claude-plugins
Health Uyari
- License — License: MIT
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 5 GitHub stars
Code Basarisiz
- eval() — Dynamic code execution via eval() in .github/workflows/validate-pr.yml
- network request — Outbound network request in plugins/apify-scraper/servers/apify/package.json
- process.env — Environment variable access in plugins/apify-scraper/servers/apify/src/index.ts
- process.env — Environment variable access in plugins/apify-scraper/servers/apify/src/services/api-client.ts
- network request — Outbound network request in plugins/apify-scraper/servers/apify/src/services/api-client.ts
Permissions Gecti
- Permissions — No dangerous permissions requested
This is an open-source marketplace offering 26 plugins for Claude Code and Cowork. It allows users to connect Claude to external services like Google Drive, WhatsApp, and YouTube directly from a conversation.
Security Assessment
The overall security risk is Medium. The project claims to follow a strict "SOSA" security framework, and the scan confirms there are no hardcoded secrets or dangerous permissions requested. However, there are notable concerns. A critical failure was found involving dynamic code execution (eval) hidden inside a GitHub Actions workflow file. While this doesn't execute on your local machine during normal use, it is a significant red flag in the repository's supply chain. Additionally, specific plugins (like Apify) actively make outbound network requests and access environment variables to handle API credentials. This is standard behavior for API integrations, but it means you are trusting these plugins with your sensitive data.
Quality Assessment
The project has a high code quality baseline. It uses the standard MIT license and is actively maintained, with updates pushed as recently as today. The documentation is detailed and outlines a mature methodology for safe AI operations. However, community trust and visibility are currently very low. With only 5 stars on GitHub, the marketplace has not been broadly tested or vetted by the open-source community.
Verdict
Use with caution: the project looks promising and is actively maintained, but supply chain risks and a lack of community vetting warrant a careful manual code review before integrating.
26 free, open-source plugins for Claude Code & Cowork — Google Drive, WhatsApp, YouTube, WordPress, Apollo & more. Built on the SOSA™ security framework.
MSApps Claude Plugins
If you find these plugins useful, please ⭐ star this repo — it helps other developers discover the marketplace and motivates us to keep building!
The largest open-source plugin marketplace for Claude. 26 production-ready plugins for Claude Code (CLI) and Cowork (desktop app) — built on the SOSA™ security framework.
Upload to Google Drive. Track time in Toggl. Transcribe YouTube videos. Send WhatsApp messages. Manage WordPress. Prospect with Apollo. Clean your Mac. All from a single Claude conversation.
# Add the marketplace (one-time)
/plugin marketplace add MSApps-Mobile/claude-plugins
# Install any plugin
/plugin install google-drive-upload@msapps-plugins
That's it. No API wrappers. No config files (for most plugins). Just install and talk to Claude naturally.
Why This Exists
AI plugins today have a trust problem. Most are demos — not production tools. They hardcode credentials, skip confirmation on destructive actions, and have no concept of agent boundaries.
We built SOSA™ (Supervised Orchestrated Secured Agents) to fix that — a four-pillar methodology for production-grade autonomous AI operations. Every plugin in this marketplace declares its compliance level, impact classification, and security posture.
