intent-solutions-io/Plugin Validator
010-archive/backups-20251108/plugin-enhancements/plugin-backups/skills-powerkit_20251020_012455/skills/plugin-validator/SKILL.md
Automatically validates Claude Code plugin structure, schemas, and compliance when user mentions validate plugin, check plugin, or plugin errors. Runs comprehensive validation specific to claude-code-plugins repository standards.
$ install --global
skillsauthnpx skillsauth add intent-solutions-io/plugins-nixtla Plugin ValidatorInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 5, 2026, 11:46 PM4.3s1 file scanned
SKILL.md
- name:
- Plugin Validator
- description:
- Automatically validates Claude Code plugin structure, schemas, and compliance when user mentions validate plugin, check plugin, or plugin errors. Runs comprehensive validation specific to claude-code-plugins repository standards.
- allowed-tools:
- Read, Grep, Bash
Plugin Validator
Purpose
Automatically validates Claude Code plugins against repository standards, checking structure, JSON schemas, frontmatter, permissions, security, and marketplace compliance - optimized for claude-code-plugins repository.
Trigger Keywords
- "validate plugin"
- "check plugin"
- "plugin validation"
- "plugin errors"
- "lint plugin"
- "verify plugin"
Validation Checks
1. Required Files
- ✅
.claude-plugin/plugin.jsonexists - ✅
README.mdexists and not empty - ✅
LICENSEfile exists - ✅ At least one component directory (commands/, agents/, skills/, hooks/, mcp/)
2. Plugin.json Schema
# Required fields:
- name (kebab-case, lowercase, hyphens only)
- version (semantic versioning x.y.z)
- description (clear, concise)
- author.name
- author.email
- license (MIT, Apache-2.0, etc.)
- keywords (array, at least 2)
# Optional but recommended:
- repository (GitHub URL)
- homepage (docs URL)
3. Frontmatter Validation
For Commands (commands/*.md):
---
name: command-name
description: Brief description
model: sonnet|opus|haiku
---
For Agents (agents/*.md):
---
name: agent-name
description: Agent purpose
model: sonnet|opus|haiku
---
For Skills (skills/*/SKILL.md):
---
name: Skill Name
description: What it does AND when to use it
allowed-tools: Tool1, Tool2, Tool3 # optional
---
4. Directory Structure
Validates proper hierarchy:
plugin-name/
├── .claude-plugin/ # Required
│ └── plugin.json # Required
├── README.md # Required
├── LICENSE # Required
├── commands/ # Optional
│ └── *.md
├── agents/ # Optional
│ └── *.md
├── skills/ # Optional
│ └── skill-name/
│ └── SKILL.md
├── hooks/ # Optional
│ └── hooks.json
└── mcp/ # Optional
└── *.json
5. Script Permissions
# All .sh files must be executable
find . -name "*.sh" ! -perm -u+x
# Should return empty
6. JSON Validation
# All JSON must be valid
jq empty plugin.json
jq empty marketplace.extended.json
jq empty hooks/hooks.json
7. Security Scans
- ❌ No hardcoded secrets (API keys, tokens, passwords)
- ❌ No AWS keys (AKIA...)
- ❌ No private keys (BEGIN PRIVATE KEY)
- ❌ No dangerous commands (rm -rf /, eval())
- ❌ No suspicious URLs (non-HTTPS, IP addresses)
8. Marketplace Compliance
- ✅ Plugin listed in marketplace.extended.json
- ✅ Source path matches actual location
- ✅ Version matches between plugin.json and catalog
- ✅ Category is valid
- ✅ No duplicate plugin names
9. README Requirements
- ✅ Has installation instructions
- ✅ Has usage examples
- ✅ Has description section
- ✅ Proper markdown formatting
- ✅ No broken links
10. Path Variables
For hooks:
- ✅ Uses
${CLAUDE_PLUGIN_ROOT}not absolute paths - ✅ No hardcoded /home/ or /Users/ paths
Validation Process
When activated, I will:
-
Identify Plugin
- Detect plugin directory from context
- Or ask user which plugin to validate
-
Run Comprehensive Checks
# Structure validation ./scripts/validate-all.sh plugins/category/plugin-name/ # JSON validation jq empty .claude-plugin/plugin.json # Frontmatter check python3 scripts/check-frontmatter.py # Permission check find . -name "*.sh" ! -perm -u+x # Security scan grep -r "password\|secret\|api_key" | grep -v placeholder -
Generate Report
- List all issues by severity (critical, high, medium, low)
- Provide fix commands for each issue
- Summary: PASSED or FAILED
Validation Report Format
🔍 PLUGIN VALIDATION REPORT
Plugin: plugin-name
Location: plugins/category/plugin-name/
✅ PASSED CHECKS (8/10)
- Required files present
- Valid plugin.json schema
- Proper frontmatter format
- Directory structure correct
- No security issues
- Marketplace compliance
- README complete
- JSON valid
❌ FAILED CHECKS (2/10)
- Script permissions: 3 .sh files not executable
Fix: chmod +x scripts/*.sh
- Marketplace version mismatch
plugin.json: v1.2.0
marketplace.extended.json: v1.1.0
Fix: Update marketplace.extended.json to v1.2.0
⚠️ WARNINGS (1)
- README missing usage examples
Recommendation: Add ## Usage section with examples
OVERALL: FAILED (2 critical issues)
Fix issues above before committing.
