JFrog

JFrog Plugin for Claude Code

JFrog plugin for Claude Code: artifact management, security scanning, and supply-chain best practices, and Agent Guard.

Features

The JFrog plugin provides the following capabilities, grouped by component:

Component	Feature	Description
Skill	JFrog Platform	Interact with Artifactory repositories, builds, permissions, users, access tokens, projects, release bundles, and platform administration via the JFrog CLI and REST/GraphQL APIs. Also covers security audits, CVE lookups, and Advanced Security exposure queries.
Skill	Package safety & download	Check whether npm, Maven, PyPI, Go, and other packages are safe, curated, or allowed, then download them through Artifactory remote caches or curation-aware package managers.
Hook	Agent Guard	Claude manages MCPs through the JFrog Agent Guard. Through the Agent Guard you can discover, install, configure, update, and remove MCP servers from the JFrog AI Catalog approved for your project, and authenticate to remote HTTP MCPs via OAuth, API key, or bearer token.

---

Prerequisites

Before installing, make sure you have:

• JFrog host URL and access token — Your JFrog platform URL and a valid access token.
• Claude Code CLI (≥ 1.0) — The Claude Code CLI.
• Node.js (≥ 14) — with npx on your PATH (used by the Agent Guard hook).
• Skill runtime requirements — jf CLI, jq, and curl on PATH, plus a configured JFrog instance. For the minimum versions, see the upstream skills Requirements. Configure the CLI with jf config add — see Authentication.
• JFrog AI Catalog (optional) — If you want to use the Agent Guard feature, your JFrog subscription needs to include the AI Catalog entitlement. Contact your JFrog account team if you're unsure whether it's enabled.
• JFrog project (optional) — If you want to use the Agent Guard feature.

---

Installation

Install the Claude plugin

Inside Claude Code, run:

/plugin install jfrog

Local development

From a clone of this repository (repository root is the plugin root):

claude --plugin-dir /path/to/claude-plugin

---

Authentication

1. Set persistent environment variables

Variable	Description
JFROG_URL	Your JFrog platform URL, e.g. https://mycompany.jfrog.io
JFROG_ACCESS_TOKEN	Your JFrog access token

2. Configure the JFrog CLI

If you have never configured the JFrog CLI on this machine:

1. Open your terminal.
2. Run:

   jf config add
   

3. Follow the interactive prompts to enter the same JFrog platform URL and access token.

---

Usage

Once configured, interact with the JFrog plugin through natural language. Examples are grouped by capability.

JFrog Platform skill

Ask the agent…	What happens
"List my Artifactory repositories."	Returns repositories via the JFrog CLI.
"Upload this build to Artifactory."	Publishes build artifacts and metadata.
"Run a security audit on this project."	Runs an Xray / Advanced Security audit and summarizes findings.
"Show me details on CVE-2021-23337."	Looks up CVE details in JFrog Advanced Security.
"Create a scoped access token for CI."	Creates an access token with the requested scope.
"Promote this release bundle to production."	Uses Lifecycle / Distribution APIs to promote the bundle.

Package safety & download skill

Ask the agent…	What happens
"Is [email protected] safe to install?"	Checks JFrog Public Catalog signals and curation policy for the package.
"Is this Maven package approved for use?"	Checks curation entitlement and policy for the requested package.
"Download requests via JFrog."	Resolves the package through an Artifactory remote cache or curation-aware package manager.

MCP server management (Agent Guard)