Common questions about Claude Code plugins answered - from installation to publishing your own.
Claude Code plugins are extensions that enhance Claude Code with additional functionality. They bundle six component types: slash commands and skills (invokable by you via /name and, by default, by Claude when relevant — commands are flat .md files, skills are directories with supporting files), subagents (specialized assistants with isolated context that Claude delegates to), hooks (event-driven automation), MCP servers (external tool connections), and LSP servers (language servers for code intelligence like go-to-definition). Plugins are distributed as GitHub repositories with a manifest file. Once installed, they seamlessly integrate into your Claude Code environment.
Learn more about plugin componentsInstalling plugins requires two simple commands. First, add the GitHub repository with "/plugin marketplace add owner/repo". Then install the plugin with "/plugin install plugin-name". After installation, plugins are immediately available. Manage plugins with "/plugin list" to see all, "/plugin enable plugin-name" to activate, "/plugin disable plugin-name" to turn off, and "/plugin uninstall plugin-name" to remove completely.
Read the full installation guideIn Claude Code, "marketplaces" are sources for plugins - GitHub repositories or curated collections. The simplest approach is adding a GitHub repository directly (e.g., "/plugin marketplace add owner/repo"). ClaudePluginHub also generates themed collections that bundle related plugins. These are JSON catalogs that Claude Code reads to discover available plugins. The term "marketplace" is historical - think of it as "adding a plugin source."
Plugin safety depends on factors that ClaudePluginHub helps you evaluate. Trust signals include GitHub star counts, maintenance scores, repository activity, and manual review badges. Safety warnings appear for plugins with hooks (which execute code automatically) and MCP servers (which connect to external services). Review each plugin's README, check the GitHub repository, and start with well-maintained plugins from trusted authors.
Read the complete safety guideHooks are event handlers that execute automatically at specific lifecycle points in Claude Code - there are 29 events: PreToolUse, PostToolUse, PostToolUseFailure, PostToolBatch, PermissionRequest, UserPromptSubmit, UserPromptExpansion, Notification, Stop, StopFailure, SubagentStart, SubagentStop, PreCompact, PostCompact, SessionStart, Setup, SessionEnd, TeammateIdle, TaskCompleted, InstructionsLoaded, ConfigChange, WorktreeCreate, WorktreeRemove, Elicitation, ElicitationResult, PermissionDenied, TaskCreated, CwdChanged, and FileChanged. They enable powerful automation but run without explicit user action. MCP (Model Context Protocol) servers connect to external tools, databases, and APIs using HTTP (recommended), Stdio, or SSE (deprecated) transports. Both require additional trust - ClaudePluginHub flags plugins using these features.
The difference is structural, not behavioral. A command is a single .md file in commands/; a skill is a directory in skills/ with a SKILL.md plus optional supporting files and scripts (useful when you need to ship scripts, templates, or reference material alongside the instructions). Under the hood they share the same invocation mechanism: both can be invoked by you via /name and, by default, by Claude when relevant. Use frontmatter to narrow who invokes it — disable-model-invocation: true restricts to user-only, user-invocable: false restricts to Claude-only.
Publishing is automated. Create a GitHub repository with a ".claude-plugin/plugin.json" (only "name" is required; everything else, including the manifest itself, is optional — Claude Code will auto-discover components from standard directories). Add your components (commands, agents, skills) in the appropriate directories at the plugin root (not inside .claude-plugin). Include a README with usage instructions. Push to GitHub and submit the URL at ClaudePluginHub for the fastest route to indexing. Auto-discovery also runs but depends on GitHub Code Search, which can take days to index new repositories.
Read the full building guideExcellent plugins have clear documentation, valid and complete manifests, active maintenance, and solve specific problems well. They follow security best practices - minimizing hooks and external connections when possible, documenting required permissions. Good plugins include usage examples in the README, have well-structured code, and are transparent about data access.
ClaudePluginHub runs auto-discovery every 2 hours using GitHub Code Search. However, GitHub can take days to index new or low-activity repositories — for new plugins, direct submission is recommended. SHA-based change detection (also every 2 hours) compares repository commits against known versions — changes trigger re-ingestion. The ingestion queue processes every 30 minutes, updating metadata, READMEs, stars, and maintenance scores. Once a plugin is tracked, updates are detected and processed regularly.
Explore our learning center for in-depth guides on plugins, safety, and development.