[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"extension-plugin-wshobson-protect-mcp-ar":3,"guides-for-wshobson-protect-mcp":270,"similar-k173antev34n0d1ntkn4qm912x865qqc":271},{"_creationTime":4,"_id":5,"children":6,"community":7,"display":9,"evaluation":22,"identity":212,"isFallback":216,"parentExtension":217,"providers":252,"relations":256,"repo":257,"workflow":268},1778003443243.3267,"k173antev34n0d1ntkn4qm912x865qqc",[],{"reviewCount":8},0,{"description":10,"installMethods":11,"name":12,"sourceUrl":13,"tags":14},"Cedar policy enforcement + Ed25519 signed receipts for every Claude Code tool call. First cryptographic governance plugin — decisions are policy-gated before they run and every decision produces a tamper-evident receipt verifiable offline.",{},"protect-mcp","https://github.com/wshobson/agents/tree/HEAD/plugins/protect-mcp",[15,16,17,18,19,20,21],"security","governance","audit","policy","receipts","cedar","cli",{"_creationTime":23,"_id":24,"extensionId":5,"locale":25,"result":26,"trustSignals":201,"workflow":210},1778016883287.2285,"kn7dbmzge75jvz8kw1frv4ve85865f05","en",{"checks":27,"evaluatedAt":191,"extensionSummary":192,"promptVersionExtension":193,"promptVersionScoring":194,"rationale":195,"score":196,"summary":197,"tags":198,"targetMarket":199,"tier":200},[28,33,36,39,43,46,50,54,57,60,64,69,72,76,79,82,85,88,91,94,98,102,106,110,114,117,120,123,127,130,133,136,139,142,146,149,152,155,158,161,164,167,170,173,177,180,183,187],{"category":29,"check":30,"severity":31,"summary":32},"Practical Utility","Problem relevance","pass","The description clearly states the problem this plugin addresses: the need for cryptographic governance, policy enforcement, and verifiable receipts for AI tool calls.",{"category":29,"check":34,"severity":31,"summary":35},"Unique selling proposition","The plugin offers a unique cryptographic governance layer with Cedar policy enforcement and Ed25519 signed receipts, which goes beyond default LLM behavior and provides a significant value proposition for verifiable audit trails.",{"category":29,"check":37,"severity":31,"summary":38},"Production readiness","The plugin is production-ready, providing a complete lifecycle for policy enforcement, receipt generation, and offline verification, with clear setup and usage instructions.",{"category":40,"check":41,"severity":31,"summary":42},"Scope","Single responsibility principle","The plugin focuses on a single, coherent workflow: cryptographic governance for tool calls, encompassing policy enforcement and receipt generation.",{"category":40,"check":44,"severity":31,"summary":45},"Description quality","The description accurately and concisely reflects the plugin's functionality, highlighting its core features like Cedar policy enforcement and Ed25519 signed receipts.",{"category":47,"check":48,"severity":31,"summary":49},"Invocation","Scoped tools","The plugin exposes narrow, verb-noun tools like `/verify-receipt` and `/audit-chain` which are specific to its function.",{"category":51,"check":52,"severity":31,"summary":53},"Documentation","Configuration & parameter reference","All configuration options, including policy files, receipt directories, and signing keys, are clearly documented in the README and agent markdown files.",{"category":40,"check":55,"severity":31,"summary":56},"Tool naming","Tool names like `verify-receipt` and `audit-chain` are descriptive and follow kebab-case convention.",{"category":40,"check":58,"severity":31,"summary":59},"Minimal I/O surface","The plugin's commands accept specific arguments like file paths and options, and its hooks are designed to interact with tool inputs and outputs without exposing unnecessary internal details.",{"category":61,"check":62,"severity":31,"summary":63},"License","License usability","The extension is licensed under the MIT License, which is permissive and widely usable.",{"category":65,"check":66,"severity":67,"summary":68},"Maintenance","Commit recency","not_applicable","No commit data is available for evaluation.",{"category":65,"check":70,"severity":31,"summary":71},"Dependency Management","The plugin relies on npm packages which are standard for this type of tool. Testing scripts include logic to fetch dependencies. No explicit vulnerability checks are present, but the dependencies are standard CLI