Product

  • Browse Plugins
  • Marketplaces
  • Pricing

Resources

  • Learning Center
  • Claude Code Docs
  • Plugin Guide
  • Plugin Reference
  • Plugin Marketplaces

Community

  • Browse on GitHub
  • Get Support

Admin

  • Admin Panel

Legal

  • Terms of Service
  • Privacy Policy
Community Maintained•Not affiliated with Anthropic

© 2025 ClaudePluginHub

ClaudePluginHub
ClaudePluginHub
Tools
Learn
Search...
Back to Learn
Safety Guide

Plugin Safety & Trust

Understand how to evaluate plugin safety and our transparency-first trust model.

Our Trust Philosophy

Unlike traditional plugin ecosystems that gatekeep with strict approval processes, we believe in transparency over gatekeeping. Every plugin with a valid manifest is automatically approved - no waiting, no arbitrary rules.

Trust Through Transparency

We provide clear safety information, trust signals, and direct source code access so you can make informed decisions. Quality is indicated through community validation (stars), maintenance scores, and manual reviews - not by blocking plugins.

How Protection Works

Understanding the difference between guidance and enforcement helps you choose the right protection mechanism for your use case.

Behavioral Guidance

CLAUDE.md

Instructions that Claude follows as best practice. Loaded with each session and interpreted contextually.

Behavior: Claude follows these rules voluntarily. Strong competing context or explicit user instructions may override them.

Deterministic Enforcement

Hooks

Code that executes at lifecycle points regardless of Claude's interpretation or user prompts.

Behavior: If exit code is 2, the operation is blocked unconditionally. Cannot be bypassed through prompting.

When to Use Each

Use CLAUDE.md for project conventions and preferences. Use hooks for security-critical enforcement where you need guarantees regardless of context.

Understanding Plugin Capabilities

Plugins can include powerful features that require careful consideration:

Hooks

Advanced Feature

Execute scripts automatically at workflow lifecycle points

What hooks can do:

  • •Run custom scripts before/after tool execution, prompts, and permissions
  • •Modify files or run tests automatically
  • •Execute any shell command on your system

Available hook events (12 total):

PreToolUsePostToolUsePostToolUseFailurePermissionRequestUserPromptSubmitNotificationStopSubagentStartSubagentStopPreCompactSessionStartSessionEnd

Hook exit codes:

0Allow operation
1Non-blocking error
2Block + feed stderr

Hook types:

command(default)

Executes bash commands or scripts on your system. The hook runs locally with full shell access and your user permissions.

prompt
LLM-based

Sends a prompt to an LLM (Haiku) for intelligent, context-aware decisions. Most useful for Stop and SubagentStop hooks.

Why this matters: Hooks run automatically without prompting. command hooks execute shell scripts locally, while prompt hooks make API calls to an LLM. Review all hook configurations in the repository before installing.

MCP Servers

External Access

Connect to external services, APIs, and data sources via Model Context Protocol

What MCP servers can do:

  • •Access cloud services (AWS, Vercel, databases)
  • •Read/write data to external APIs
  • •Require API keys or credentials

Transport types:

HTTP (recommended)
Stdio (local)
SSE

Why this matters: MCP servers access external services with your credentials. Only provide API keys to plugins you trust, and use read-only tokens when possible.

Strict Mode

Recommended

Plugins marked as "strict" follow best practices and require a valid manifest file

Strict mode means:

  • Plugin must include a valid plugin.json manifest
  • Follows standard plugin structure and conventions
  • Recommended default for production use

Strict mode is the default setting ("strict": true). Non-strict plugins can omit the manifest file and rely on marketplace configuration, but require more careful review.

Practical Example: File Access Guard

This hook demonstrates deterministic enforcement by blocking access to sensitive configuration files, regardless of how the request is framed:

hooks/guard-config-files.sh
#!/bin/bash
# PreToolUse hook: Guard sensitive files
# Exit 0 = allow, Exit 1 = non-blocking error, Exit 2 = block

INPUT=$(cat)
TARGET=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty')

# Check for protected patterns
case "$TARGET" in
  *.env*|*credentials*|*secret*)
    echo "Protected file: $TARGET" >&2
    exit 2
    ;;
esac

exit 0
hooks.json
{
  "hooks": {
    "PreToolUse": [{
      "matcher": "Read|Edit|Write",
      "hooks": [{
        "type": "command",
        "command": "./hooks/guard-config-files.sh"
      }]
    }]
  }
}

Key point: When this hook runs, if the file matches a protected pattern, the exit 2 blocks the operation completely. The stderr message is fed back to Claude for context, but the file access never happens.

