[FEATURE] Plugin signing and integrity verification
Plugins execute with full user permissions (shell access, file system, hooks) but are distributed with no cryptographic signing or integrity verification.
When a user runs claude plugin install or claude plugin update, there is no check that the content is authentic, untampered, or published by the claimed author. A compromised marketplace repo silently delivers malicious content to every consumer.
Every major package ecosystem has addressed this: npm (Sigstore provenance), Docker (Content Trust), VS Code (VSIX signatures), macOS (code signing), PyPI (PEP 740 attestations).
Plugins need at minimum content hash pinning and publisher signature verification.
Related: #28879, #5984
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