Audit automatically audits AI assistant code plugins for security vulnerabilities, best practices, AI assistant.md compliance, and quality standards when user mentions audit plugin, security review, or best practices check. specific to AI assistant-code-plugins repositor... Use when assessing security or running audits. Trigger with phrases like 'security scan', 'audit', or 'vulnerability'.
Validate that hooks use ${CLAUDE_PLUGIN_ROOT} instead of hardcoded paths.
Verify marketplace compliance:
Confirm the plugin has an entry in marketplace.extended.json with matching name, version, category, and source path.
Check for duplicate plugin names in the catalog.
Assess git hygiene: no committed node_modules/, .env files, large binaries, or merge conflict markers.
For MCP plugins: validate package.json dependencies, TypeScript configuration, dist/ in .gitignore, and build scripts.
Generate a scored audit report following the format in ${CLAUDE_SKILL_DIR}/references/audit-report-format.md, with per-category scores out of 10 and an overall quality rating.
Overall score and rating (Excellent / Good / Needs Work / Failed)
Prioritized recommendations list with estimated fix time
Error Handling
Error
Cause
Solution
Plugin directory not found
Incorrect path or plugin does not exist
Verify the path matches plugins/[category]/[name]/ structure
plugin.json missing or invalid
File absent or malformed JSON
Create from template or fix JSON syntax with jq empty .claude-plugin/plugin.json
Marketplace entry missing
Plugin not yet added to catalog
Add entry to marketplace.extended.json and run pnpm run sync-marketplace
Version mismatch detected
plugin.json and marketplace.extended.json carry different versions
Update the stale file to match the authoritative version
Permission denied during scan
Restricted file access
Request read permissions on the plugin directory tree
Examples
Full audit before publishing:
Trigger: "Audit the security-scanner plugin."
Process: Run all eight audit categories against plugins/security/security-scanner/. Generate a comprehensive report with per-category scores. Report overall rating and prioritized fix list (see ${CLAUDE_SKILL_DIR}/references/examples.md).
Publish readiness check:
Trigger: "Is this plugin safe to publish?"
Process: Prioritize security audit (critical), then marketplace compliance and quality scoring. Produce a publish readiness assessment with pass/fail verdict.
Featured status review:
Trigger: "Quality review before featured status."
Process: Run full audit with elevated quality thresholds. Apply featured plugin requirements (higher documentation and test coverage standards). Recommend approve or reject.
Resources
${CLAUDE_SKILL_DIR}/references/audit-categories.md -- all eight audit categories with specific checks