원클릭으로
analyzing-claude-plugin
analyzing-claude-plugin에는 kazukinagata에서 수집한 skills 47개가 있으며, 저장소 수준 직업 범위와 사이트 내 skill 상세 페이지를 제공합니다.
이 저장소의 skills
Mac Cowork で、plugin-level SessionStart hook(host 側)から $CLAUDE_PLUGIN_DATA に書いた値が「別の chat session を跨いで」残るかを検証する probe。書き込み&読み戻しは hook(persist.sh)側で行い、その結果は SessionStart の stdout として context に出る。この skill body は対比用に「VM Bash 側から DATA が見えるか/hook が書いたファイルを読めるか」を確認する。
Surfaces UPE_PROBE_* marker lines to test whether the plugin-level UserPromptExpansion hook fires on Cowork. Invoking this skill via slash is itself the trigger; compares against UserPromptSubmit and SessionStart controls.
Triggers the plugin-level PreToolUse hooks by running a sentinel bash command, to test (via session export) whether Cowork runs PreToolUse hook commands through cmd.exe or a POSIX shell, and whether the inline block pattern actually blocks the bash tool.
Surfaces the EXEC_* marker lines emitted by the plugin-level SessionStart hooks, which run hook commands in EXEC FORM (args present). Used to test whether exec form resolves ${CLAUDE_PLUGIN_ROOT} to a real path and exports it as an env var on Cowork, where shell form (§2.1/§2.2) failed both.
Shows what skill-body CLAUDE_PLUGIN_ROOT and friends substitute to on Mac Cowork, whether the VM Bash tool can use that path, and whether the Read tool can read a bundled file at that host path.
Proves whether a skill frontmatter PreToolUse Bash hook fires on Cowork by emitting only a block decision (no echo). A marked bash should be blocked even though no frontmatter stdout surfaces.
Surfaces the MP_DA_* marker lines emitted by the plugin-level SessionStart hooks, used to disambiguate between (a) shell-bypass and (b) bash -c with $-escape models of Cowork hook execution.
Surfaces the MP_SCRIPT_* marker lines that the plugin-level SessionStart hooks emitted, to determine whether ${CLAUDE_PLUGIN_ROOT}/hooks/marker.sh actually launched in each command-form variant on the current install path.
Attempts four bash commands each tagged for a different PreToolUse block method, to see which block methods are honored on CLI vs Cowork.
Surfaces which of the five SessionStart hook variants (V1-V5) made it into context, to isolate the hook command form that silently fails to surface on Cowork.
Reads ENVFILE_MARKER set via CLAUDE_ENV_FILE by the SessionStart hook, and surfaces diagnostic markers, to test whether the env-file mechanism reaches the Bash tool on Cowork and whether multi-statement hooks surface.
Dumps the four userConfig combinations (sensitive/non-sensitive x required/optional) from skill body and reports plugin-level hook output, to test userConfig UI presence and runtime resolution on CLI vs Cowork.
Reads the /tmp canary written by the plugin-level SessionStart hook, to test whether the hook (host) and the Bash tool (VM) share a filesystem.
Frontmatter hook writes bare vs single-quoted CLAUDE_PLUGIN_ROOT and CLAUDE_PROJECT_DIR to a log, to separate shell expansion from pre-substitution at the frontmatter tier.
Surfaces the PRESUB marker lines that the plugin-level SessionStart hooks injected, so whether CLAUDE_PLUGIN_ROOT pre-substitution runs at the top level can be read off.
Surfaces the EXP_ marker lines that the plugin-level SessionStart hooks injected, so the top-level vs bash -c expansion behavior can be read off.
Arms a skill-to-skill block via a frontmatter PreToolUse Skill hook. After invoking this, a natural-language attempt to run the victim skill should be blocked if the block decision is honored.
Target skill for the skill-to-skill block test. If its body runs, the guard's block decision was NOT honored.
Dump CLAUDE_PLUGIN env vars across plugin-level hook, skill frontmatter hook, and skill body for Cowork env propagation re-verification.
