This module ties together everything you've learned about the five building blocks. Plugins are how they get packaged, shared, and distributed.
What Is a Plugin?
A plugin is a folder that bundles any combination of the five building blocks. Some plugins are nothing more than an MCP wrapper. Others combine commands, skills, agents, and hooks into sophisticated workflows.
| Plugin | MCPs | Commands | Skills | Agents | Hooks |
|---|---|---|---|---|---|
| context7 | ✓ | – | – | – | – |
| vercel | – | /deploy, /setup, /logs | deploy, setup, logs | – | – |
| feature-dev | – | /feature-dev | – | code-explorer, code-architect | – |
| security-guidance | – | – | – | – | PreToolUse (9 patterns) |
| compound-engineering | – | /plan, /review, /compound | plan, review | – | – |
The Marketplace
The official Anthropic marketplace has 36+ curated plugins. Community marketplaces add hundreds more.
Install a plugin:
# Add a marketplace
/plugin marketplace add https://github.com/EveryInc/compound-engineering-plugin
# Install from it
/plugin install compound-engineeringEvaluating Plugins Before Installing
Not all plugins are equal. Before installing, check:
- What hooks does it add? Hooks run shell commands on every relevant event. A badly-written hook can slow down every file edit or run unexpected commands.
- What permissions does it request? Check
allowed-toolsin its commands – what tools does it pre-approve? - What MCPs does it configure? An MCP is a running process with potential security implications.
- Is it maintained? Check the repo's activity.
You can always read a plugin's files after installation – they're just markdown and JSON on disk.
Forking and Customising
All plugin files are readable, editable markdown on disk. The override precedence is:
- Project-level (
.claude/in your repo) – highest priority - Global (
~/.claude/) – middle - Plugin (marketplace cache) – lowest
You can copy any plugin's agent, skill, or command into your own directories and customise it. Your version takes precedence.
The marketplace is a starting point, not a destination. The real power comes from forking plugins and customising them for your specific project, stack, and conventions.
Notable Plugins
A few plugins worth knowing about:
| Plugin | What It Does | Why It Matters |
|---|---|---|
| Compound Engineering (Every) | Plan → Work → Review → Codify loop | Formalises the compounding engineering habit from the Context module |
| Ralph Wiggum (Anthropic) | Persistent autonomous loops for long tasks | Lets Claude run for hours, fixing its own mistakes until done |
| Security Guidance | 9 PreToolUse hooks for security patterns | Passively catches secrets, injection flaws, insecure patterns |
| Context7 | Live documentation fetching via MCP | Avoids deprecated API usage in fast-moving frameworks |
The Claude Code SDK
The provides a programmatic interface to Claude Code – available as CLI, TypeScript, and Python libraries.
When You'd Use It
Integration into larger pipelines and workflows – CI/CD, automated code review, batch processing. If you just need Claude to review code in CI, claude --print "Review this PR" piped into a script might be all you need. The SDK is for more complex programmatic control.
import { createAgent } from "@anthropic-ai/claude-code";
const agent = createAgent({
system_prompt: "You are a code reviewer...",
allowTools: ["Read", "Glob", "Grep"],
model: "claude-sonnet-4-5-20250929",
});The SDK's system_prompt is the programmatic equivalent of an agent persona – the same concept from the Agents module, just written in code instead of a markdown file.
GitHub Integration
Setup
- Run
/install-github-appin Claude Code - Install the Claude Code app on GitHub
- Add your API key
- An auto-generated PR adds two GitHub Actions
What You Get
@Claudementions in PRs and issues trigger Claude to respond- Automatic PR review when configured
- GitHub Actions integration for CI/CD workflows
This is particularly powerful combined with the compounding engineering habit – team members can comment @claude add this to CLAUDE.md so you don't do it again during PR review, and Claude creates a PR updating the rules file.
- Installing plugins without reading them. Every plugin is files on disk – check what hooks, agents, and permissions it adds. An unreviewed plugin could run shell commands on every tool call.
- Using the SDK when the CLI is sufficient.
claude --print "Review this PR"in a shell script covers many CI use cases. Don't over-engineer. - Never customising plugins. The default config is generic. Fork the plugin's commands and agents, then tune them to your codebase and conventions.
What to Take Away
Plugins are just bundles of building blocks – forkable and customisable. Once you understand the five pieces (MCPs, commands, skills, agents, hooks), you can read, evaluate, and modify any plugin. The marketplace gives you a starting point; your project's .claude/ directory is where the real value lives.