Claude Code’s plugin system is incredibly powerful, but it’s easy to lose track of what’s actually running in your environment. After a week of adding marketplace tools and writing custom local agents, I ran into two issues:
- Command Amnesia: Forgetting the exact names of tools and how to invoke them.
-
Hidden Hooks: Not knowing which plugins registered
PostToolUsehooks or high-risk permissions like rawBashaccess.
To solve this, I built plugin-audit — a tool designed to give you a clear inventory and security overview of your workspace.
🛠️ The Commands
The plugin provides a complete toolkit to bring transparency to your setup:
-
/audit: The global scan. Lists every command, skill, agent, and hook in a clean table. -
/audit-risk: Heuristic scoring for permissions (e.g., Critical forBash, Low forRead). -
/audit-diff: Snapshot comparison to see exactly what changed after adding a new plugin. -
/audit-help <name>: Get the detailed metadata for a specific capability (very useful for debugging hooks).
🚀 Example Output
| Name | Type | Source | Provider | Invocation |
|---|---|---|---|---|
| frontend-design | skill | plugin:frontend-design | claude-plugins-official | Auto-triggered by model |
| setup_semgrep_plugin | command | plugin:semgrep-plugin | claude-plugins-official | /setup_semgrep_plugin |
| code-review | command | plugin:code-review | claude-plugins-official | /code-review |
| code-simplifier | agent | plugin:code-simplifier | claude-plugins-official | Use code-simplifier agent |
| revise-claude-md | command | plugin:claude-md-management | claude-plugins-official | /revise-claude-md |
| audit | command | plugin:plugin-audit | nestedcat-claude-marketplace | /audit |
| PostToolUse:Write/Edit | hook | plugin:semgrep-plugin | claude-plugins-official | Auto-trigger |
| planner | agent | user | — | Use planner agent |
| tdd-guide | agent | user | — | Use tdd-guide agent |
📦 Quick Start
Install it via the marketplace directly in Claude Code:
/plugins marketplace add nestedcat/nestedcat-claude-marketplace
/plugins install plugin-audit@nestedcat-claude-marketplace
Check out the source on GitHub:
👉 https://github.com/nestedcat/plugin-audit
How many plugins are you currently running?
Top comments (0)