Plugin marketplaces
📖 3 min readUpdated 2026-04-18
Plugins live in marketplaces. As of 2026, the ecosystem is young but growing fast.
Official marketplaces
- claude-plugins-official. Anthropic's curated set. High-quality, maintained. Start here.
- claude.ai directory, remote connectors (MCP servers hosted by service providers). Different surface but similar intent.
Community marketplaces
- GitHub (topic: "claude-plugin"), browse and install directly from repositories.
- awesome-claude-code-style lists, community-curated on GitHub.
- mcp.so, primarily MCPs, some plugins too.
How to vet a plugin before installing
- Check the source. Is the repo active? Multiple contributors? Real issues and PRs?
- Read the code. Especially the MCP servers and hooks. They run with your permissions.
- Review declared permissions. A plugin that claims to do X but requests shell access is suspicious.
- Look at the install count + issues. 0 installs = fresh. High install + open unresolved issues = bad sign.
- Check the license. MIT/Apache are fine; no-license = legally unclear.
Installing
From the marketplace:
/plugin install <name>@<marketplace>
From GitHub directly (Claude Code):
/plugin install github:user/repo
Publishing your own
The high-level steps:
- Create a directory matching the plugin structure (manifest, servers, skills, hooks).
- Write a manifest file declaring what's included.
- Push to GitHub.
- (Optional) Submit to the official marketplace for review.
Conventions:
- Use semver for versions
- Include a changelog
- Document required environment variables clearly
- Ship a minimal reproduction example
- Sign your commits if possible (supply-chain trust)
Plugin hygiene
- Update regularly. Dependencies rot. MCPs shift.
- Deprecate cleanly. If you drop support, mark the repo and publish a final notice.
- Keep the deny-list sane. Plugins shouldn't request more permissions than they need.