (hook scope and disclosure):
- Enumerate every registered hook and read its source.
- Flag has_broad_scope_hooks when UserPromptSubmit/PreToolUse/
PostToolUse runs without a project-relevance gate, or any hook
reads user data beyond the plugin's stated scope — regardless of
whether it makes network calls.
- Flag has_undisclosed_telemetry when any hook or shipped code calls
a non-MCP host without explicit disclosure + opt-out.
- Flag description_matches_behavior=false when the install
description would not lead a reasonable user to expect the
hooks/telemetry/data-access found.
- passes=false when any of the above trip. Violations must cite the
specific hook/file and what the user wasn't told.
The bar is now "handles user data responsibly," not merely "isn't
malicious." A non-malicious plugin that observes more than its stated
purpose justifies will fail.
policy/schema.json — adds required hooks[], has_broad_scope_hooks,
has_undisclosed_telemetry, description_matches_behavior.
scan-plugins.yml:
- fail-on-findings: true (blocking — loosen later if FP rate too high)
- workflow_dispatch with scan_all input for full re-review of all
external entries
- timeout-minutes: 360 (full scan of 117 entries at ~96s each ≈ 3h)
- trigger on .github/policy/** so prompt edits get scanned
* Bump vercel SHA to test the tightened scan against it
* Adopt validate-plugins action suite; pin all external SHAs
Replaces the hand-rolled marketplace validator and bot-based bump
workflow with the shared composite actions (pinned at f846a0b).
marketplace.json:
- 62 external entries that were missing a `sha` are now pinned to
their current upstream HEAD (resolved via git ls-remote).
Workflows:
- validate-plugins.yml: invariants I1-I11 + claude plugin validate +
diff-gated clone-at-SHA validation of changed external entries.
SHA-pin (I5) is a hard error. I8/I11 stay warnings until the 15
known data issues (vendored dirs without manifests; one dotted
name) are cleaned up.
- bump-plugin-shas.yml: bot-free weekly refresh. Validates each new
SHA with claude plugin validate before opening one PR; works with
the default GITHUB_TOKEN (contents:write + pull-requests:write).
- scan-plugins.yml: Claude policy scan of changed external entries.
Non-blocking; graceful no-op if ANTHROPIC_API_KEY isn't set.
Removed:
- validate-marketplace.yml + the two TS helper scripts (superseded
by step 11/20 of validate-plugins).
validate-frontmatter.yml is kept — it's complementary (targeted
checks on agent/skill/command files for in-repo plugins).
* Remove 5 external entries that fail validation at HEAD
Step 30 (clone at pinned SHA + claude plugin validate) fails for
these at their current HEAD:
aiven Unrecognized key "logo" in plugin.json
atlassian-forge-skills skill YAML frontmatter parse error
sagemaker-ai skill YAML frontmatter parse error
speakai no plugin manifest at repo root
stagehand no plugin manifest at repo root
These can be re-added once the upstream repos are fixed.
* Wire scan-plugins to the detailed policy prompt
Adds .github/policy/prompt.md and schema.json (the full security
review rubric — malicious code, privacy, deception, safety
circumvention, exfiltration; plus network-call and software-install
flags) and points scan-plugins at it via the policy-prompt input.
With ANTHROPIC_API_KEY now configured on the repo, scan-plugins runs
the actual policy review on changed external entries instead of
no-op'ing.
* Bump scan-plugins action pin to include L11/L12 fixes
/maker-setup now falls back to GitHub's tarball endpoint when git isn't
on PATH, instead of detouring through a package-manager git install.
curl and tar ship with macOS, Linux, and Windows 10 1803+ out of the
box, so this is zero-install on every target platform — and a CwC
attendee just needs the files once to flash a device, not git history.
- maker-setup.md: git-clone fast path, curl|tar (Unix) / curl+tar+
Rename-Item (PowerShell) fallback, normalizes the -main suffix
- m5-onboard/SKILL.md: drop git from required deps + per-OS git
bootstrap block; keep Python bootstrap
- README: git now listed as optional
Linear: CC-1975
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
🏠 Remote-Dev: homespace
* Add cwc-makers plugin: /keep-thinking Cardputer onboarding
Packages the Code-with-Claude Makers (claude.com/cwc-makers) Cardputer
experience as a one-command flow for event attendees:
- commands/keep-thinking.md: user entry point — clones
moremas/build-with-claude and runs the m5-onboard provisioning flow
- skills/m5-onboard/SKILL.md: vendored from upstream onboard/SKILL.md;
Installation section replaced with clone-location note; explicit
'relay physical button steps to user' directive added
- skills/cardputer-buddy/SKILL.md: post-onboarding app iteration
All three are user-invocable; /keep-thinking is the intended entry
point. Skill content is Apache-2.0 from the upstream repo.
Linear: CC-1975
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
🏠 Remote-Dev: homespace
* Rename /keep-thinking → /start-making
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
🏠 Remote-Dev: homespace
* Rename /start-making → /maker-setup
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
🏠 Remote-Dev: homespace
