Plugin Safety & Trust
Understand how to evaluate plugin safety and our transparency-first trust model.
Our Trust Philosophy
Unlike traditional plugin ecosystems that gatekeep with strict approval processes, we believe in transparency over gatekeeping. Every plugin with a valid manifest is automatically approved - no waiting, no arbitrary rules.
Trust Through Transparency
We provide clear safety information, trust signals, and direct source code access so you can make informed decisions. Quality is indicated through community validation (stars), maintenance scores, and manual reviews - not by blocking plugins.
Understanding Plugin Capabilities
Plugins can include powerful features that require careful consideration:
Hooks
Execute scripts automatically at workflow lifecycle points
What hooks can do:
- •Run custom scripts before/after specific events (commits, saves, etc.)
- •Modify files or run tests automatically
- •Execute any shell command on your system
Available hook events:
PreToolUsePostToolUseUserPromptSubmitNotificationSessionStartSessionEndStopSubagentStopWhy this matters: Hooks run automatically without prompting. Review the hook scripts in the repository before installing to understand what they do.
MCP Servers
Connect to external services, APIs, and data sources
What MCP servers can do:
- •Access cloud services (AWS, Vercel, databases)
- •Read/write data to external APIs
- •Require API keys or credentials
Why this matters: MCP servers access external services with your credentials. Only provide API keys to plugins you trust, and use read-only tokens when possible.
Strict Mode
Plugins marked as "strict" follow best practices and require a valid manifest file
Strict mode means:
- Plugin must include a valid
plugin.jsonmanifest - Follows standard plugin structure and conventions
- Recommended default for production use
Strict mode is the default setting ("strict": true). Non-strict plugins can omit the manifest file and rely on marketplace configuration, but require more careful review.
How to Evaluate Plugins
Use these trust signals to make informed decisions:
GitHub Stars
Community validation and popularity indicator
Interpretation: 10+ stars indicates trusted by multiple developers
Maintenance Score
Based on last commit date and activity
Interpretation: Score of 7-10 means actively maintained (commits within 90 days)
Manual Review Badge
Manually reviewed by marketplace admins
Interpretation: Verified for quality, documentation, and best practices
Source Code Access
Every plugin links to its GitHub repository
Interpretation: Review the source code before installing
Pre-Installation Safety Checklist
Review the source code
Click through to the GitHub repository and review what the plugin does. Look at the manifest, hooks, and any scripts.
Check for hooks and MCP servers
Plugin detail pages show clear badges. If present, review what they do before installing.
Check trust signals
Look for GitHub stars (10+), high maintenance scores (7-10), and manual review badges.
Verify the author
Check the GitHub repository owner. Is it a known developer or organization? Do they have other reputable projects?
Check maintenance status
Recently maintained plugins (commits within 90 days) are more likely to be secure and compatible with the latest Claude Code version.
For Marketplace Maintainers
If you're publishing a marketplace with multiple plugins, ensure you understand the strict mode contract:
Verify strict mode setting
Strict mode defaults to true. When true, each plugin directory MUST include .claude-plugin/plugin.json.
Ensure manifests exist when strict is true
Don't publish marketplace-only repos without per-plugin manifests unless you explicitly set strict: false.
Only set strict: false when appropriate
Use strict: false only if the marketplace entry provides complete manifest metadata (version, description, commands, etc.).
Test before publishing
Always test with /plugin marketplace add ./path locally before pushing to production.
Learn more in the Plugin marketplaces documentation or the Building Plugins guide.
Remember: You're in control
Plugins can be enabled/disabled anytime with /plugin disable and removed with /plugin remove. Start with trusted plugins and expand as you get comfortable.
Security Best Practices
Use read-only tokens when possible
When configuring MCP servers that need API keys, use read-only or limited-scope tokens to minimize risk.
Review hook scripts before installation
Hooks run automatically. Always review the scripts in the repository to understand what they do.
Start with reviewed plugins
Plugins with the manual review badge have been vetted for quality and safety by marketplace admins.
Keep plugins updated
Plugin authors may release security updates. Check repositories for updates periodically.
Ready to Build?
Now that you understand plugin safety, learn how to build your own plugins with our creator guide.