plugin-validator
Validate automatically validates AI assistant code plugin structure, schemas, and compliance when user mentions validate plugin, check plugin, or plugin errors. runs comprehensive validation specific to AI assistant-code-plugins repository standards. Use when validating configurations or code. Trigger with phrases like 'validate', 'check', or 'verify'.
Best use case
plugin-validator is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Validate automatically validates AI assistant code plugin structure, schemas, and compliance when user mentions validate plugin, check plugin, or plugin errors. runs comprehensive validation specific to AI assistant-code-plugins repository standards. Use when validating configurations or code. Trigger with phrases like 'validate', 'check', or 'verify'.
Teams using plugin-validator should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/plugin-validator/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How plugin-validator Compares
| Feature / Agent | plugin-validator | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Validate automatically validates AI assistant code plugin structure, schemas, and compliance when user mentions validate plugin, check plugin, or plugin errors. runs comprehensive validation specific to AI assistant-code-plugins repository standards. Use when validating configurations or code. Trigger with phrases like 'validate', 'check', or 'verify'.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Plugin Validator
## Overview
Validates Claude Code plugin structure, JSON schemas, frontmatter format, security compliance, and marketplace catalog consistency. Runs the same checks as the CI pipeline to catch issues before committing.
## Prerequisites
- Read access to the target plugin directory and repository-level `.claude-plugin/marketplace.extended.json`
- `jq` installed for JSON validation (`jq empty <file>`)
- `grep` and `find` available on PATH for pattern scanning
- `./scripts/validate-all-plugins.sh` available at the repository root
## Instructions
1. Identify the target plugin path from context or user request. Default to the current working directory if the path contains a `.claude-plugin/` subdirectory.
2. Validate required files exist (see `${CLAUDE_SKILL_DIR}/references/validation-checks.md`):
- `.claude-plugin/plugin.json` present and valid JSON.
- `README.md` present and non-empty.
- `LICENSE` file present.
- At least one component directory exists (`commands/`, `agents/`, `skills/`, `hooks/`, or `mcp/`).
3. Validate `plugin.json` schema:
- Confirm all required fields: `name` (kebab-case), `version` (semver `x.y.z`), `description`, `author.name`, `author.email`, `license`, `keywords` (array, minimum 2).
- Reject any fields not in the allowed set (`name`, `version`, `description`, `author`, `repository`, `homepage`, `license`, `keywords`).
4. Validate frontmatter in all component files:
- **Commands** (`commands/*.md`): require `name`, `description`, `model` (one of `sonnet`, `opus`, `haiku`).
- **Agents** (`agents/*.md`): require `name`, `description`, `model`.
- **Skills** (`skills/*/SKILL.md`): require `name`, `description`; `allowed-tools` optional but validated against the allowed tools list if present.
5. Validate directory structure matches the expected hierarchy (see `${CLAUDE_SKILL_DIR}/references/validation-checks.md` for the complete structure diagram).
6. Check script permissions: find all `.sh` files and verify they have execute permission. Report any that lack it with a fix command.
7. Run security scans: search for hardcoded secrets, AWS keys, private keys, dangerous commands, and suspicious URLs.
8. Validate marketplace compliance:
- Confirm the plugin has an entry in `marketplace.extended.json`.
- Verify version, name, category, and source path match between `plugin.json` and the catalog entry.
- Check for duplicate plugin names.
9. Validate README content: confirm it contains installation, usage, and description sections.
10. Check hook path variables: verify hooks use `${CLAUDE_PLUGIN_ROOT}` instead of hardcoded absolute paths (`/home/`, `/Users/`).
11. Compile results into a validation report following the format in `${CLAUDE_SKILL_DIR}/references/validation-report-format.md`.
## Output
A structured validation report containing:
- Total checks passed and failed (e.g., "8/10 PASSED")
- Per-check results with pass/fail status
- For each failure: the specific issue, file location, and a ready-to-run fix command
- Warnings for non-critical issues (e.g., missing optional README sections)
- Overall verdict: PASSED or FAILED with critical issue count
## Error Handling
| Error | Cause | Solution |
|---|---|---|
| Plugin directory not found | Incorrect path provided | Verify path matches `plugins/[category]/[name]/` and the directory exists |
| `jq` parse error on JSON | Malformed JSON in `plugin.json` or catalog | Run `jq empty <file>` to locate the syntax error line |
| Frontmatter parse failure | Missing `---` delimiters or invalid YAML | Ensure YAML frontmatter is enclosed in `---` lines with valid key-value pairs |
| Version mismatch | `plugin.json` and `marketplace.extended.json` carry different versions | Update the stale version to match; run `pnpm run sync-marketplace` |
| Scripts not executable | `.sh` files missing execute permission | Run `chmod +x <script>` for each flagged file |
| Disallowed fields in plugin.json | Extra fields beyond the allowed set | Remove disallowed fields; only `name`, `version`, `description`, `author`, `repository`, `homepage`, `license`, `keywords` are permitted |
## Examples
**Validate a specific plugin:**
Trigger: "Validate the skills-powerkit plugin."
