Anthropic has formalized its Claude Code plugin ecosystem with an official, company-managed directory on GitHub — giving the tool's fast-growing developer community a single vetted source for extensions, while issuing an explicit warning that even listed plugins may load unverified third-party software. The repository, anthropics/claude-plugins-official, launched May 22 and has accumulated over 20,000 stars as developers seek a reliable alternative to the scattered community marketplaces that preceded it.
The directory organizes two classes of plugins. An internal /plugins folder contains extensions built and maintained by Anthropic's own team, covering 12-language language server protocol support, pull-request review tooling, git workflow automation, output formatting, and code quality checks. A separate /external_plugins folder holds third-party contributions from partners including GitHub, GitLab, Linear, Asana, Firebase, Playwright, Terraform, and Discord. Third-party submissions must pass quality and security screening before inclusion and can be submitted via a form at clau.de/plugin-directory-submission.
Claude Code Plugin Marketplace Existed Before — What the Official Directory Changes
Before this week's launch, Claude Code's extension landscape was fragmented. Useful plugins existed, but locating and evaluating them required digging through independent GitHub repositories, community forums, and informal word-of-mouth recommendations. The new official directory changes that by giving developers a single, authoritative starting point.
The structural shift mirrors what happened to other developer platforms when centralized marketplaces arrived. When the Visual Studio Code marketplace consolidated extensions in one place, adoption of the editor accelerated substantially. The official claude-plugins-official repository now functions as that consolidation point for Claude Code — a curated index rather than an unfiltered firehose.
Installation is a single terminal command: /plugin install {plugin-name}@claude-plugins-official. Developers who already have Claude Code running will find the official marketplace pre-registered by default — no additional setup is required before browsing. The full plugin catalog is also viewable at claude.com/plugins.
How Anthropic Verifies — and What It Does Not Verify
Anthropic applies two levels of scrutiny to plugins in the directory. All submissions go through basic automated screening before inclusion. Plugins that pass a stricter, additional review earn an "Anthropic Verified" badge, which signals higher confidence in both quality and safety. Plugins without that badge have cleared automated checks only.
This distinction matters, and Anthropic says so directly. The official plugin page states: community plugins "may install unverified, third party software that could be malicious or result in unintended behavior." Users are advised to review each plugin's linked source code before installing.
That caveat has real-world precedent. Research published in January 2026 by SentinelOne documented a class of attack in which a malicious Claude Code marketplace plugin redirects a developer's dependency installation to an attacker-controlled source, embedding trojanized code that persists silently across sessions. In the same period, security firm PromptArmor demonstrated how an injected plugin could steer Claude Code into performing unauthorized actions without triggering standard security tooling. Earlier still, in December 2025, Cato Networks researcher Inga Cherny showed that a modified Claude Code skill plugin could download and execute ransomware — specifically the MedusaLocker variant — by inserting a single seemingly benign function into an otherwise legitimate extension.
A February 2026 security audit by Snyk of the broader Claude Code agent-skills ecosystem found that 13 percent of agent-skills packages contained critical security flaws.
These findings do not implicate the official directory specifically — none of the documented attacks involved claude-plugins-official listings. They do establish that plugin installation is a supply-chain decision, not a convenience one, and that the official directory's curation reduces but does not eliminate risk.
How Claude Code Plugins Actually Work
A Claude Code plugin is a packaging format, not a single type of extension. Each plugin can bundle any combination of four components: slash commands (custom shortcuts for recurring operations), agents (purpose-built subagents for specialized tasks), Model Context Protocol (MCP) servers (connections to external tools and data sources), and hooks (automated behaviors that fire at specific points in the coding workflow, such as after a file edit or before a commit).
The plugin system was first introduced as a public beta in October 2025 via an Anthropic announcement. The official directory now centralizes the best-vetted examples of that system in action. Developers who want to understand the plugin format in detail can consult the official plugin documentation.
Because plugins execute with the installing user's system permissions, they can read and write files, access environment variables, and connect to external network services. This is what makes them powerful — and what makes permission review essential before installation.
What Developers Should Check Before Installing Any Claude Code Plugin
Anthropic's official security documentation recommends reviewing what permissions a plugin requests before installation and verifying that those permissions are proportionate to the plugin's stated function. A plugin that formats commit messages has no legitimate reason to request broad filesystem access or network connectivity. A plugin that connects to a cloud infrastructure provider will, by definition, need both — and the source code should make clear exactly where those connections go.
For plugins listed in the official directory, each entry links directly to its source repository, making code review straightforward. For community-sourced plugins from outside the official directory, the due-diligence bar is higher, because automated screening is not guaranteed.
The "Anthropic Verified" badge is the most reliable signal currently available within the directory. It does not guarantee that a plugin is free of all risk — Anthropic's own language stops short of that claim — but it does indicate the plugin has passed a human review stage that automated scanning alone does not cover.
Frequently Asked Questions
How do I install Claude Code plugins from the official directory?
Open Claude Code and run /plugin install {plugin-name}@claude-plugins-official in the terminal, replacing {plugin-name} with the name of the plugin you want. The official marketplace is pre-registered in all current Claude Code installations, so no additional setup is required before browsing. You can also view all available plugins at claude.com/plugins.
Are Claude Code plugins in the official directory safe to install?
Anthropic applies automated security screening to all directory submissions and awards an "Anthropic Verified" badge to plugins that pass additional human review. However, Anthropic explicitly states it cannot verify all software that a plugin may install or connect to, particularly third-party MCP servers bundled by external plugins. Users should review each plugin's source code, check what permissions it requests, and install only from developers they trust.
What is the Anthropic plugin directory and how is it different from community marketplaces?
The anthropics/claude-plugins-official GitHub repository is Anthropic's curated, company-maintained index of Claude Code plugins. Every listing has passed at minimum an automated security review before inclusion, and Anthropic-built internal plugins appear alongside vetted third-party submissions. Community marketplaces exist outside this directory and may or may not apply consistent review standards.
How does a Claude Code plugin differ from a Claude Code skill?
A plugin is a distribution and packaging format; a skill is a specific type of content a plugin can contain. Installing a plugin gives you everything bundled inside it — which may include skills (instruction sets Claude applies automatically to relevant tasks), slash commands, agents, MCP server configurations, and hooks. Skills are the reusable instruction sets; plugins are how those sets get installed and managed.
ⓒ 2026 TECHTIMES.com All rights reserved. Do not reproduce without permission.
