Skip to content

gebl/claude-plugins

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

82 Commits
.claude-plugin
.claude-plugin
 
 
docs/plans
docs/plans
 
 
plugins
plugins
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
ruff.toml
ruff.toml
 
 
sources.json
sources.json
 
 

Repository files navigation

Anvil Claude Code Plugin Marketplace

Plugin marketplace for Claude Code, hosted on github/forgejo to integrate with claud code and cowork.

Available Plugins

Plugin Description Author Source
ask-questions-if-underspecified Clarify ambiguous requirements by asking questions before implementing Kevin Valerio trailofbits/skills
avoid-ai-writing Audit and rewrite content to remove AI writing patterns ("AI-isms") Conor Bronsdon conorbronsdon/avoid-ai-writing
careful Safety guardrail that intercepts destructive bash commands (rm -rf, DROP TABLE, force push) Garry Tan garrytan/gstack
devcontainer-setup Create pre-configured devcontainers with Claude Code and language-specific tooling Alexis Challande trailofbits/skills
differential-review Security-focused differential review of code changes with blast radius estimation Omar Inuwa trailofbits/skills
file-organizer Intelligently organizes files and folders — finds duplicates, suggests structures, automates cleanup ComposioHQ ComposioHQ/awesome-claude-skills
git-cleanup Safely analyzes and cleans up local git branches and worktrees Henrik Brodin trailofbits/skills
grill-me Stress-test a plan or design through relentless questioning Matt Pocock mattpocock/skills
insecure-defaults Detects insecure default configurations (hardcoded creds, weak auth, etc.) Trail of Bits trailofbits/skills
investigate Systematic root-cause debugging — enforces evidence gathering before touching code Garry Tan garrytan/gstack
modern-python Modern Python best practices with uv, ruff, and ty William Tan trailofbits/skills
office-hours Brainstorming and design planning with startup validation and builder modes Garry Tan garrytan/gstack
review Pre-landing PR review for structural issues, race conditions, and scope drift Garry Tan garrytan/gstack
semgrep-rule-creator Create custom Semgrep rules for detecting bugs and security vulnerabilities Maciej Domanski trailofbits/skills
ship Automates pre-merge: tests, review, version bump, changelog, PR creation Garry Tan garrytan/gstack
taskmanager-agent Backend-agnostic task management agent (Linear, etc.) with worktree-based execution Anvil Internal
variant-analysis Find similar vulnerabilities across codebases using pattern-based analysis Axel Mierczuk trailofbits/skills
workflow-skill-design Design patterns and review agent for workflow-based Claude Code skills Benjamin Samuels trailofbits/skills
yt-transcript Fetch YouTube video transcripts and save as Markdown Anvil Internal

Setup

Add the marketplace to Claude Code:

/plugin marketplace add git@<HOSTNAME>:Anvil/claude-plugins.git

Browse and install plugins with /plugin.

Optional: Install semgrep for automatic security scanning during imports:

uv tool install semgrep

Adding Plugins

All imports are automatically scanned with semgrep before anything is written to disk. If findings are detected, the import is blocked. Use --dry-run to validate without modifying files, or --skip-scan to bypass the scan.

From an upstream plugin repo

Fetches the plugin, scans it with semgrep, copies it into plugins/, and registers it in both marketplace.json and sources.json:

uv run scripts/sync-check.py --add \
  --repo https://github.com/org/repo.git \
  --path plugins/plugin-name

The plugin name is inferred from --path (here: plugin-name). Use --name to override. Then commit and push.

From a raw skill repo

For repos with standalone SKILL.md files without plugin packaging (e.g., ComposioHQ/awesome-claude-skills). This auto-generates the plugin wrapper, copies all files, and registers everything:

uv run scripts/sync-check.py --import-skill \
  --repo https://github.com/org/repo.git \
  --path skill-name

Use --force if the SKILL.md frontmatter is malformed or missing required fields.

Creating your own plugin

  1. Create the directory structure:
mkdir -p plugins/my-plugin/.claude-plugin
mkdir -p plugins/my-plugin/skills/my-skill
  1. Add plugins/my-plugin/.claude-plugin/plugin.json:
{
  "name": "my-plugin",
  "version": "1.0.0",
  "description": "What it does"
}

  1. Add skills, agents, commands, or hooks under the plugin directory.

  2. Register in .claude-plugin/marketplace.json and commit.

Locally-authored plugins don't need a sources.json entry — that's only for upstream forks.

External repos

Plugins don't have to live in this monorepo. Use a git URL in marketplace.json:

{
  "name": "external-plugin",
  "source": {
    "source": "url",
    "url": "https://<HOSTNAME>/Anvil/standalone-plugin.git"
  }
}

Upstream Sync

Check if upstream repos have new changes:

uv run scripts/sync-check.py                # All tracked plugins
uv run scripts/sync-check.py --plugin NAME   # One plugin
uv run scripts/sync-check.py --diff          # Include full diffs
Status Meaning Action
up-to-date No changes Nothing to do
upstream-changed Upstream has new commits Safe to pull
local-modified Local changes only Upstream unchanged
both-changed Both sides diverged Manual merge needed

After merging upstream changes, update the baseline:

uv run scripts/sync-check.py --mark-synced --plugin NAME

Verification Workflow

Imported plugins start unverified. The recommended workflow:

1. --pending        List what needs review
2. --scan           Run semgrep on unverified plugins
3. Review code      Read the findings and source
4. --mark-verified  Mark as reviewed

# List unverified plugins (rescans for executable code)
uv run scripts/sync-check.py --pending

# Run semgrep security scan (auto + p/secrets + p/trailofbits rulesets)
uv run scripts/sync-check.py --scan
uv run scripts/sync-check.py --scan --plugin NAME

# Mark as reviewed after inspection
uv run scripts/sync-check.py --mark-verified --plugin NAME

Repository Structure

claude-plugins/
├── .claude-plugin/
│   └── marketplace.json      # Plugin registry (what Claude Code reads)
├── sources.json               # Upstream provenance tracking
├── ruff.toml                  # Linter config for scripts/
├── scripts/
│   └── sync-check.py          # Plugin management CLI
├── docs/plans/                 # Design documents
└── plugins/
    └── <plugin-name>/
        ├── .claude-plugin/
        │   └── plugin.json
        ├── skills/
        ├── agents/
        ├── commands/
        └── hooks/

Quick Reference

# Importing (name inferred from --path, override with --name)
uv run scripts/sync-check.py --add --repo URL --path P          # Fetch upstream plugin
uv run scripts/sync-check.py --import-skill --repo URL --path P  # Import raw skill
#   Add --dry-run to validate without modifying files
#   Add --skip-scan to bypass semgrep gate
#   Add --force to ignore malformed SKILL.md frontmatter

# Sync checking
uv run scripts/sync-check.py                              # Check all
uv run scripts/sync-check.py --diff --plugin NAME         # Full diff for one
uv run scripts/sync-check.py --mark-synced --plugin NAME  # Record sync

# Verification
uv run scripts/sync-check.py --pending                     # List unverified
uv run scripts/sync-check.py --scan                        # Semgrep scan unverified
uv run scripts/sync-check.py --mark-verified --plugin NAME  # Approve after review

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages