This document describes security considerations for the claudestuff plugin marketplace.
When you install a plugin from this marketplace, you're granting it the same permissions that Claude Code has in your environment:
| Access Type | What This Means |
|---|---|
| File System | Read/write to any files Claude Code can access |
| Command Execution | Run bash commands, PowerShell scripts |
| Network | Make HTTP requests (if Claude Code allows) |
| MCP Servers | Connect to configured MCP servers |
Important: Plugins run with full Claude Code permissions. Only install plugins you trust.
Several plugins in this marketplace integrate with MCP (Model Context Protocol) servers:
- SimpleMem - Local memory storage
- OpenMemory - Persistent memory across sessions
- Local vs Remote: All MCP servers in this marketplace are configured for local operation
- Data Storage: MCP servers store data locally (typically in
~/.cache/or configured directories) - No External Transmission: No data is sent to external services unless you explicitly configure it
- Server Access: MCP servers run locally and are only accessible to Claude Code
| Plugin | Data Accessed | Storage |
|---|---|---|
| ms-office-suite | Office documents | Processed files in working directory |
| professional-agents | Task context | No persistent storage |
| personal-finance | Transaction CSV files, portfolio data | No persistent storage |
| ghostwriter | Writing samples | Voice profiles at ~/.claude/ghostwriter-profiles/ |
- Do not store credentials, API keys, or passwords in files processed by plugins
- Do not process confidential documents without understanding data flow
- State files (like
Claude-State-Tracking.md) may contain task summaries
Agents defined in plugins operate within Claude Code's permission system:
- Tool Access: Agents can use any tool Claude Code has access to
- No Privilege Escalation: Agents cannot access more than Claude Code itself
- Audit Trail: All agent actions appear in the Claude Code session output
- User Approval: Sensitive operations may prompt for confirmation depending on your Claude Code settings
If you discover a security vulnerability in this marketplace:
- Do Not open a public GitHub issue
- Email the maintainer directly (or use GitHub's private vulnerability reporting)
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if you have one)
Yes, report these:
- Plugin code that exfiltrates data unexpectedly
- Command injection vulnerabilities
- Insecure default configurations
- Credential exposure in logs or state files
- MCP server misconfiguration allowing unauthorized access
Not security issues (but still bugs):
- Plugin fails to handle malformed input gracefully
- Error messages expose file paths
- Plugin requires more permissions than documented
This is a personal showcase, not a commercial product. Response times reflect that:
- Acknowledgment: Within 1 week
- Assessment: Within 2 weeks
- Fix (if applicable): Best effort, depends on severity
- Review the source code - All plugins are open source; read what they do
- Check the README - Understand what access the plugin needs
- Test in isolation - Try plugins on non-sensitive data first
- Monitor Claude Code output - Watch for unexpected file access or commands
- Use minimal permissions - Configure Claude Code with appropriate sandboxing
- Keep backups - Plugins can modify files; maintain vault backups
- Local only - Don't expose MCP servers to network
- Regular cleanup - Periodically review stored memories
- Understand retention - Know how long data is kept
| Date | Change |
|---|---|
| 2026-01-22 | Initial security policy |