tools.",{"category":73,"check":74,"severity":31,"summary":75},"Security","Secret Management","The plugin handles secrets (signing keys) via file paths, which can be managed securely outside of committed files. The README also mentions `PROTECT_MCP_KEY` environment variable, offering flexible secret management.",{"category":73,"check":77,"severity":31,"summary":78},"Injection","The plugin uses `npx` to execute external commands, but these commands are specific CLI tools or scripts, and inputs are passed as arguments, minimizing injection risks. The test suite also includes checks for the integrity of signed data.",{"category":73,"check":80,"severity":31,"summary":81},"Transitive Supply-Chain Grenades","The plugin uses npm packages fetched via `npx`, which is a standard and generally safe way to include dependencies. The scripts do not appear to fetch remote code or data at runtime for execution.",{"category":73,"check":83,"severity":31,"summary":84},"Sandbox Isolation","The plugin's operations are confined to creating files in specified directories (`./receipts/`, `./protect.cedar`, `./protect-mcp.key`), which respects sandbox boundaries. The hooks are designed to operate within the Claude Code environment.",{"category":73,"check":86,"severity":31,"summary":87},"Sandbox escape primitives","No detached-process spawns or deny-retry loops were found in the hooks or scripts.",{"category":73,"check":89,"severity":31,"summary":90},"Data Exfiltration","The plugin's primary function is to create signed receipts and enforce policies, not to exfiltrate data. Outbound calls are limited to fetching npm packages, and the core functionality is offline.",{"category":73,"check":92,"severity":31,"summary":93},"Hidden Text Tricks","The bundled files do not contain any hidden text tricks, invisible Unicode characters, or other obfuscation methods that could steer the model.",{"category":95,"check":96,"severity":31,"summary":97},"Hooks","Opaque code execution","The hooks are implemented as calls to the `protect-mcp` CLI tool, which is distributed as an npm package. The source code for the CLI tool appears to be plain JavaScript and is not obfuscated.",{"category":99,"check":100,"severity":31,"summary":101},"Portability","Structural Assumption","The plugin makes reasonable assumptions about project structure, expecting policy files and receipts in common locations like `./protect.cedar` and `./receipts/`, which are configurable via environment variables or command-line arguments.",{"category":103,"check":104,"severity":67,"summary":105},"Trust","Issues Attention","No issue data available for evaluation.",{"category":107,"check":108,"severity":31,"summary":109},"Versioning","Release Management","The plugin declares a version (`0.1.0` in `plugin.json` and `0.5.5` in hook commands) and is available on npm, indicating versioning is managed.",{"category":111,"check":112,"severity":31,"summary":113},"Code Execution","Validation","The plugin's CLI commands and hooks rely on the underlying `npx protect-mcp` tool, which handles validation of inputs like policy files, tool names, and paths. The test suite also includes schema validation for receipts.",{"category":73,"check":115,"severity":31,"summary":116},"Unguarded Destructive Operations","The plugin itself does not perform destructive operations. It enforces policies that *can* prevent destructive operations (like `rm -rf`) via the Cedar policy, acting as a guard rather than performing destruction itself.",{"category":111,"check":118,"severity":31,"summary":119},"Error Handling","The `PreToolUse` hook is configured to exit with code 2 on policy denial, providing clear feedback. The `npx @veritasacta/verify` command provides structured exit codes for verification failures. The plugin appears to handle errors gracefully.",{"category":111,"check":121,"severity":31,"summary":122},"Logging","The plugin generates signed receipts to a specified directory (`./receipts/`), which serves as a form of audit logging for tool execution decisions.",{"category":124,"check":125,"severity":31,"summary":126},"Compliance","GDPR","The plugin does not appear to operate on personal data directly. Its function is policy enforcement and logging, not data processing that would typically fall under GDPR.",{"category":124,"check":128,"severity":31,"summary":129},"Target market","The