Observation infrastructure canary. Verifies that plugin-level hooks fire (via session-start log), that skill frontmatter hooks register and fire after first invoke, and that bash tool subprocess can write to the findings directory. Run this BEFORE any other probe — if this FAILs, the verdict of every later probe is CANARY-FAILED.
Probe env propagation across 3 process tiers (§1.1). Compares which CLAUDE_* env vars are set in plugin-level hook vs skill frontmatter hook vs Bash tool subprocess.
Probe ${VAR} substitution allowlist in skill body (§1.2). Tests CLAUDE_PLUGIN_ROOT/DATA/SKILL_DIR/SESSION_ID/PROJECT_DIR substitution at invoke time.
§1.7. Skill body ${VAR} substitution happens at invoke time only — reading the SKILL.md via Read tool returns literal placeholders.
§1.9. Slash invocation does NOT trigger PreToolUse:Skill; natural-language invocation does. UserPromptExpansion fires for slash only.
Cowork plugin-level PreToolUse never fires (block ignored) and bash tool is named mcp__workspace__bash (research sections 2.4 and 2.5). CLI baseline confirms block fires for the Bash matcher.
§2.9. Cowork sandbox limits write/edit/bash to outputs/ by default; plugin dir is read-only; request_cowork_directory grants RW to arbitrary host folders.
Single-quote isolation probe to fill team-report §1.2 unverified cells. Tests Claude Code pre-substitution in plugin-level hook + skill frontmatter hook + skill body for SESSION_ID, PROJECT_DIR, SKILL_DIR, and user_config.KEY.
Probe that hook commands run under /bin/sh (dash on WSL Ubuntu), not bash (§1.3). Bash-specific constructs should produce Bad substitution / syntax errors.
Cowork mounts the plugin install dir under /sessions/CODENAME/mnt/.remote-plugins/ read-only. Bundled scripts can be launched via relative path; CLAUDE_SKILL_DIR expands to a Windows path that fails directly. CLI baseline lets both patterns work. See research section 2.10.
Confirm that userConfig.api_secret (sensitive=true) is exposed as plain text via CLAUDE_PLUGIN_OPTION_API_SECRET in plugin-level hook env (§1.4). "sensitive" affects storage only, not runtime exposure.
Probe userConfig prompt trigger rules (§1.5). Manual verification of 4 routes — install/enable silent, /plugins UI prompt, disable→enable conditional, hook error when referenced-but-unset.
Compare CLAUDE_PLUGIN_ROOT with the marketplace cache path (§1.6). Docs say plugins run from cache; observation showed they run from source. This probe lets you classify the current behavior as PASS (finding holds) or DOC-ALIGNED (cache is now used).
§1.8. Skill frontmatter hook registers AFTER first invoke. SessionStart + once:true does not fire. Self-block during own load is impossible.
Companion to 08. Tests whether a skill's own frontmatter hook can block its own load (it cannot — frontmatter hooks register AFTER load).
§1.10. Verify that hooks within the same array fire in parallel. parallel-a (200ms sleep), parallel-b (400ms sleep), parallel-c (0ms) on SessionStart should produce overlapping start_ns timestamps; finish order should be c < a < b (parallel) not a < b < c (serial).
§2.4. Target skill for the block pair (11+12). After 12-block-self is invoked (registering its frontmatter PreToolUse:Skill hook), invoking 11-block-target should be blocked.
§2.4 / §2.5. Self-blocker skill. Its frontmatter PreToolUse:Skill hook returns a JSON block decision for any Skill tool call to 11-block-target. Must be invoked BEFORE 11-block-target so the hook is registered.
Cowork hook command parser is restricted to an echo+bash whitelist; CLI uses /bin/sh. This probe reads the parser-tests.log emitted by a parser-test hook variant.
§2.7. In Cowork, hook side effects (file writes) don't reach the shell sandbox. Only stdout/additionalContext flows through. This probe writes a canary file from a hook (via the inline command below) then tries to read it from Bash tool.
CLAUDE_PLUGIN_ROOT and CLAUDE_PLUGIN_DATA take three different forms across contexts in Cowork (Windows, MSYS, Linux mount); CLI baseline is a single Linux path (research sections 2.8 and 7.9).