Plugin Review

Name: Plugin Review
Author: athola

athola/claude-night-market

Scope Claude Night Market plugin reviews to git-changed plugins and their dependents using plugin-dependencies.json instead of reviewing the whole monorepo blindly.

Install

npx skills add https://github.com/athola/claude-night-market --skill plugin-review

What is this skill?

Affected plugins from git diff against main: paths under plugins/ parsed to unique plugin ids
Related plugins from docs/plugin-dependencies.json dependents (including wildcard "*" for all other plugins)
Affected role wins when a plugin is both changed and a dependent of another change
Special cases: root-level workspace files flagged at pr/release tier; new on-disk plugins not in JSON flagged for depend
Exits PASS with "No plugin changes detected" when diff has no plugin changes

Adoption & trust: 1 installs on skills.sh; 304 GitHub stars; 3/3 security scanners passed (skills.sh audits); trending (+100% hot-view momentum).

Recommended Skills

Improve Codebase Architecturemattpocock/skills

Improve Codebase Architecture is an agent skill that teaches how to deepen a cluster of shallow modules without breaking…226k installs·121k stars

Zoom Outmattpocock/skills

Lightweight meta-prompt skill that tells the agent to zoom out and deliver a domain-aligned overview of modules and call…181k installs·121k stars

Caveman Reviewjuliusbrussee/caveman

Formats code review as single actionable lines: location, problem, fix, with minimal noise.139k installs·70k stars

Requesting Code Reviewobra/superpowers

Requesting Code Review is an agent skill from the Superpowers collection that gives solo and indie builders a copy-ready…119k installs·221k stars

Receiving Code Reviewobra/superpowers

Superpowers methodology for agents receiving code review: prioritize technical correctness over social comfort, verify e…96.2k installs·221k stars

Request Refactor Planmattpocock/skills

request-refactor-plan is a structured agent workflow for solo and small-team maintainers who want refactors filed as act…30.5k installs·121k stars

Journey fit

Primary fit

Canonical shelf is Ship review because the skill drives scoped quality checks on plugin diffs at branch, PR, or release tiers. Review subphase matches affected vs related plugin resolution, deduplication rules, and PASS when no plugin paths change.

Common Questions / FAQ

Is Plugin Review safe to install?

skills.sh reports 3 of 3 security scanners passed. Review the Security Audits panel on this page before installing in production.

SKILL.md

READMESKILL.md - Plugin Review

# Dependency Detection

How to resolve affected and related plugins for scoped
review.

## Affected Plugins

Detect from git diff against the base branch:

```bash
git diff main --name-only | \
  grep '^plugins/' | \
  sed 's|^plugins/\([^/]*\)/.*|\1|' | \
  sort -u
```

If no diff available (detached HEAD, no main branch),
fall back to all plugins.

## Related Plugins

Load `docs/plugin-dependencies.json` and for each affected
plugin, look up who depends on it:

1. Read the `dependencies` section to find the affected
   plugin
2. If `dependents` is `["*"]`, ALL other plugins are related
3. Otherwise, `dependents` lists the specific related plugins

Example: if `abstract` is affected and has
`dependents: ["*"]`, then all 16 other plugins are related.

If `leyline` is affected and has `dependents: ["conjure"]`,
then only conjure is related.

## Deduplication

A plugin that is both affected (has direct changes) AND
related (depends on another changed plugin) is treated as
affected. The "affected" role always wins.

## Special Cases

- **Root-level changes** (pyproject.toml, Makefile, scripts/):
  These affect the workspace, not individual plugins.
  At branch tier, skip. At pr/release tier, flag for
  manual review.

- **No plugins changed**: If the diff has no plugin changes,
  report "No plugin changes detected" and exit with PASS.

- **New plugin**: If a plugin directory exists on disk but
  is not in `plugin-dependencies.json`, flag it and suggest
  running `scripts/generate_dependency_map.py` to update.


# Branch Tier Checks

The branch tier runs quick quality gates on affected and
related plugins. Designed for fast feedback during
development.

## Checks for Affected Plugins

Run these sequentially for each affected plugin:

### 1. Plugin Structure Validation

Run the plugin validator to check plugin.json schema,
skill/agent frontmatter, hook event types, and path
references against the official Claude Code spec:

```bash
python3 plugins/abstract/scripts/validate_plugin.py \
  plugins/<plugin>
```

If critical issues found, mark plugin as FAIL.
Warnings are non-blocking at branch tier.

### 2. Registration Audit

**Only available in night-market repo.** Check script exists first:

```bash
# Check if the script exists (night-market only)
if [[ -f "plugins/sanctum/scripts/update_plugin_registrations.py" ]]; then
  python3 plugins/sanctum/scripts/update_plugin_registrations.py \
    <plugin-name> --dry-run
else
  echo "Registration audit skipped - not running in night-market"
fi
```

Report any missing or stale registrations. If skipped, note in the
result table that registration audit is unavailable.

### 3. Test Gate

```bash
cd plugins/<plugin> && make test
```

Capture pass/fail and test count. If tests fail, mark
plugin as FAIL.

### 4. Lint Gate

```bash
cd plugins/<plugin> && make lint
```

Capture pass/fail. If lint fails, mark as WARNING (not
blocking at branch tier).

### 5. Typecheck Gate

```bash
cd plugins/<plugin> && make typecheck
```

Capture pass/fail. If typecheck fails, mark as WARNING.

### 6. Diff Analysis

Run `git diff main -- plugins/<plugin>/` to identify:
- New files (commands, skills, hooks, agents)
- Deleted files
- Modified production code vs test-only changes

Flag high-risk patterns:
- Hook changes (security surface)
- `__init__.py` export changes (API surface)
- pyproject.toml dependency changes

## Checks for Related Plugins

Run a lighter subset:

### 1. Registration Audit

Same as affected plugins.