plugin's focus on cryptographic governance and audit trails is generally applicable globally. There are no specific regional signals detected in the code or documentation.",{"category":99,"check":131,"severity":31,"summary":132},"Runtime stability","The plugin relies on standard Node.js tooling (`npx`) and common CLI commands, making it portable across POSIX-like environments. The hooks are designed to work within the Claude Code runtime.",{"category":40,"check":134,"severity":31,"summary":135},"Tool surface size","The plugin exposes a small number of user-facing commands (`/verify-receipt`, `/audit-chain`) and internal hooks, fitting within the recommended range.",{"category":47,"check":137,"severity":31,"summary":138},"Name collisions","The plugin's commands (`verify-receipt`, `audit-chain`) and internal hooks are distinct and do not appear to collide with Claude Code built-ins or other common commands.",{"category":47,"check":140,"severity":31,"summary":141},"Overlapping near-synonym tools","The plugin has distinct tools and hooks; there are no near-synonym tools for overlapping use cases.",{"category":47,"check":143,"severity":144,"summary":145},"Hooks-off mechanism","warning","There is no explicit documented 'hooks-off' mechanism provided by the plugin itself, requiring users to manually modify `.claude/settings.json` to disable hooks.",{"category":47,"check":147,"severity":31,"summary":148},"Hook matcher tightness","The hooks use a `matcher: '.*'` which applies to all tool calls. However, this is necessary for the plugin's core functionality of evaluating and signing every call, and the actual logic is gated by external policy files and CLI commands.",{"category":73,"check":150,"severity":31,"summary":151},"Hook security","The `PreToolUse` hook is designed to deny tool execution based on Cedar policies, preventing destructive actions. The `PostToolUse` hook signs receipts, which is not inherently destructive or network-touching in a malicious way. Disabling hooks would require manual configuration.",{"category":95,"check":153,"severity":67,"summary":154},"Silent prompt rewriting","The plugin does not have a `UserPromptSubmit` hook, so silent prompt rewriting is not applicable.",{"category":73,"check":156,"severity":67,"summary":157},"Permission Hook","The plugin does not implement a `PermissionRequest` hook.",{"category":124,"check":159,"severity":31,"summary":160},"Hook privacy","The plugin's hooks are designed for local operations (policy evaluation, signing) and do not send data to external services by default. Receipts are stored locally.",{"category":111,"check":162,"severity":31,"summary":163},"Hook dependency","The hooks are implemented as calls to the `protect-mcp` CLI tool, which is a single npm package, keeping dependencies straightforward and readable.",{"category":51,"check":165,"severity":31,"summary":166},"Install / Setup Instructions","The README provides clear, step-by-step instructions for installation, hook configuration, and initial setup, including example Cedar policies.",{"category":51,"check":168,"severity":31,"summary":169},"Feature Transparency","The README clearly documents the plugin's core features, including Cedar policy enforcement and Ed25519 signed receipts, as well as the purpose of the hooks and commands.",{"category":51,"check":171,"severity":31,"summary":172},"Phantom features","All features described in the README (policy enforcement, receipt signing, verification) have corresponding implementations in the code and hooks.",{"category":174,"check":175,"severity":31,"summary":176},"Convention","Layout convention adherence","The plugin structure follows expected conventions, with hooks defined in `hooks/hooks.json` and CLI commands documented in their respective `.md` files.",{"category":174,"check":178,"severity":31,"summary":179},"Plugin state","The plugin directs state (receipts, keys, policies) to be stored in project-relative directories (`./receipts/`, `./protect.cedar`, `./protect-mcp.key`), which aligns with good practices for persistent state that can be managed by uninstall or kept with `--keep-data` semantics.",{"category":73,"check":181,"severity":31,"summary":182},"Keychain-stored secrets","Secrets like signing keys are managed via file paths or environment variables, which is generally secure. The plugin does not