claude-plugins
mcp
Fail
Health Warn
- No license — Repository has no license file
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 6 GitHub stars
Code Fail
- rm -rf — Recursive force deletion command in chainguard-codegen/skills/dockerfile-migrator.json
- process.env — Environment variable access in examples/vuln-dashboard/server.js
Permissions Pass
- Permissions — No dangerous permissions requested
Purpose
This official Chainguard project provides two distinct plugins for Claude Code. One accesses Chainguard's documentation library via an MCP server, while the other generates secure Dockerfiles and migrates existing container configurations to Chainguard images.
Security Assessment
Overall Risk: Medium. The tool does not request explicitly dangerous permissions, but static analysis flagged several concerns. The codebase includes a recursive force deletion command (`rm -rf`) within a code generation skill, which could be dangerous if executed in unexpected contexts. Additionally, the example dashboard code accesses system environment variables (`process.env`), a common vector for inadvertently leaking sensitive configuration data or secrets. Users should also note that the documentation plugin runs a remote container image (`ghcr.io/chainguard-dev/ai-docs:latest`) and requires an active internet connection, making external network requests. No hardcoded secrets were detected.
Quality Assessment
The project appears to be actively maintained, with its most recent code push occurring today. However, it suffers from very low community visibility, currently backed by only 6 GitHub stars. Crucially, the repository entirely lacks a standard open-source license. This absence means that there are no formal legal permissions granted for using, modifying, or distributing the code, which is a significant red flag for enterprise or production environments.
Verdict
Use with caution: while actively updated and created by an official vendor, the missing license, low community adoption, and presence of destructive shell commands warrant a careful code review before integrating into your workflow.
This official Chainguard project provides two distinct plugins for Claude Code. One accesses Chainguard's documentation library via an MCP server, while the other generates secure Dockerfiles and migrates existing container configurations to Chainguard images.
Security Assessment
Overall Risk: Medium. The tool does not request explicitly dangerous permissions, but static analysis flagged several concerns. The codebase includes a recursive force deletion command (`rm -rf`) within a code generation skill, which could be dangerous if executed in unexpected contexts. Additionally, the example dashboard code accesses system environment variables (`process.env`), a common vector for inadvertently leaking sensitive configuration data or secrets. Users should also note that the documentation plugin runs a remote container image (`ghcr.io/chainguard-dev/ai-docs:latest`) and requires an active internet connection, making external network requests. No hardcoded secrets were detected.
Quality Assessment
The project appears to be actively maintained, with its most recent code push occurring today. However, it suffers from very low community visibility, currently backed by only 6 GitHub stars. Crucially, the repository entirely lacks a standard open-source license. This absence means that there are no formal legal permissions granted for using, modifying, or distributing the code, which is a significant red flag for enterprise or production environments.
Verdict
Use with caution: while actively updated and created by an official vendor, the missing license, low community adoption, and presence of destructive shell commands warrant a careful code review before integrating into your workflow.
Official Chainguard plugins and skills for Claude Code - documentation access and secure container image migration
README.md
Chainguard Plugins for Claude Code
Official Chainguard plugins for Claude Code - bringing supply chain security and secure container images to your development workflow.
Available Plugins
chainguard-docs
Access Chainguard's complete documentation library through a Model Context Protocol (MCP) server.
Features:
- Search across all Chainguard documentation
- Get detailed container image information
- Access security guides and CVE management docs
- Learn about Wolfi, apko, melange, and chainctl
- Real-time documentation updates
Perfect for:
- Learning about Chainguard products and services
- Finding the right container image for your project
- Understanding supply chain security concepts
- Looking up tool documentation
chainguard-codegen
Generate secure code and configurations using Chainguard Containers and tools.
Features:
- Generate secure Dockerfiles with Chainguard Containers
- Migrate existing Dockerfiles to Chainguard
- Create apko/melange configurations
- Apply security best practices automatically
- Multi-stage build optimization
Perfect for:
- Creating new containerized applications
- Migrating existing projects to Chainguard
- Building custom Wolfi-based images
- Implementing security best practices
Installation
Add the Chainguard Marketplace
/plugin marketplace add https://github.com/chainguard-demo/claude-plugins.git
Install Both Plugins
/plugin install chainguard-docs@chainguard-plugins
/plugin install chainguard-codegen@chainguard-plugins
Or Install Individually
Documentation only:
/plugin install chainguard-docs@chainguard-plugins
Code generation only:
/plugin install chainguard-codegen@chainguard-plugins
Quick Start
Once installed, try these example prompts:
Using chainguard-docs
"What Chainguard images are available for Python?"
