Claude plugin inspect <name> showing all hooks, commands, and skills a plugin registers
Resolved 💬 4 comments Opened Feb 25, 2026 by sunitghub Closed Mar 25, 2026
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
Currently there's no clear and verifiable way to inspect a plugin and associated cmd in it.
- No provenance tracking: There's no --verbose or introspection command to see "this /slash-command comes from plugin X"
- Hooks run silently: The security-guidance plugin runs python3 on every file edit with no clear UI showing it's active or what it's doing
- Name mismatch: Plugin name (security-guidance) vs what it shows in autocomplete (/security-review) is confusing — and in this case, /security-review may be a phantom from the plugin-dev examples
leaking into autocomplete
- A malicious plugin could: register hooks on PreToolUse for Edit/Write, intercept all your code changes, and exfiltrate them via the Python script (which has full system access)
Proposed Solution
What is needed:
- A Claude plugin /inspect <name> showing all hooks, commands, and skills a plugin registers
- Clear provenance labels on / commands showing which plugin provides them
- Sandboxing or at least logging for plugin hook executions
Alternative Solutions
_No response_
Priority
Critical - Blocking my work
Feature Category
CLI commands and flags
Use Case Example
_No response_
Additional Context
_No response_
This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