The four pillars:
| Pillar | In Practice |
|---|---|
| 🛡️ Supervised | High-impact actions require human approval. An outreach agent can't send 500 emails without your sign-off. |
| ⚙️ Orchestrated | Agents follow Plan → Act → Verify. Token budgets are enforced — bloated skills waste your money. |
| 🔒 Secured | No hardcoded credentials. External data is scanned for prompt injection. Package versions pinned. |
| 🤖 Agents | Each agent has a formal role spec, declared tool access, and explicit boundaries. A finance agent can't send emails — period. |
📄 Read the whitepaper: SOSA™ — Supervised Orchestrated Secured Agents (Shatz, 2026)
Available Plugins
| Plugin | What it does | Install |
|---|---|---|
| google-drive-upload | Upload files to Google Drive — unlimited, free | google-drive-upload@msapps-plugins |
| toggl-time-tracker | Track time with Toggl — start/stop timers, reports | toggl-time-tracker@msapps-plugins |
| youtube-transcriber | Transcribe YouTube videos & playlists — no API key | youtube-transcriber@msapps-plugins |
| session-backup | Daily backups of sessions, skills & configs to Drive | session-backup@msapps-plugins |
| notion-memory | Long-term memory for Claude across sessions via Notion | notion-memory@msapps-plugins |
| mac-disk-cleaner | Reclaim disk space on macOS — clean caches, find bloat | mac-disk-cleaner@msapps-plugins |
| whatsapp-mcp | Connect Claude to WhatsApp — search, read, send | whatsapp-mcp@msapps-plugins |
| apify-scraper | Full Apify web scraping — run Actors, manage datasets | apify-scraper@msapps-plugins |
| apollo | Prospect leads & enrich contacts with Apollo.io | apollo@msapps-plugins |
| wordpress-mcp | Manage WordPress — posts, users, WooCommerce & more | wordpress-mcp@msapps-plugins |
| x-content-intelligence | Scrape X/Twitter for insights & generate content | x-content-intelligence@msapps-plugins |
| cowork-mem | Persistent memory across Cowork sessions — so Claude never loses context | cowork-mem@msapps-plugins |
| skill-campfire | Turn your skills into characters who hang out around a campfire | skill-campfire@msapps-plugins |
| rtl-chat-fixer | Fix jumbled RTL/LTR text mixing (Hebrew, Arabic) | rtl-chat-fixer@msapps-plugins |
| vm-disk-cleanup | Fix disk-full errors in Cowork VMs & sandboxes | vm-disk-cleanup@msapps-plugins |
| cowork-session-fixer | Fix stuck Cowork sessions — automated 5-tier recovery | cowork-session-fixer@msapps-plugins |
| fix-chrome-connection | Fix stale Claude in Chrome connections | fix-chrome-connection@msapps-plugins |
| github-cli-health-check | Scheduled health check for GitHub CLI | github-cli-health-check@msapps-plugins |
| zoho-mail-health | Daily health check for Zoho Mail accounts | zoho-mail-health@msapps-plugins |
| gcloud-cli-health-check | Scheduled health check for Google Cloud CLI (gcloud) | gcloud-cli-health-check@msapps-plugins |
Security & Optimization Plugins
| Plugin | What it does | Install |
|---|---|---|
| sosa-compliance-checker | Audit your entire plugin ecosystem against SOSA™ | sosa-compliance-checker@msapps-plugins |
| token-efficiency-audit | Find and fix token waste — typical savings: 20-50% | token-efficiency-audit@msapps-plugins |
| sosa-governor | Real-time SOSA governance layer — classifies, gates, and logs every MCP tool call | sosa-governor@msapps-plugins |
| sosa-orchestrator | Token-aware task prioritization and budget management for Claude sessions | sosa-orchestrator@msapps-plugins |
Developer Tools
| Plugin | What it does | Install |
|---|---|---|
| swift-lsp | Real-time Swift code intelligence — diagnostics, go-to-definition, hover types via SourceKit-LSP | swift-lsp@msapps-plugins |
| kotlin-lsp | Real-time Kotlin code intelligence — diagnostics, go-to-definition, hover types via kotlin-language-server | kotlin-lsp@msapps-plugins |
Notion Skills (from Anthropic)
Four official Claude skills from the Anthropic Notion team — announced by Claude on LinkedIn and distributed via notiondevs.notion.site/notion-skills-for-claude. Re-packaged here as installable plugins; skill content is © Anthropic.
| Plugin | What it does | Install |
|---|---|---|
| notion-knowledge-capture | Turn conversations into structured Notion docs — decisions, how-tos, FAQs, learnings | notion-knowledge-capture@msapps-plugins |
| notion-meeting-intelligence | Prep for meetings — internal pre-read + external agenda, all saved to Notion | notion-meeting-intelligence@msapps-plugins |
| notion-research-documentation | Search your workspace, synthesize findings, produce research reports with citations | notion-research-documentation@msapps-plugins |
| notion-spec-to-implementation | Turn specs into Notion tasks Claude Code can implement — plan, track, ship | notion-spec-to-implementation@msapps-plugins |
Requires the Notion connector (Claude Code MCP or Cowork Settings).