"How does Chainguard handle CVE management?"
"Show me the nginx image documentation"
"Search Chainguard docs for SBOM generation"
Using chainguard-codegen
"Generate a Dockerfile for a Python Flask app using Chainguard Containers"
"Migrate this Dockerfile to use Chainguard Containers"
"Create an apko config for a Node.js application"
"Generate a secure multi-stage Dockerfile for Go"
Requirements
chainguard-docs
- Docker installed and running (for MCP server)
- Internet connection
chainguard-codegen
- No additional requirements
Plugin Architecture
chainguard-docs
This plugin wraps Chainguard's MCP server (ghcr.io/chainguard-dev/ai-docs:latest) which provides:
- Full-text search across documentation
- Structured access to container image docs
- Security and tool reference materials
- Weekly automated updates
chainguard-codegen
This plugin includes specialized AI skills that help Claude Code:
- Generate secure Dockerfiles following best practices
- Migrate legacy Dockerfiles to Chainguard Containers
- Create apko configurations for custom Wolfi images
- Apply security defaults and multi-stage builds
What are Chainguard Containers?
Chainguard Containers are secure, minimal container images designed for production use:
- Zero CVEs: No known vulnerabilities, regularly updated
- Minimal: Only includes what's necessary, reducing attack surface
- SBOM: Complete software bill of materials included
- Signed: Cryptographically signed with Sigstore
- Non-root: Run as non-root user by default
- Variants: Production (
:latest) and development (:latest-dev) variants
Learn more at images.chainguard.dev
Examples
Example 1: Learning About Images
You: What Chainguard images are available for Python development?
Claude Code: [Uses chainguard-docs MCP server]
Based on Chainguard documentation, here are the Python images:
- cgr.dev/chainguard/python:latest - Minimal production runtime
- cgr.dev/chainguard/python:latest-dev - Development variant with pip and build tools
...
Example 2: Generating a Dockerfile
You: Generate a secure Dockerfile for a Django application
Claude Code: [Uses chainguard-codegen skills]
I'll create a secure multi-stage Dockerfile using Chainguard's Python image:
FROM cgr.dev/chainguard/python:latest-dev AS builder
WORKDIR /app
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt --user
FROM cgr.dev/chainguard/python:latest
WORKDIR /app
COPY --from=builder /home/nonroot/.local /home/nonroot/.local
COPY --chown=nonroot:nonroot . .
ENV PATH=/home/nonroot/.local/bin:$PATH
EXPOSE 8000
CMD ["python", "manage.py", "runserver", "0.0.0.0:8000"]
Example 3: Migrating Existing Code
You: Can you migrate this Dockerfile to use Chainguard Containers?
FROM python:3.12-slim
WORKDIR /app
COPY requirements.txt .
RUN pip install -r requirements.txt
COPY . .
CMD ["python", "app.py"]
Claude Code: [Uses chainguard-codegen dockerfile-migrator skill]
I'll migrate this to use Chainguard's Python image with a multi-stage build for better security...
[Shows migrated Dockerfile with explanation of changes]
Documentation
- Chainguard Academy - Tutorials and guides
- Chainguard Containers - Full image catalog
- Claude Code Plugins - Plugin documentation
Support
- Documentation: edu.chainguard.dev
- Support Portal: support.chainguard.dev
- Community Slack: go.chainguard.dev/slack
- GitHub Issues: github.com/chainguard-dev/edu/issues
Contributing
These plugins are maintained by Chainguard. For issues, suggestions, or contributions:
- Open an issue in the edu repository
- Join our Community Slack
- Contact [email protected]
License
Apache-2.0
About Chainguard
Chainguard is building a new generation of secure software supply chain tooling. We provide:
- Chainguard Containers: Secure, minimal container images
- Wolfi: Undistro for building containers
- apko: Build OCI images from APK packages
- melange: Build APK packages from source
- Chainguard Enforce: Software supply chain security platform
Learn more at chainguard.dev
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found