### 2. Test Gate

```bash
cd plugins/<plugin> && make test
```

Tests must pass. This catches side-effect breakage from
dependency changes.

## Result Table

Build a table with columns: plugin, test, lint, type, reg,
verdict. Use `--` for skipped checks on related plugins.

## Verdict Rules

- Any test FAIL on affected or related: overall FAIL
- Any lint/type FAIL on affected: overall PASS-WITH-WARNINGS
- All green: PASS


# PR Tier Checks

The PR tier adds quality scoring on top of branch tier

What is this skill?

Affected plugins from git diff against main: paths under plugins/ parsed to unique plugin ids

Related plugins from docs/plugin-dependencies.json dependents (including wildcard "*" for all other plugins)

Affected role wins when a plugin is both changed and a dependent of another change

Special cases: root-level workspace files flagged at pr/release tier; new on-disk plugins not in JSON flagged for depend

Exits PASS with "No plugin changes detected" when diff has no plugin changes

Adoption & trust: 1 installs on skills.sh; 304 GitHub stars; 3/3 security scanners passed (skills.sh audits); trending (+100% hot-view momentum).

Journey fit

Primary fit

SKILL.md

READMESKILL.md - Plugin Review

# Dependency Detection

How to resolve affected and related plugins for scoped
review.

## Affected Plugins

Detect from git diff against the base branch:

```bash
git diff main --name-only | \
  grep '^plugins/' | \
  sed 's|^plugins/\([^/]*\)/.*|\1|' | \
  sort -u
```

If no diff available (detached HEAD, no main branch),
fall back to all plugins.

## Related Plugins

Load `docs/plugin-dependencies.json` and for each affected
plugin, look up who depends on it:

1. Read the `dependencies` section to find the affected
   plugin
2. If `dependents` is `["*"]`, ALL other plugins are related
3. Otherwise, `dependents` lists the specific related plugins

Example: if `abstract` is affected and has
`dependents: ["*"]`, then all 16 other plugins are related.

If `leyline` is affected and has `dependents: ["conjure"]`,
then only conjure is related.

## Deduplication

A plugin that is both affected (has direct changes) AND
related (depends on another changed plugin) is treated as
affected. The "affected" role always wins.

## Special Cases

- **Root-level changes** (pyproject.toml, Makefile, scripts/):
  These affect the workspace, not individual plugins.
  At branch tier, skip. At pr/release tier, flag for
  manual review.

- **No plugins changed**: If the diff has no plugin changes,
  report "No plugin changes detected" and exit with PASS.

- **New plugin**: If a plugin directory exists on disk but
  is not in `plugin-dependencies.json`, flag it and suggest
  running `scripts/generate_dependency_map.py` to update.


# Branch Tier Checks

The branch tier runs quick quality gates on affected and
related plugins. Designed for fast feedback during
development.

## Checks for Affected Plugins

Run these sequentially for each affected plugin:

### 1. Plugin Structure Validation

Run the plugin validator to check plugin.json schema,
skill/agent frontmatter, hook event types, and path
references against the official Claude Code spec:

```bash
python3 plugins/abstract/scripts/validate_plugin.py \
  plugins/<plugin>
```

If critical issues found, mark plugin as FAIL.
Warnings are non-blocking at branch tier.

### 2. Registration Audit

**Only available in night-market repo.** Check script exists first:

```bash
# Check if the script exists (night-market only)
if [[ -f "plugins/sanctum/scripts/update_plugin_registrations.py" ]]; then
  python3 plugins/sanctum/scripts/update_plugin_registrations.py \
    <plugin-name> --dry-run
else
  echo "Registration audit skipped - not running in night-market"
fi
```

Report any missing or stale registrations. If skipped, note in the
result table that registration audit is unavailable.

### 3. Test Gate

```bash
cd plugins/<plugin> && make test
```

Capture pass/fail and test count. If tests fail, mark
plugin as FAIL.

### 4. Lint Gate

```bash
cd plugins/<plugin> && make lint
```

Capture pass/fail. If lint fails, mark as WARNING (not
blocking at branch tier).

### 5. Typecheck Gate

```bash
cd plugins/<plugin> && make typecheck
```

Capture pass/fail. If typecheck fails, mark as WARNING.

### 6. Diff Analysis

Run `git diff main -- plugins/<plugin>/` to identify:
- New files (commands, skills, hooks, agents)
- Deleted files
- Modified production code vs test-only changes

Flag high-risk patterns:
- Hook changes (security surface)
- `__init__.py` export changes (API surface)
- pyproject.toml dependency changes

## Checks for Related Plugins

Run a lighter subset:

### 1. Registration Audit

Same as affected plugins.

### 2. Test Gate

```bash
cd plugins/<plugin> && make test
```

Tests must pass. This catches side-effect breakage from
dependency changes.

## Result Table

Build a table with columns: plugin, test, lint, type, reg,
verdict. Use `--` for skipped checks on related plugins.

## Verdict Rules

- Any test FAIL on affected or related: overall FAIL
- Any lint/type FAIL on affected: overall PASS-WITH-WARNINGS
- All green: PASS


# PR Tier Checks

The PR tier adds quality scoring on top of branch tier

Install

What is this skill?

Recommended Skills

Journey fit

Is Plugin Review safe to install?

SKILL.md

This week for builders

Install

What is this skill?

Recommended Skills

Journey fit

Is Plugin Review safe to install?

SKILL.md