appear to store secrets in `settings.json`.",{"category":184,"check":185,"severity":31,"summary":186},"Dependencies","Tagged release sourcing","The plugin uses `npx protect-mcp@0.5.5` and `@veritasacta/verify@0.3.0`, which indicates reliance on tagged releases from npm.",{"category":188,"check":189,"severity":31,"summary":190},"Installation","Clean uninstall","The plugin's operations are confined to creating files in project directories and does not install background daemons or services, allowing for a clean uninstall by removing the plugin and its associated files.",1778016813862,"The protect-mcp plugin integrates Cedar policy enforcement and Ed25519 signed receipts for every Claude Code tool call. It provides commands for verifying receipts and auditing chains, ensuring tamper-evident, offline-verifiable audit trails for development and compliance.","2.0.0","3.4.0","The plugin provides a robust and well-implemented solution for cryptographic governance, with strong security practices, clear documentation, and a focused scope. The only minor point is the lack of a direct 'hooks-off' toggle, requiring manual configuration.",96,"This plugin offers robust cryptographic governance for Claude Code tool calls, enforcing policies with Cedar and generating verifiable Ed25519 signed receipts.",[15,16,17,18,19,20,21],"global","verified",{"codeQuality":202,"collectedAt":203,"documentation":204,"maintenance":206,"security":207,"testCoverage":209},{},1778016800369,{"descriptionLength":205,"readmeSize":8},239,{},{"hasNpmPackage":208,"smitheryVerified":208},false,{"hasCi":208,"hasTests":208},{"updatedAt":211},1778016883287,{"githubOwner":213,"githubRepo":214,"locale":25,"slug":12,"type":215},"wshobson","agents","plugin",true,{"_creationTime":218,"_id":219,"community":220,"display":221,"identity":233,"parentExtension":236,"providers":237,"relations":245,"workflow":247},1778003443243.2886,"k175qypm0s8m8k6a0fkxpxfj1n865ax9",{"reviewCount":8},{"description":222,"installMethods":223,"name":224,"sourceUrl":225,"tags":226},"Production-ready workflow orchestration with 79 focused plugins, 184 specialized agents, and 150 skills - optimized for granular installation and minimal token usage",{},"Claude Code Plugins: Orchestration and Automation","https://github.com/wshobson/agents",[227,228,229,230,231,232],"workflow-orchestration","ai-agents","plugins","development-tools","automation","developer-experience",{"githubOwner":213,"githubRepo":214,"locale":25,"slug":234,"type":235},"claude-code-workflows","marketplace",null,{"extract":238,"smithery":244},{"commitSha":239,"license":240,"marketplace":241},"ece811f23310a37ceb43496dbac0e244fe6845b6","MIT",{"name":234,"pluginCount":242,"version":243},81,"1.6.0",{"qualityScore":8,"totalActivations":8,"uniqueUsers":8,"useCount":8,"verified":208},{"repoId":246},"kd72tes1veaz04ac7p0d68ya4h8650m7",{"anyEnrichmentAt":248,"extractAt":249,"githubAt":250,"invalidatedAt":248,"llmAt":251,"smitheryAt":248,"updatedAt":248},1778016735335,1778003520097,1778003532786,1778016730286,{"extract":253,"llm":254,"smithery":255},{"commitSha":239,"license":240},{"promptVersionExtension":193,"promptVersionScoring":194,"score":196,"targetMarket":199,"tier":200},{"qualityScore":8,"totalActivations":8,"uniqueUsers":8,"useCount":8,"verified":208},{"parentExtensionId":219,"repoId":246},{"_creationTime":258,"_id":246,"identity":259,"providers":260,"workflow":266},1777995558409.8196,{"githubOwner":213,"githubRepo":214,"sourceUrl":225},{"discover":261},{"sources":262},[263,264,265],"skills-sh","smithery","vskill",{"discoverAt":267,"extractAt":249,"updatedAt":249},1777995558409,{"anyEnrichmentAt":269,"extractAt":249,"githubAt":250,"llmAt":211,"smitheryAt":269,"updatedAt":211},1778016861516,[],[272,294,329,361],{"_creationTime":273,"_id":274,"community":275,"display":276,"identity":285,"providers":287,"relations":292,"workflow":293},1778003443243.3276,"k1799mce4k5xggmr7am617fws9865mdp",{"reviewCount":8},{"description":277,"installMethods":278,"name":279,"sourceUrl":280,"tags":281},"Require a human approval signal before an AI agent can post PR reviews, comments, merges, or writes to CI configuration. Joins protect-mcp and signed-audit-trails in the governance category; composes with protect-mcp for runtime enforcement.",{},"Review Agent