Skillget

skill-manager

skill
Guvenlik Denetimi
Basarisiz
Health Uyari
  • License — License: MIT
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Low visibility — Only 5 GitHub stars
Code Basarisiz
  • execSync — Synchronous shell command execution in scripts/lib/report.js
  • execSync — Synchronous shell command execution in scripts/lib/updates.js
Permissions Gecti
  • Permissions — No dangerous permissions requested
Purpose
This tool is a Claude Code plugin that inventories your installed skills, performs structural validations, and checks for available updates. It gives you a clear report on what is installed, what needs fixing, and what is outdated.

Security Assessment
The overall risk is Medium. While the plugin does not request dangerous permissions or contain hardcoded secrets, it fails two critical security checks. It uses synchronous shell command execution (`execSync`) in two separate files (`report.js` and `updates.js`). Synchronous shell execution can be a security vulnerability if the tool processes unsanitized external input, potentially opening the door to command injection attacks. Additionally, the tool inherently makes network requests to GitHub to check for version updates on your installed plugins.

Quality Assessment
The project is actively maintained, with its most recent push happening today. It uses the permissive and standard MIT license and includes a clear, highly detailed description of its functionality. However, community trust and visibility are currently very low. The repository only has 5 GitHub stars, meaning the codebase has not been broadly reviewed or battle-tested by a large user base.

Verdict
Use with caution — the active maintenance is a plus, but the inclusion of synchronous shell execution and lack of community oversight warrant a careful code review before installing.
SUMMARY

Claude Code plugin — inventory all your installed skills, check structure, and find updates. Free, zero dependencies.

README.md

Stars
License: MIT
Claude Code Plugin

skill-manager — See Everything You Have Installed

Know what skills, plugins, and agents you're running. See where they come from, what needs fixing, and what has updates.

skill-manager is a Claude Code plugin that scans all your installed skills and gives you a clean inventory with structural checks and update notifications.

Install

Run in your terminal:

claude plugin install skill-manager@skill-manager

Usage

# See all your skills, sources, and issues
/skill-check

# Fix structural issues (user-owned skills only)
/skill-check --fix

# Machine-readable output
/skill-check --json

# Offline mode (skip GitHub update checks)
/skill-check --no-update

What It Does

  1. Inventory — Lists every skill with description, source, GitHub repo link, and token count
  2. Structure checks — Validates frontmatter (name, description, version)
  3. Update checks — Queries GitHub for newer versions of plugins and standalone skills

Claude groups your skills by category and presents a clean report:

## Skills
| Skill       | Description                        | Source     | Repo                | Tokens |
|-------------|------------------------------------|------------|---------------------|--------|
| fastapi     | Build Python APIs with FastAPI...  | manual     |                     | ~6808  |
| helius      | Build Solana apps with Helius...   | standalone | sendaifun/skills    | ~2715  |
| find-skills | Discover installable agent skills  | standalone | vercel-labs/skills  | ~1157  |
| tdd-workflow| TDD with 80%+ coverage             | everything-cc |                  | ~2406  |

## Structure Issues
- 2 skills missing frontmatter entirely
- 88 skills missing version field

## Updates Available
- azure-ai: newer version available (2026-02-26 → 2026-03-14)

Auto-Fix (--fix)

/skill-check --fix can automatically repair:

  • Missing frontmatter (STRUCT-002)
  • Missing name field (STRUCT-003)
  • Missing version field (STRUCT-005)

All fixes show diffs and ask for confirmation before applying.

Protection Rules

--fix never modifies:

  • Plugin skills (everything-claude-code, superpowers, feature-dev, etc.)
  • Anthropic official skills (skill-creator, code-review, figma, etc.)
  • Standalone skills from external repositories

Only user-created skills in ~/.claude/skills/ and project-level .claude/skills/ can be fixed.

Configuration

Create ~/.claude/skill-manager/config.json to customize:

{
  "ignoredSkills": ["my-experimental-skill"]
}

FAQ

Will it modify my skills?
/skill-check is read-only by default. --fix shows diffs and asks for confirmation. It never touches plugin or official skills.

How does update checking work?
Uses gh CLI (authenticated, 5000 req/hr) with fetch() fallback (60 req/hr). Results are cached for 1 hour. Use --no-update for offline mode.

License

MIT

Contributors


VersoXBT
💻 📖
Claude
🤖 💡

Yorumlar (0)

Sonuc bulunamadi