Auto-Fix Capabilities
I can automatically fix:
- ✅ Script permissions (
chmod +x) - ✅ JSON formatting (
jqreformat) - ✅ Marketplace version sync
- ✅ Missing LICENSE (copy from root)
Repository-Specific Checks
For claude-code-plugins repo:
- Validates against
.claude-plugin/marketplace.extended.json - Checks category folder matches catalog entry
- Ensures marketplace slug is
claude-code-plugins-plus - Validates against other plugins (no duplicates)
- Checks compliance with CLAUDE.md standards
Integration with CI
Validation results match GitHub Actions:
- Same checks as
.github/workflows/validate-plugins.yml - Compatible with CI error format
- Can be run locally before pushing
Examples
User says: "Validate the skills-powerkit plugin"
I automatically:
- Run all validation checks
- Identify 2 issues (permissions, version mismatch)
- Provide fix commands
- Report overall status: FAILED
User says: "Check if my plugin is ready to commit"
I automatically:
- Detect plugin from context
- Run comprehensive validation
- Check marketplace compliance
- Report: PASSED or list issues
User says: "Why is my plugin failing CI?"
I automatically:
- Run same checks as CI
- Identify exact failure
- Provide fix command
- Validate fix works
Related Skills
intent-solutions-io/managing-test-environments
testing
VerifiedTrustedCommunity
This skill enables Claude to manage isolated test environments using Docker Compose, Testcontainers, and environment variables. It is used to create consistent, reproducible testing environments for software projects. Claude should use this skill when the user needs to set up a test environment with specific configurations, manage Docker Compose files for test infrastructure, set up programmatic container management with Testcontainers, manage environment variables for tests, or ensure cleanup after tests. Trigger terms include "test environment", "docker compose", "testcontainers", "environment variables", "isolated environment", "env-setup", and "test setup".
6SKILL.mdUpdated Jun 5, 2026
intent-solutions-io/generating-test-doubles
tools
VerifiedTrustedCommunity
This skill uses the test-doubles-generator plugin to automatically create mocks, stubs, spies, and fakes for unit testing. It analyzes dependencies in the code and generates appropriate test doubles based on the chosen testing framework, such as Jest, Sinon, or others. Use this skill when you need to generate test doubles, mocks, stubs, spies, or fakes to isolate units of code during testing. Trigger this skill by requesting test double generation or using the `/gen-doubles` or `/gd` command.
6SKILL.mdUpdated Jun 5, 2026
intent-solutions-io/generating-test-data
tools
VerifiedTrustedCommunity
This skill enables Claude to generate realistic test data for software development. It uses the test-data-generator plugin to create users, products, orders, and custom schemas for comprehensive testing. Use this skill when you need to populate databases, simulate user behavior, or create fixtures for automated tests. Trigger phrases include "generate test data", "create fake users", "populate database", "generate product data", "create test orders", or "generate data based on schema". This skill is especially useful for populating testing environments or creating sample data for demonstrations.
6SKILL.mdUpdated Jun 5, 2026
intent-solutions-io/analyzing-test-coverage
development
VerifiedTrustedCommunity
This skill analyzes code coverage metrics to identify untested code and generate comprehensive coverage reports. It is triggered when the user requests analysis of code coverage, identification of coverage gaps, or generation of coverage reports. The skill is best used to improve code quality by ensuring adequate test coverage and identifying areas for improvement. Use trigger terms like "analyze coverage", "code coverage report", "untested code", or the shortcut "cov".
6SKILL.mdUpdated Jun 5, 2026