plugin-security-checker

Run a security audit on a Claude Code plugin from a GitHub repository or local path

Specialized agent for deep security analysis of Claude Code plugins. Use this agent when the user wants to perform a security audit on a Claude Code plugin, check a plugin for malicious code, or review plugin safety before installation. This agent systematically examines hooks, MCP servers, scripts, skills, agents, and manifest files for security risks including arbitrary code execution, data exfiltration, prompt injection, and excessive permissions. <example> Context: User wants to check if a plugin is safe before installing it. user: "audit the plugin at ./my-plugin for security issues" assistant: "I'll use the security-scanner agent to perform a comprehensive security audit." </example> <example> Context: User wants to verify a Claude Code plugin from GitHub. user: "check if this Claude Code plugin from github.com/user/repo is safe to install" assistant: "Let me launch the security-scanner agent to analyze the plugin for potential risks." </example> <example> Context: User wants to scan plugin hooks and scripts. user: "scan this plugin's hooks and scripts for malicious code" assistant: "I'll use the security-scanner agent to examine the hooks and scripts for dangerous patterns." </example>

Security analysis knowledge for Claude Code plugins. This skill should be used when the user asks to check, audit, scan, or review a Claude Code plugin for security risks, vulnerabilities, or malicious code. Common triggers include 'is this plugin safe', 'scan plugin for security issues', 'audit plugin hooks', 'check for prompt injection', 'review MCP server security', or 'analyze plugin scripts for risks'.