Plugin Structure for Claude Code

Name: claude-code/plugin-structure
Author: anthropics

View on GitHub↗

Share on X Share on LinkedIn Share on Bluesky

40Medium

This skill describes a plugin architecture

ThreatsCI SM CS BC S HITL

Behavior Analysis

Mismatch detected — The skill's description claims it can be used to 'create a plugin' or 'scaffold a plugin,' but its content is purely informational and does not perform any file system operations or code generation to actually create or scaffold a plugin.

Claims to do

Plugin Structure for Claude Code: Claude Code plugins follow a standardized directory structure with automatic component discovery. Understanding this structure enables creating well-organized, maintainable plugins that integrate seamlessly with Claude Code.

Actually does

This skill provides extensive documentation on the standardized directory structure, manifest configuration (`.claude-plugin/plugin.json`), component organization (commands, agents, skills, hooks), and naming conventions for Claude Code plugins. It details how components are auto-discovered and how to use `${CLAUDE_PLUGIN_ROOT}` for portable path references. The skill itself does not execute any commands, access external data, or interact with external services.

Threat Analysis

AI Agent Traps ↗Scanned 4/15/2026

Content InjectionPerceptionclean

Semantic ManipulationReasoning1 finding

Cognitive StateMemory & Learningclean

Behavioural ControlAction3 findings

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Nameanthropics/claude-code/plugin-structure

Registrygithub

Versionf348a16da828

PURLpkg:github/anthropics/claude-code@f348a16da828?skill=plugin-structure

Stars114,388

Installs455,628

Source

Repository ↗SKILL.md ↗

SHA-256ee28fd415353...

SHA-1c269e921160e...

MD567a8ea5f7d29...

TLSH8152c939794c...

ssdeep384:jZcM3i+x...

Size13,796 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

GitHub

https://github.com/anthropics/claude-code/tree/main/skills/plugin-structure

455,628 installs

Claude CodeDocs

/plugin marketplace add anthropics/claude-code

/plugin install plugin-structure@anthropics/claude-code

Skills.shDocs

npx skills add https://github.com/anthropics/claude-code --skill plugin-structure

Assessments (2)

AI Agent Traps ↗

Event-driven command execution via hooksmediumcommand execution

The skill describes a plugin architecture allowing 'hooks' to execute arbitrary shell commands in response to various Claude Code events. This capability, if implemented by a malicious plugin, could lead to arbitrary code execution.

90% confidenceline 222

"type": "command", "command": "bash ${CLAUDE_PLUGIN_ROOT}/hooks/scripts/validate.sh"

Process execution via MCP server configurationmediumcommand execution

The skill details how 'MCP Servers' can be configured to execute arbitrary commands and arguments to start processes. A malicious plugin could leverage this to run executables or establish persistent services.

90% confidenceline 245

"command": "node", "args": ["${CLAUDE_PLUGIN_ROOT}/servers/server.js"]

General script execution capabilitylowcommand execution

The described plugin architecture includes a `scripts/` directory for helper scripts, which can be executed by various plugin components. This is a common but powerful mechanism for extending plugin functionality.

80% confidenceline 20

scripts/ # Helper scripts and utilities

Description Mismatchmediumdescription mismatch

The skill's description claims it can be used to 'create a plugin' or 'scaffold a plugin,' but its content is purely informational and does not perform any file system operations or code generation to actually create or scaffold a plugin.

85% confidence

The entire skill content consists of descriptive text, examples of file structures, and best practices, with no executable code or commands for plugin creation or scaffolding.

Version History (2)

f348a16da828current40Medium4/15/2026 5c18c787f2620None4/14/2026

Dependencies (13)

agent-sdk-dev.claude-plugin/marketplace.jsonnot scanned

claude-opus-4-5-migration.claude-plugin/marketplace.jsonnot scanned

code-review.claude-plugin/marketplace.jsonnot scanned

commit-commands.claude-plugin/marketplace.jsonnot scanned

explanatory-output-style.claude-plugin/marketplace.jsonnot scanned

feature-dev.claude-plugin/marketplace.jsonnot scanned

frontend-design.claude-plugin/marketplace.jsonnot scanned

hookify.claude-plugin/marketplace.jsonnot scanned

learning-output-style.claude-plugin/marketplace.jsonnot scanned

plugin-dev.claude-plugin/marketplace.jsonnot scanned

pr-review-toolkit.claude-plugin/marketplace.jsonnot scanned

ralph-wiggum.claude-plugin/marketplace.jsonnot scanned

security-guidance.claude-plugin/marketplace.jsonnot scanned

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/github/anthropics/claude-code/plugin-structure.svg)](https://mondoo.com/ai-agent-security/skills/github/anthropics/claude-code/plugin-structure)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/github/anthropics/claude-code/plugin-structure"><img src="https://mondoo.com/ai-agent-security/api/badge/github/anthropics/claude-code/plugin-structure.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/github/anthropics/claude-code/plugin-structure.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow