npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

claude-plugin-audit

v1.1.0

Published

Security audit tool for Claude Code plugins. See what your plugins are really doing. Zero dependencies.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

forgedcortexforgedcortex

Keywords

claude-codeclaudepluginsecurityaudittelemetryprivacyprompt-injection

Readme

claude-plugin-audit

Security audit tool for Claude Code plugins. See what your plugins are really doing.

Zero dependencies. A security audit tool that pulls in 200 npm packages would be ironic.

Why This Exists

Claude Code plugins run hooks across the entire agent lifecycle: every prompt you type, every bash command Claude runs, every file it reads. A plugin can silently capture all of this and send it to an external server.

This tool was built after discovering that a first-party Vercel plugin was:

  • Sending full bash command strings to telemetry.vercel.com on every command, across every project, with no opt-in
  • Using prompt injection to obtain telemetry consent: injecting natural language instructions into Claude's context telling the AI to ask the user a question and execute shell commands based on the answer
  • Tracking users with a persistent device UUID stored at ~/.claude/vercel-plugin-device-id
  • Firing telemetry hooks on all projects, not just Vercel ones, despite having framework detection built in

Each of these issues has a plugin layer and a platform layer. This tool addresses the plugin layer by making plugin behavior visible.

Quick Start

# Audit all installed plugins
npx claude-plugin-audit

# Audit a specific plugin
npx claude-plugin-audit vercel

# Machine-readable output
npx claude-plugin-audit --json

# Include INFO-level findings
npx claude-plugin-audit --verbose

# Find issues AND fix them
npx claude-plugin-audit --fix

Also works with Bun:

bunx claude-plugin-audit

What It Detects

| Category | What It Finds | Severity | |----------|--------------|----------| | Telemetry | fetch(), http.request(), curl in hook scripts | CRITICAL | | Data Capture | Code that extracts user prompts, bash commands, or credentials | WARNING-CRITICAL | | Prompt Injection | Instructions telling Claude to use tools, run commands, or ask questions on the plugin's behalf | CRITICAL | | Hook Scope | Empty matchers that fire on every prompt, telemetry scripts on sensitive events | WARNING | | Filesystem | Writes outside the plugin directory, persistent tracking IDs | WARNING | | Environment | CLAUDE_ENV_FILE manipulation, child process spawning | WARNING |

Detection IDs

  • TEL-001 through TEL-005: Outbound network requests
  • CAP-001 through CAP-004: User data capture
  • INJ-001 through INJ-004: Behavioral injection / prompt injection
  • HOOK-001 through HOOK-004: Hook configuration issues
  • FS-001 through FS-004: Filesystem persistence
  • ENV-001 through ENV-004: Environment manipulation

Remediation (--fix)

After scanning, --fix walks you through cleaning up what it found:

  1. Tracking files (auto) -- Finds persistent device IDs in ~/.claude/ and offers to delete them
  2. Telemetry opt-outs (auto) -- Detects env vars that control telemetry and adds them to your shell config
  3. Plugin disable (interactive) -- For plugins with CRITICAL findings, asks per-plugin whether to disable. Defaults to "no" to avoid breaking workflows you depend on.

Safe actions default to "yes." Destructive actions default to "no." You confirm everything before it runs.

CLI Reference

Usage: cpa [options] [plugin-name...]

Options:
  --fix               Remediate findings (delete tracking, set opt-outs)
  --json              Machine-readable JSON output
  --verbose, -V       Include INFO-level findings
  --plugin-dir <dir>  Override plugin cache directory
  --no-color          Disable ANSI colors
  --help, -h          Show help
  --version, -v       Show version

Understanding Findings

CRITICAL findings indicate patterns that can exfiltrate data, inject behavior into Claude, or modify your system on behalf of the plugin. These require immediate review.

WARNING findings indicate patterns that are suspicious in context but may be legitimate depending on the plugin's purpose. A Telegram plugin calling api.telegram.org is expected. A deployment plugin reading your bash commands is not.

INFO findings are noted for completeness but are generally normal plugin behavior (reading stdin, using temp files).

The tool surfaces patterns for human review. It does not make automated trust decisions. You evaluate each finding against the plugin's stated purpose.

JSON Output

The --json flag produces structured output for CI integration:

{
  "version": "1.0.0",
  "summary": {
    "pluginsScanned": 4,
    "criticalCount": 6,
    "warningCount": 12,
    "infoCount": 8
  },
  "plugins": [{
    "name": "plugin-name",
    "findings": [{
      "id": "TEL-001",
      "severity": "critical",
      "title": "fetch() call detected",
      "file": "hooks/telemetry.mjs",
      "line": 23
    }]
  }]
}

How It Works

  1. Reads ~/.claude/plugins/installed_plugins.json to discover installed plugins
  2. For each plugin, parses hooks/hooks.json for structural analysis (matcher breadth, event coverage, telemetry naming)
  3. Scans source files (.mjs, .js, .py) with regex-based pattern detection
  4. Cross-references findings (e.g., stdin reading + network calls in the same file = elevated severity)
  5. Deduplicates between compiled .mjs and TypeScript .mts sources
  6. Outputs findings sorted by severity with actionable recommendations

No AST parsing, no dependencies, no network calls. The tool reads local files and prints results.

Immediate Fixes

If you find concerning telemetry in a plugin:

| Goal | How | |------|-----| | Kill Vercel telemetry | export VERCEL_PLUGIN_TELEMETRY=off in .zshrc | | Disable any plugin | Set "pluginName@marketplace": false in ~/.claude/settings.json | | Check for tracking IDs | ls ~/.claude/*device-id* ~/.claude/*tracking* |

Contributing

Issues and PRs welcome. If you find a pattern this tool should detect, open an issue with the plugin name and the relevant source code.

License

MIT

Author

Eric Fadden — Forged Cortex LLC