Morgan Westlee Lunt 3b9df61600
code-modernization: fix findings from adversarial audit
Code/security:
- extract-rules.js: guard null agent() verdicts in the verify + P0 loops
  (a skipped/dead referee made {rule,v:null} survive .filter(Boolean) and
  then crashed on v.injectionSuspected / v.every) — sibling scripts already
  had the guard.
- topology viewer XSS: the map injector embedded untrusted JSON (node names
  from filenames, etc.) into a <script> island unescaped — a name containing
  </script> executed on open. Escape < > & in the injected data and add a CSP
  to the template.
- Second-order injection: citation/identifier fields (source / cwe /
  source_site / correctedSource) were interpolated UNFENCED into the verifier
  prompts that are supposed to be the trust anchor. Fence them in
  extract-rules, harden-scan, uplift-deltas.

uplift design (audit of the new feature):
- Working-copy model: copy the WHOLE solution to modernized/ once and edit in
  place (relative project refs survive; result is a reviewable git diff) —
  the incremental per-project copy broke multi-project builds.
- Dual-run honesty: reframed as 'if both runtimes run here' (net48 needs
  Windows; JUnit/pytest don't multi-target); dummy-test gate now binds a real
  SUT under both targets; per-stack harness notes.
- Tooling honesty: present/runnable/actually-ran distinction; never fold in a
  tool that couldn't run; apiport/2to3 demoted; py2->3 removed from 'preserve'
  examples.
- Delta classes: name the high-blast-radius landmines (JPMS strong
  encapsulation, .NET trimming/AOT, ICU globalization, hosting/runtime-config,
  analyzer/nullable) in the finder briefs + agent.
- Rewrite-vs-uplift signal: weigh by touched sites (siteCount), not delta-card
  count; judgment-share demoted to secondary.

Docs/consistency: brief reads topology.json (not TOPOLOGY.html); README
'five commands'; credential-masking claim split (analysts mask+cite vs
code-writers substitute fakes); read-only/write-scope claims softened to
match enforcement (Bash retained -> discipline, not tool-lock); reimagine
nested blockers/pendingRuleIds; status splits transform vs reimagine markers;
portfolio enumeration basenames; plugin.json description updated.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-09 23:31:52 +00:00
2025-11-20 14:26:30 -08:00

Claude Code Plugins Directory

A curated directory of high-quality plugins for Claude Code.

⚠️ Important: Make sure you trust a plugin before installing, updating, or using it. Anthropic does not control what MCP servers, files, or other software are included in plugins and cannot verify that they will work as intended or that they won't change. See each plugin's homepage for more information.

Structure

  • /plugins - Internal plugins developed and maintained by Anthropic
  • /external_plugins - Third-party plugins from partners and the community

Installation

Plugins can be installed directly from this marketplace via Claude Code's plugin system.

To install, run /plugin install {plugin-name}@claude-plugins-official

or browse for the plugin in /plugin > Discover

Contributing

Internal Plugins

Internal plugins are developed by Anthropic team members. See /plugins/example-plugin for a reference implementation.

External Plugins

Third-party partners can submit plugins for inclusion in the marketplace. External plugins must meet quality and security standards for approval. To submit a new plugin, use the plugin directory submission form.

Plugin Structure

Each plugin follows a standard structure:

plugin-name/
├── .claude-plugin/
│   └── plugin.json      # Plugin metadata (required)
├── .mcp.json            # MCP server configuration (optional)
├── commands/            # Slash commands (optional)
├── agents/              # Agent definitions (optional)
├── skills/              # Skill definitions (optional)
└── README.md            # Documentation

Skill-bundle plugins

When a plugin's source repository ships skills (SKILL.md files) without a .claude-plugin/plugin.json manifest, the marketplace entry can declare the skills directly using strict: false and an explicit skills array.

{
  "name": "example-bundle",
  "description": "Brief description of the bundled skills.",
  "author": { "name": "Author Name" },
  "category": "development",
  "source": {
    "source": "git-subdir",
    "url": "https://github.com/example-org/sdk.git",
    "path": "packages/agent-skills",
    "ref": "main",
    "sha": "<commit sha>"
  },
  "strict": false,
  "skills": [
    "./skill-a",
    "./skill-b",
    "./skill-c"
  ],
  "homepage": "https://github.com/example-org/sdk"
}

Each path in skills is relative to source.path and points at a directory containing a SKILL.md. Paths can reach deeper than a single level — for example, ["./libA/skill-1", "./libB/skill-2"] exposes a curated subset across multiple library subdirectories. Each skill is registered as <plugin-name>:<skill-name> in Claude Code.

For the underlying schema, see Strict mode in the marketplace documentation.

License

Please see each linked plugin for the relevant LICENSE file.

Documentation

For more information on developing Claude Code plugins, see the official documentation.

Description
Official, Anthropic-managed directory of high quality Claude Code Plugins.
Readme Apache-2.0 6.5 MiB
Languages
Python 54.1%
HTML 19.1%
TypeScript 12.3%
JavaScript 8.4%
Shell 6.1%