home / skills / greyhaven-ai / claude-code-config / plugin-audit

plugin-audit skill

safe

/grey-haven-plugins/plugin-auditor/skills/plugin-audit

This skill audits Claude Code plugins against the latest changelog, validating structure, detecting deprecations, and recommending best practices for release

npx playbooks add skill greyhaven-ai/claude-code-config --skill plugin-audit

Review the files below or copy the command above to add this skill to your agents.

Files (6)

SKILL.md

1.8 KB

---
name: grey-haven-plugin-audit
description: "Comprehensive Claude Code plugin auditing skill for validating structure, detecting deprecated patterns, and recommending best practices based on the latest changelog. Use when auditing plugins, checking for deprecations, validating plugin structure, preparing plugins for release, or ensuring compatibility with recent Claude Code versions. Triggers: 'audit plugin', 'check plugin health', 'validate skill', 'plugin deprecation', 'changelog compatibility', 'plugin best practices'."
skills:
  - grey-haven-code-style
allowed-tools:
  - Read
  - Glob
  - Grep
  - WebFetch
  - TodoWrite
---

# Plugin Audit Skill

Comprehensive Claude Code plugin and skill auditing against the latest changelog and best practices.

## Description

Expert-level auditing of Claude Code plugins including structure validation, deprecation detection, feature adoption recommendations, and quality scoring based on the official changelog.

## What's Included

- **Checklists**: Plugin structure checklist, frontmatter checklist, deprecation checklist
- **Reference**: Changelog feature matrix, best practices guide, deprecation timeline
- **Examples**: Audit report examples, before/after improvements

## Use When

- Auditing plugin structure and quality
- Checking for deprecated patterns
- Preparing plugins for new Claude Code releases
- Validating skill and agent frontmatter
- Ensuring best practices compliance

## Related Agents

- `plugin-auditor`

## Audit Categories

1. **Structure Validation** - Directory layout, required files
2. **Frontmatter Quality** - Agent/skill/command frontmatter
3. **Deprecation Detection** - Outdated patterns and settings
4. **Feature Adoption** - New changelog features to adopt
5. **Security Review** - Tool restrictions, dangerous patterns
6. **Documentation** - README, examples, descriptions

**Skill Version**: 1.0

Overview

This skill performs a thorough audit of Claude Code plugins and skills to validate structure, detect deprecated patterns, and recommend concrete changes based on the latest changelog. It returns a prioritized checklist, a quality score, and actionable remediation steps to prepare plugins for release or compatibility with recent Claude Code versions. Use it to harden plugins, reduce deprecations, and align with current best practices.

How this skill works

The auditor inspects repository layout, required files, and frontmatter fields, then cross-references patterns against a curated deprecation checklist and changelog feature matrix. It flags structural issues, insecure or dangerous patterns, and missing modern features, and produces a remediation report with examples and priority levels. The output includes a noteable-items list, recommended edits, and a final quality score for release readiness.

When to use it

Before releasing or publishing a Claude Code plugin or skill
When upgrading to a new Claude Code version or changelog milestone
During code reviews to catch deprecated patterns early
To validate frontmatter and metadata for agents, skills, and commands
When performing a security or compatibility sweep across multiple plugins

Best practices

Maintain canonical directory layout and include all required entry files and metadata
Keep frontmatter concise, complete, and validated against the latest schema
Replace deprecated patterns listed in the changelog with supported alternatives as early as possible
Adopt new changelog features incrementally and include tests or examples demonstrating them
Document risky tool usage and add clear guardrails or usage limits to reduce security exposure

Example use cases

Generate a pre-release audit report that lists deprecated fields and exact replacements
Validate agent and command frontmatter across a mono-repo to ensure consistent metadata
Run a security-focused pass to detect tool injection patterns and unsafe subprocess or eval usage
Produce a remediation checklist for maintainers with line-level examples and suggested commits
Score a portfolio of plugins and prioritize updates by impact and difficulty

FAQ

What outputs does the audit produce?

A prioritized checklist, line-level warnings, suggested code or frontmatter edits, a changelog-mapped deprecation list, and a final quality score.

Can this detect security issues?

Yes. The audit flags dangerous patterns, improper tool restrictions, and insecure defaults, and gives remediation steps to mitigate risk.