[FEATURE] Plugin signing and integrity verification

Resolved 💬 2 comments Opened Mar 1, 2026 by alexeyv Closed Mar 1, 2026

Plugins execute with full user permissions (shell access, file system, hooks) but are distributed with no cryptographic signing or integrity verification.

When a user runs claude plugin install or claude plugin update, there is no check that the content is authentic, untampered, or published by the claimed author. A compromised marketplace repo silently delivers malicious content to every consumer.

Every major package ecosystem has addressed this: npm (Sigstore provenance), Docker (Content Trust), VS Code (VSIX signatures), macOS (code signing), PyPI (PEP 740 attestations).

Plugins need at minimum content hash pinning and publisher signature verification.

Related: #28879, #5984

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