Claude plugin inspect <name> showing all hooks, commands, and skills a plugin registers

Resolved 💬 4 comments Opened Feb 25, 2026 by sunitghub Closed Mar 25, 2026

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

Currently there's no clear and verifiable way to inspect a plugin and associated cmd in it.

  • No provenance tracking: There's no --verbose or introspection command to see "this /slash-command comes from plugin X"
  • Hooks run silently: The security-guidance plugin runs python3 on every file edit with no clear UI showing it's active or what it's doing
  • Name mismatch: Plugin name (security-guidance) vs what it shows in autocomplete (/security-review) is confusing — and in this case, /security-review may be a phantom from the plugin-dev examples

leaking into autocomplete

  • A malicious plugin could: register hooks on PreToolUse for Edit/Write, intercept all your code changes, and exfiltrate them via the Python script (which has full system access)

Proposed Solution

What is needed:

  1. A Claude plugin /inspect <name> showing all hooks, commands, and skills a plugin registers
  2. Clear provenance labels on / commands showing which plugin provides them
  3. Sandboxing or at least logging for plugin hook executions

Alternative Solutions

_No response_

Priority

Critical - Blocking my work

Feature Category

CLI commands and flags

Use Case Example

_No response_

Additional Context

_No response_

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