SR
SKILLRADAR
AI Security • Benchmarking • Index
Menu
Trust Report v1

Plugin Settings

This skill should be used when the user asks about "plugin settings", "store plugin configuration", "user-configurable plugin", ".local.md files", "plugin state files", "read YAML frontmatter", "per-project plugin settings", or wants to make plugin behavior configurable. Document

Overall
74
Trust
62
Utility
78
Momentum
95

Install caution

Needs manual review

Risk: Medium

Source: Claude Code Plugin Skills

Path: plugins/plugin-dev/skills/plugin-settings/SKILL.md

Review flags: browser/session access, filesystem/home-directory access, shell command snippets. These are review signals, not definitive security judgments; inspect before installing.

Required permissions

  • Environment variables / secrets
  • Shell commands
  • Filesystem/home access
  • Browser/session access

Permissions are inferred from SKILL.md text only. They are review prompts, not guarantees about runtime behavior.

Risk flags explained

browser_or_session_accessmedium

Mentions browser automation, cookies, sessions, local storage, or browser state.

filesystem_write_or_home_accessmedium

Mentions filesystem writes, deletes, home-directory paths, or config/key locations.

shell_commandmedium

Contains shell command snippets. Review commands before copy/paste or agent execution.

Score explanation

Trust

  • Trust starts at 90 before review-signal penalties and metadata bonuses.
  • Risk-signal penalty: -33 from 3 detected flag(s).
  • Metadata bonus: +5 from author/version/description fields.

Utility

  • Utility starts at 55 and rewards clear descriptions, runnable examples, and explicit setup needs.
  • Description present: yes.
  • Command examples detected: 0.
  • Environment variables detected: 1.

Momentum

  • Momentum starts at 45 and uses public repo activity signals.
  • Recent commit activity: latest repo update was 0 day(s) ago.
  • Recent commit volume: 39 commit(s) in the lookback window (+20).
  • Source has strong public adoption: 133579 stars.
  • Fork activity suggests reuse: 21599 forks.

Overall

  • Overall score weights trust 45%, utility 35%, and momentum 20%.

Detected signals

Env vars

  • API

Commands

None detected in SKILL.md text scan.

URLs

None detected in SKILL.md text scan.

Provenance & evidence

SkillRadar makes each review traceable back to the exact source path, source blob SHA, scanner version, and text-only policy that produced the report.

source
github.com/anthropics/claude-code@main
path
plugins/plugin-dev/skills/plugin-settings/SKILL.md
source blob SHA
912a06e184c8e77553264adf7dbc57c817c02335
scanner version
0.3.0
security model
text_only_no_execute_no_install_no_secrets
scan policy
Fetched and scored as text only; no install, no execution, no runtime loading.

Evidence snippets

filesystem_write_or_home_access

…`bash # Escape quotes in user input SAFE_VALUE=$(echo "$USER_INPUT" | sed 's/"/\\"/g') # Write to file cat > "$STATE_FILE" <<EOF --- user_setting: "$SAFE_VALUE" --- EOF ``` ### Valida…

browser_or_session_access

…`claude` or `cc` 4. New settings will be loaded ``` Hooks cannot be hot-swapped within a session. ## Security Considerations ### Sanitize User Input When writing settings files from u…

shell_command

…Files ### From Hooks (Bash Scripts) **Pattern: Check existence and parse frontmatter** ```bash #!/bin/bash set -euo pipefail # Define state file path STATE_FILE=".claude/my-plugin.loc…

Watch this skill

Get alerted when this skill adds credential requirements, shell commands, external domains, remote installer patterns, or risk-level changes.

Join watchlist beta

Methodology note

SkillRadar scans SKILL.md as hostile text only. It does not execute commands, install packages, or load third-party skills.

View source SKILL.mdBack to changesView sources