Stats
Actions
Available In
Tags
Plugin
verifier
Re-verification probes for Claude Code plugin machinery (envs, substitution, hooks, userConfig, slash vs natural, blocks, Cowork-specific behavior). Source: sandbox/research.md targeting v2.1.118-119; this plugin re-tests claims against the current Claude Code version.
What's Inside
Skills24
00-canary
/00-canary
Observation infrastructure canary. Verifies that plugin-level hooks fire (via session-start log), that skill frontmatter hooks register and fire after first invoke, and that bash tool subprocess can write to the findings directory. Run this BEFORE any other probe — if this FAILs, the verdict of every later probe is CANARY-FAILED.
01-env-propagation
/01-env-propagation
Probe env propagation across 3 process tiers (§1.1). Compares which CLAUDE_* env vars are set in plugin-level hook vs skill frontmatter hook vs Bash tool subprocess.
02-substitution-allowlist
/02-substitution-allowlist
Probe ${VAR} substitution allowlist in skill body (§1.2). Tests CLAUDE_PLUGIN_ROOT/DATA/SKILL_DIR/SESSION_ID/PROJECT_DIR substitution at invoke time.
03-shell-binsh
/03-shell-binsh
Probe that hook commands run under /bin/sh (dash on WSL Ubuntu), not bash (§1.3). Bash-specific constructs should produce Bad substitution / syntax errors.
04-sensitive-leak
/04-sensitive-leak
Confirm that userConfig.api_secret (sensitive=true) is exposed as plain text via CLAUDE_PLUGIN_OPTION_API_SECRET in plugin-level hook env (§1.4). "sensitive" affects storage only, not runtime exposure.
Stats
Version0.1.0
LanguageShell
Stars0
MaintenanceExcellent
LicenseMIT
Last Commit
Added
Available In
Safety Signals
Caution
Executes bash commands
Hook triggers when Bash tool is used
Tags
Categories