Governance","https://github.com/wshobson/agents/tree/HEAD/plugins/review-agent-governance",[16,15,282,283,20,284],"auditing","mcp","hooks",{"githubOwner":213,"githubRepo":214,"locale":25,"slug":286,"type":215},"review-agent-governance",{"extract":288,"llm":289,"smithery":291},{"commitSha":239,"license":240},{"promptVersionExtension":193,"promptVersionScoring":194,"score":290,"targetMarket":199,"tier":200},95,{"qualityScore":8,"totalActivations":8,"uniqueUsers":8,"useCount":8,"verified":208},{"parentExtensionId":219,"repoId":246},{"anyEnrichmentAt":269,"extractAt":249,"githubAt":250,"llmAt":211,"smitheryAt":269,"updatedAt":211},{"_creationTime":295,"_id":296,"community":297,"display":298,"identity":312,"providers":315,"relations":321,"workflow":324},1777995627391.5356,"k177z2t3rfgaw0zrb7qprpnndh864r09",{"reviewCount":8},{"description":299,"installMethods":300,"name":301,"sourceUrl":302,"tags":303},"Data observability plugin - health monitoring, alerts, schema drift, freshness tracking",{},"AnomalyArmor Agents","https://github.com/anomalyarmor/agents",[304,283,305,306,307,308,309,310,15,311],"data-observability","python","alerts","freshness","schema-drift","data-quality","monitoring","pipeline",{"githubOwner":313,"githubRepo":214,"locale":25,"slug":314,"type":215},"anomalyarmor","armor",{"extract":316,"llm":318,"smithery":320},{"commitSha":317},"7c56d4a0fc8feccdfa8e85cc11ff1010b18c3a89",{"promptVersionExtension":193,"promptVersionScoring":194,"score":319,"targetMarket":199,"tier":200},99,{"qualityScore":8,"totalActivations":8,"uniqueUsers":8,"useCount":8,"verified":208},{"parentExtensionId":322,"repoId":323},"k173vznv6dcx28h1c568068tnx864f8n","kd7966c5zsgty1d4tqde2rgz1n8658b1",{"anyEnrichmentAt":325,"extractAt":326,"githubAt":327,"llmAt":328,"smitheryAt":325,"updatedAt":328},1777995723550,1777995627391,1777995627861,1777995897177,{"_creationTime":330,"_id":331,"community":332,"display":333,"identity":343,"providers":347,"relations":353,"workflow":356},1778054452948.4272,"k179khyq4dvq0ytvdcepec984d8666wk",{"reviewCount":8},{"description":334,"name":335,"sourceUrl":336,"tags":337},"Comprehensive toolkit for developing Claude Code plugins. Includes 7 expert skills covering hooks, MCP integration, commands, agents, and best practices. AI-assisted plugin creation and validation.","Plugin Development Toolkit","https://github.com/anthropics/claude-plugins-official/tree/HEAD/plugins/plugin-dev",[338,339,284,214,340,283,21,231,341,342],"development","plugin-creation","skills","guidance","best-practices",{"githubOwner":344,"githubRepo":345,"locale":25,"slug":346,"type":215},"anthropics","claude-plugins-official","plugin-dev",{"extract":348,"llm":351,"smithery":352},{"commitSha":349,"license":350},"06f52cd3ac3e47ecb45228a86183ea2a86e9d6ff","Apache-2.0",{"promptVersionExtension":193,"promptVersionScoring":194,"score":319,"targetMarket":199,"tier":200},{"qualityScore":8,"totalActivations":8,"uniqueUsers":8,"useCount":8,"verified":208},{"parentExtensionId":354,"repoId":355},"k171b9714j6pgfxqht22y94q4x866sck","kd798hf3w99qz2xt1fqtgq7gf9865e31",{"anyEnrichmentAt":357,"extractAt":358,"githubAt":359,"llmAt":360,"smitheryAt":357,"updatedAt":360},1778054509977,1778054452948,1778054454391,1778054703946,{"_creationTime":362,"_id":363,"community":364,"display":365,"identity":374,"providers":376,"relations":381,"workflow":382},1778054452948.4253,"k1767a8yk98h8qcz0rkh7t64an867zws",{"reviewCount":8},{"description":366,"installMethods":367,"name":368,"sourceUrl":369,"tags":370},"Skills for designing and building MCP servers that work seamlessly with Claude. Guides you through deployment models (remote HTTP, MCPB, local), tool design patterns, auth, and interactive MCP apps.",{},"MCP Server Development Suite","https://github.com/anthropics/claude-plugins-official/tree/HEAD/plugins/mcp-server-dev",[283,371,338,372,305,373,15,215],"server","typescript","documentation",{"githubOwner":344,"githubRepo":345,"locale":25,"slug":375,"type":215},"mcp-server-dev",{"extract":377,"llm":378,"smithery":380},{"commitSha":349,"license":350},{"promptVersionExtension":193,"promptVersionScoring":194,"score":379,"targetMarket":199,"tier":200},98,{"qualityScore":8,"totalActivations":8,"uniqueUsers":8,"useCount":8,"verified":208},{"parentExtensionId":354,"repoId":355},{"anyEnrichmentAt":357,"extractAt":358,"githubAt":359,"llmAt":360,"smitheryAt":357,"updatedAt":360}]