plugin-security-reviews

Q: How to install plugin-security-reviews?

Add a marketplace: /plugin marketplace add . Then add the config to /plugin install plugin-security-reviews@ . Finally, /plugin in Claude Code.

Q: What is plugin-security-reviews best for?

plugin-security-reviews is categorized under General. It covers: security, code-review, plugin.

New

1Community RegistryGeneralby Yonatan

Security review for Claude Code plugins with auto-detection of new/changed plugins

First seen 5/29/2026

View Source

Summary

This skill automatically detects new or changed plugins in your Claude Code plugin marketplace and performs security reviews on them, helping you catch vulnerabilities and enforce best practices before they affect your development workflow.

Overview

A Claude Code plugin marketplace with tools for better coding habits.

Plugins

quick-review

The main plugin - enforces good development practices and automates code review.

Uncommitted changes block - Don't let Claude ask the user questions if there are uncommitted changes.

Auto-review commits - Claude's code gets reviewed automatically after each commit.

Review comment prioritization - Framework for deciding which automated review comments to fix vs skip. (skill)

Manual review command - /quick-review to trigger a code review on demand.

Plan review - Review agent for plans, automatically executed after every plan file edit. (agent)

Plan checklist - Remind Claude to mention in the plan: small commits, a comprehensive TODO list, etc. (skill)

Comment quality check - Reminds Claude that redundant comments are bad.

Package management - Blocks editing package.json/pyproject.toml directly. Enforces npm install / uv add.

WebFetch tip - Remind Claude it can download the file instead.

Brainstorm mode - Multiple perspectives on a problem before deciding. (skill)

Stack recommendations - Tips for starting new projects (Vite+React, uv for Python, etc.) (skill)

Install guidance - Ensures proper installation methods (CLI over manual edits, official docs over memorized instructions). (skill)

plugin-security-reviews

Security review for Claude Code plugins with auto-detection of new/changed plugins.

google-workspace-connector

Access Google Workspace APIs (Gmail, Drive, Sheets, Docs) via oauth2l + curl. (skill)

Requirements

•jq - Required for most hooks. Install with brew install jq (macOS) or apt install jq (Linux). If missing, you'll see a warning at session start and hooks will be disabled.

Installation

Option 1: Via slash commands

bash

/plugin marketplace add hibukki/yonatans-cc-marketplace
/plugin install quick-review@yonatans-cc-marketplace

Option 2: Manual (in settings.json)

Add to your .claude/settings.json:

json

{
  "enabledPlugins": {
    "quick-review@yonatans-cc-marketplace": true
  },
  "extraKnownMarketplaces": {
    "yonatans-cc-marketplace": {
      "source": {
        "source": "github",
        "repo": "hibukki/yonatans-cc-marketplace"
      }
    }
  }
}

Setup (for contributors)

bash

git config core.hooksPath .githooks

This enables the pre-commit hook that auto-bumps the plugin version.

Other plugins that seem promising

Search

exa MCP

Getting docs

As markdown, with optimizations for LLMs

context7

Interacting with a browser

dev browser

Seems more promising than the playwright MCP and the claude chrome plugin.

Install & Usage

Add a marketplace

/plugin marketplace add <org/repo>

Install the plugin

Add the configuration to /plugin install plugin-security-reviews@<marketplace>

Manage with /plugin

/plugin

Use Cases

Automatically review a newly added plugin for security vulnerabilities before it goes live.

Detect changes to an existing plugin and trigger a focused security review on the modified code.

Enforce security best practices across all plugins in your marketplace during continuous integration.

Generate a security report for all plugins in the marketplace to identify potential risks.

Review a plugin's dependencies and permissions to ensure they follow least-privilege principles.

Block deployment of a plugin that fails security review checks until issues are resolved.

Usage Examples

/plugin-security-reviews review plugin-name

Run a security review on all changed plugins since last commit

Check plugin 'quick-review' for security issues

View source on GitHub

securitycode-reviewplugin

Security Audits

LicenseUnknownSourceWarnRepositoryPass

Frequently Asked Questions

What is plugin-security-reviews?

How to install plugin-security-reviews?

To install plugin-security-reviews: add a marketplace (/plugin marketplace add <org/repo>), then add the config to /plugin install plugin-security-reviews@<marketplace>. Finally, /plugin in Claude Code.

What is plugin-security-reviews best for?

plugin-security-reviews is a plugin categorized under General. It is designed for: security, code-review, plugin. Created by Yonatan.

What can I use plugin-security-reviews for?

plugin-security-reviews is useful for: Automatically review a newly added plugin for security vulnerabilities before it goes live.; Detect changes to an existing plugin and trigger a focused security review on the modified code.; Enforce security best practices across all plugins in your marketplace during continuous integration.; Generate a security report for all plugins in the marketplace to identify potential risks.; Review a plugin's dependencies and permissions to ensure they follow least-privilege principles.; Block deployment of a plugin that fails security review checks until issues are resolved..