Process: Run all 10 validation checks against `plugins/community/skills-powerkit/`. Identify 2 failures (script permissions, version mismatch). Provide fix commands: `chmod +x scripts/*.sh` and version update instruction. Report overall: FAILED (see `${CLAUDE_SKILL_DIR}/references/examples.md`).
**Pre-commit readiness check:**
Trigger: "Check if my plugin is ready to commit."
Process: Detect the plugin from working directory context. Run comprehensive validation including marketplace compliance. Report PASSED or list blocking issues with fixes.
**Debug CI failures:**
Trigger: "Why is my plugin failing CI?"
Process: Run the same validation checks that CI executes (`validate-all-plugins.sh`). Identify the exact failure (e.g., disallowed field in `plugin.json`). Provide the fix command and verify the fix resolves the issue.
## Resources
- `${CLAUDE_SKILL_DIR}/references/validation-checks.md` -- complete list of all 10 validation categories with specific checks
- `${CLAUDE_SKILL_DIR}/references/validation-report-format.md` -- report template with pass/fail formatting
- `${CLAUDE_SKILL_DIR}/references/examples.md` -- validation scenario walkthroughs
- `${CLAUDE_SKILL_DIR}/references/errors.md` -- error handling patternsRelated Skills
yaml-config-validator
Yaml Config Validator - Auto-activating skill for DevOps Basics. Triggers on: yaml config validator, yaml config validator Part of the DevOps Basics skill category.
webhook-signature-validator
Webhook Signature Validator - Auto-activating skill for API Integration. Triggers on: webhook signature validator, webhook signature validator Part of the API Integration skill category.
validator-expert
Validate production readiness of Vertex AI Agent Engine deployments across security, monitoring, performance, compliance, and best practices. Generates weighted scores (0-100%) with actionable remediation plans. Use when asked to validate a deployment, run a production readiness check, audit security posture, or verify compliance for Vertex AI agents. Trigger with "validate deployment", "production readiness", "security audit", "compliance check", "is this agent ready for prod", "check my ADK agent", "review before deploy", or "production readiness check". Make sure to use this skill whenever validating ADK agents for Agent Engine.
schema-validator
Schema Validator - Auto-activating skill for Data Pipelines. Triggers on: schema validator, schema validator Part of the Data Pipelines skill category.
request-validator-generator
Request Validator Generator - Auto-activating skill for Backend Development. Triggers on: request validator generator, request validator generator Part of the Backend Development skill category.
request-body-validator
Request Body Validator - Auto-activating skill for API Development. Triggers on: request body validator, request body validator Part of the API Development skill category.
plugin-creator
Create automatically creates new AI assistant code plugins with proper structure, validation, and marketplace integration when user mentions creating a plugin, new plugin, or plugin from template. specific to AI assistant-code-plugins repository workflow. Use when generating or creating new content. Trigger with phrases like 'generate', 'create', or 'scaffold'.
plugin-auditor
Audit automatically audits AI assistant code plugins for security vulnerabilities, best practices, AI assistant.md compliance, and quality standards when user mentions audit plugin, security review, or best practices check. specific to AI assistant-code-plugins repositor... Use when assessing security or running audits. Trigger with phrases like 'security scan', 'audit', or 'vulnerability'.
jwt-token-validator
Jwt Token Validator - Auto-activating skill for Security Fundamentals. Triggers on: jwt token validator, jwt token validator Part of the Security Fundamentals skill category.
gh-actions-validator
Automatically validates and enforces GitHub Actions best practices for Vertex AI and Google Cloud deployments. Expert in Workload Identity Federation (WIF), Vertex AI Agent Engine deployment pipelines, security validation, and CI/CD automation. Triggers: "create github actions", "deploy vertex ai", "setup wif", "validate github workflow", "gcp deployment pipeline"
fastify-plugin-creator
Fastify Plugin Creator - Auto-activating skill for Backend Development. Triggers on: fastify plugin creator, fastify plugin creator Part of the Backend Development skill category.
bearer-token-validator
Bearer Token Validator - Auto-activating skill for API Development. Triggers on: bearer token validator, bearer token validator Part of the API Development skill category.