Mobile devs: swift-lsp ships with Xcode — zero extra setup. kotlin-lsp installs via brew install kotlin-language-server.
Pro tip: Run
sosa-compliance-checkeron all your installed plugins — not just ours. It catches hardcoded API keys, missing confirmation gates, unpinned packages, and prompt injection vulnerabilities in any plugin.
Quick Start
Claude Code (CLI)
# 1. Add marketplace (one-time)
/plugin marketplace add MSApps-Mobile/claude-plugins
# 2. Install what you need
/plugin install mac-disk-cleaner@msapps-plugins
/plugin install youtube-transcriber@msapps-plugins
# 3. Just talk to Claude
# "Clean up my Mac" / "Transcribe this video: https://..."
Cowork (Desktop App)
- Settings → Plugins → Marketplaces → Add →
MSApps-Mobile/claude-plugins - Search for any plugin and click Install
- Start talking — Claude uses the plugin automatically
Setup Guides
Google Drive UploadOne-time Google Apps Script deployment. Save your config to ~/.cowork-gdrive-config.json:
{
"url": "https://script.google.com/macros/s/YOUR_SCRIPT_ID/exec",
"apiKey": "your-api-key"
}
Save your Toggl API token to ~/.toggl-config.json:
{
"apiToken": "your-toggl-api-token",
"workspaceId": 1234567
}
Get your token at track.toggl.com/profile.
YouTube TranscriberNo config needed — just requires the Claude in Chrome extension. Paste any YouTube URL and ask Claude to transcribe it.
WhatsApp MCPRequires the WhatsApp MCP bridge:
brew install go uv ffmpeg
git clone https://github.com/lharries/whatsapp-mcp.git ~/whatsapp-mcp
cd ~/whatsapp-mcp/whatsapp-bridge && go build -o whatsapp-bridge && ./whatsapp-bridge
Scan the QR code with WhatsApp on first run. Set WHATSAPP_MCP_PATH="$HOME/whatsapp-mcp" in your shell profile.
Set environment variables after installing:
| Variable | Description |
|---|---|
WP_MCP_URL |
Your site's MCP endpoint (https://yoursite.com/wp-json/mcp/v1) |
WP_MCP_AUTH |
Base64-encoded username:application-password |
Requires WordPress MCP Adapter on WordPress 6.9+.
Apify ScraperSet your token: APIFY_API_TOKEN=your_token_here
Get it at Apify Console → Settings → Integrations.
ApolloNo manual setup — authenticates automatically on first use.
Notion MemoryRequires a Notion connector:
- Claude Code: Add a Notion MCP server to
.mcp.json - Cowork: Settings → Connectors → Notion
No config needed. macOS Ventura+. Only touches auto-regenerated caches — never deletes personal files.
Other pluginsMost other plugins (RTL Chat Fixer, VM Disk Cleanup, Cowork Session Fixer, Fix Chrome Connection, GitHub CLI Health Check, GCloud CLI Health Check, SOSA Compliance Checker) require no configuration — just install and use.
Community
- 💬 Open an issue for bugs or feature requests
- 🤝 Read CONTRIBUTING.md to get started with your first PR
- ⭐ Star the repo to help others find it
- 🐦 Follow @MSAppsMobile for updates
Contributing
We welcome contributions! Whether it's a new plugin, a bug fix, or documentation improvements:
- Fork this repo
- Create a branch (
git checkout -b my-plugin) - Follow the SOSA framework — your plugin should declare its compliance level in
plugin.json - Submit a PR with a clear description of what the plugin does and its SOSA classification
Want to build a plugin but not sure where to start? Check the existing plugins for reference, or open an issue to discuss your idea.
Star History
If this project is useful to you, consider giving it a ⭐ — it helps others discover these tools.
Support
- Issues: GitHub Issues
- Email: [email protected]
- Website: msapps.mobi
Built by MSApps · Powered by SOSA™
Yorumlar (0)
Yorum birakmak icin giris yap.
Yorum birakSonuc bulunamadi