[FEATURE] Plugin signing and integrity verification
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
Plugins execute with full user permissions — shell access, file system, hooks — but are distributed with no cryptographic signing or integrity verification.
When a user runs claude plugin install or claude plugin update, there is no check that the content is authentic, untampered, or published by the claimed author. A compromised marketplace repo silently delivers malicious content to every consumer who updates.
Proposed Solution
At minimum:
- Content hash pinning: record a hash at install time, verify on load, warn if content changed without a version bump
- Publisher signature verification: allow marketplace owners to sign releases with a key declared in the manifest, reject updates that fail verification
Alternative Solutions
Every major package ecosystem has addressed this: npm (Sigstore provenance), Docker (Content Trust), VS Code (VSIX signatures), macOS (code signing), PyPI (PEP 740 attestations).
Currently there is no workaround. Consumers must blindly trust that marketplace repos have not been compromised.
Related issues: #28879, #5984
Priority
Critical - Blocking my work
Feature Category
CLI commands and flags
Use Case Example
- Organization hosts an internal plugin marketplace as a git repo
- A maintainer account is compromised or the repo is pushed to by an attacker
- Developers across the org run
claude plugin update - Malicious hooks and skills silently activate with full shell access
- No verification fails, no warning is shown
- With signing, the update would be rejected because the content does not match the publisher key
Additional Context
_No response_
This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