Hook Examples Gallery

Practical examples of hooks you might encounter in plugins. Understanding these patterns helps you evaluate what hooks do before installing.

PreToolUse

Database Query Guard

Blocks destructive database operations

hooks/db-guard.sh
#!/bin/bash
# Block DROP, TRUNCATE, or simple DELETE statements
INPUT=$(cat)
CMD=$(echo "$INPUT" | jq -r '.tool_input.command // empty')

if echo "$CMD" | grep -qiE \
  '(DROP|TRUNCATE|DELETE\s+FROM\s+\w+\s*;)'; then
  echo "Blocked: Destructive DB operation" >&2
  exit 2
fi
exit 0
PostToolUse

Auto-Format on Save

Runs Prettier after file edits

hooks/format.sh
#!/bin/bash
# Run formatter after Write/Edit tools
INPUT=$(cat)
FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty')

case "$FILE" in
  *.ts|*.tsx|*.js|*.jsx)
    npx prettier --write "$FILE" 2>/dev/null
    ;;
esac
exit 0
Stop

Task Completion Alert

Desktop notification when Claude finishes

hooks/notify.sh
#!/bin/bash
# Send notification when Claude completes a task
# macOS example - adapt for your OS

osascript -e 'display notification \
  "Claude finished the task" \
  with title "Claude Code"'
exit 0
PreToolUse

Branch Protection

Prevents direct commits to main/master

hooks/protect-main.sh
#!/bin/bash
# Block direct commits to protected branches
INPUT=$(cat)
CMD=$(echo "$INPUT" | jq -r '.tool_input.command // empty')

if echo "$CMD" | grep -qE \
  'git (push|commit).*\b(main|master)\b'; then
  echo "Blocked: Use a feature branch" >&2
  exit 2
fi
exit 0

Exit codes explained: Exit 0 allows the operation, 1 is a non-blocking error, 2 blocks the operation and feeds the error message back to Claude.

How to Evaluate Plugins

Use these trust signals to make informed decisions:

GitHub Stars

Community validation and popularity indicator

Interpretation: 10+ stars indicates trusted by multiple developers

Maintenance Score

Based on last commit date and activity

Interpretation: Score of 7-10 means actively maintained (commits within 90 days)

Manual Review Badge

Manually reviewed by marketplace admins

Interpretation: Verified for quality, documentation, and best practices

Source Code Access

Every plugin links to its GitHub repository

Interpretation: Review the source code before installing

Pre-Installation Safety Checklist

Review the source code

Click through to the GitHub repository and review what the plugin does. Look at the manifest, hooks, and any scripts.

Check for hooks and MCP servers

Plugin detail pages show clear badges. If present, review what they do before installing.

Check trust signals

Look for GitHub stars (10+), high maintenance scores (7-10), and manual review badges.

Verify the author

Check the GitHub repository owner. Is it a known developer or organization? Do they have other reputable projects?

Check maintenance status

Recently maintained plugins (commits within 90 days) are more likely to be secure and compatible with the latest Claude Code version.

Remember: You're in control

Plugins can be enabled/disabled anytime with /plugin disable plugin-name and removed with /plugin uninstall plugin-name. Start with trusted plugins and expand as you get comfortable.

Security Best Practices

1

Use read-only tokens when possible

When configuring MCP servers that need API keys, use read-only or limited-scope tokens to minimize risk.

2

Review hook scripts before installation

Hooks run automatically. Always review the scripts in the repository to understand what they do.

3

Start with reviewed plugins

Plugins with the manual review badge have been vetted for quality and safety by marketplace admins.

4

Keep plugins updated

Plugin authors may release security updates. Check repositories for updates periodically.

Ready to Build?

Now that you understand plugin safety, learn how to build your own plugins with our creator guide.

Building Plugins GuideBrowse Safe Plugins