Plugins are installable packages that bundle Claude Code extensions together — skills, MCP servers, hooks, and commands — into something you can share, install in one step, and toggle on or off as needed.
Think of them as the layer above raw skills and MCP servers. Instead of manually wiring up a SKILL.md, configuring an MCP server, and writing hooks separately, a plugin does all three and ships as a versioned package.
1.1 How Plugins Work
A plugin is a directory with a .claude-plugin/plugin.json manifest. It can contain any combination of:
Skills — slash commands Claude follows
MCP servers — connections to external tools and data
Hooks — scripts that run on specific events (session start, file save, etc.)
Agents — multi-step workflows
Install via the /plugin command in Claude Code or from the command line:
# Browse the official marketplace
/plugin
# Install directly
claude plugin install frontend-design@claude-plugins-official
# Install with a specific scope
claude plugin install security-guidance@claude-plugins-official --scope projectAfter installing, run /reload-plugins to activate without restarting.
1.2 Installation Scopes
This is important to get right — each scope has different sharing behaviour.
| Scope▲ | What it means▲ | Where it's stored▲ |
|---|---|---|
| User (default) | Available in all your projects | ~/.claude/settings.json |
| Project | Available to everyone on this repo | .claude/settings.json (committed) |
| Local | Available to you in this repo only | .claude/settings.local.json (gitignored) |
The rule of thumb:
Personal productivity plugins → user scope
Team standards that everyone should use → project scope
Experiments or personal overrides on a specific project → local scope
When the same plugin exists at both project and user scope, the project version wins. This means teams can enforce specific versions or configurations without breaking individual developer setups.
For our repos: security-related plugins (security-guidance, code-review) should be installed at project scope so everyone gets them automatically on clone.
1.3 Token Cost of Plugins
Every active plugin eats context — MCP servers in particular preload tool schemas at session start, typically 100–300 tokens per tool. A setup with many plugins can burn 50,000+ tokens before you've written a single prompt.
Enable plugins only when you need them. Disable when you don't.
# Disable a plugin you're not using right now
claude plugin disable context7@claude-plugins-official
# Re-enable when you need it
claude plugin enable context7@claude-plugins-official
# Check what's loaded and its status
/plugin1.4 Recommended Plugins
Here are the plugins worth knowing about, with notes on scope and when to use them.
Superpowers
Install scope: User
Source: superpowers@claude-plugins-official
The most broadly useful plugin on this list. Teaches Claude a solid set of development workflows: TDD (red/green cycle with tests first), systematic debugging, brainstorming, git workflow patterns, and how to author new skills. If you install one thing, install this.
What you get: skills for test-driven-development, systematic-debugging, root-cause-tracing, brainstorming, finishing-a-development-branch, and more. Each is a battle-tested workflow you can invoke any time.
Scope is user because these workflows are useful everywhere, not project-specific.
Frontend Design
Install scope: Project (for frontend repos) or User
Source: frontend-design@claude-plugins-official
Teaches Claude how to produce production-grade UI code that doesn't look like generic AI output. Covers component architecture, design system conventions, visual quality, and avoiding the "AI slop" aesthetic. Makes a real difference if you're building Zone A frontend apps or working on centrapp.
Use project scope in our frontend repos so everyone benefits. Install at user scope if you're frequently prototyping new UI stuff.
Context7
Install scope: User
Source: context7@claude-plugins-official
An MCP server that injects live, version-specific library documentation into Claude's context on demand. Instead of Claude guessing at the API for Next.js 15 or React 19 from training data that might be months old, it pulls the current docs.
When to enable it: whenever you're working with a fast-moving library (Next.js, React, Tailwind, Prisma) or anything where version differences matter. Disable when you're doing backend logic work or anything that doesn't need external docs — it burns tokens.
Don't leave it on all the time. Enable it for the session where it's useful.
Code Review
Install scope: Project
Source: code-review@claude-plugins-official
Adds a structured /code-review command that runs parallel review agents — one for logic and reuse, one for quality, one for efficiency — and gives you consolidated findings. Works well as the pre-PR habit from Section 6.
Install at project scope so it's available to everyone on the repo. This is effectively the automated version of our shared code-review skill, but with more sophisticated multi-agent coordination.
CLAUDE.md Management
Install scope: User
Source: claude-md-management@claude-plugins-official
Helps you create, validate, and improve CLAUDE.md files. Useful when setting up a new repo or doing a capability level audit (see Section 4.2). It knows about the L0–L6 maturity model and can suggest what's missing at each level.
User scope — you'll use it across multiple projects when setting things up, not as a per-project tool.
Security Guidance
Install scope: Project
Source: security-guidance@claude-plugins-official
Hooks into Claude's file edit pipeline to catch security issues before they're written. When Claude is about to write code with command injection risk, XSS exposure, or unsafe input handling, the hook intercepts, flags it, and explains the risk with a fix suggestion.
This is pre-emptive, not post-hoc — it acts before the code lands on disk rather than catching it in a later review step. For Zone B repos, install at project scope.
Playwright
Install scope: Project (frontend repos) or Local
Source: playwright@claude-plugins-official
Opens a real Chrome window that Claude controls. Instead of writing test scripts, you describe interactions in natural language — "fill out the signup form and submit" — and Claude executes them in a visible browser. Good for testing frontend flows and watching Claude navigate your UI in real time.
Install at project scope in repos where browser testing makes sense. Local scope if you want it for personal testing only without committing it to the shared config.
Skill Creator
Install scope: User
Source: skill-creator@anthropic-official
A meta-skill for building and evaluating your own skills. It guides you through authoring a SKILL.md, then runs an eval framework against real examples to measure whether the skill actually works. Anthropic built this to remove the guesswork from skill development.
Useful when adding to our shared skills catalog (Section 5). Use it before shipping a new company skill so you know it's reliable.
Figma
Install scope: Local or User
Source: figma@claude-plugins-official
MCP server connecting Claude to the Figma API. Claude can read design files, inspect component specs, extract tokens and measurements, and reference designs while writing implementation code. If you're translating Figma designs into frontend code, this closes the gap between spec and output.
Local scope is fine — it needs your personal Figma API token configured, so it's inherently user-specific.
PR Review Kit
Install scope: Project
Source: pr-review-kit@claude-plugins-official
Multi-agent PR review: runs parallel agents with confidence-based filtering to catch issues across security, performance, standards compliance, and code quality. Outputs findings sorted by severity. Integrates well with the CI/CD setup in Section 14.
Project scope — this benefits the whole team and ensures consistent review depth on every PR.
1.5 Our Recommended Plugin Setup
Install at user scope (everyone should have these):
claude plugin install superpowers@claude-plugins-official --scope user
claude plugin install context7@claude-plugins-official --scope user
claude plugin install claude-md-management@claude-plugins-official --scope user
claude plugin install skill-creator@claude-plugins-official --scope userAdd to project scope in Zone B repos (committed to .claude/settings.json):
claude plugin install code-review@claude-plugins-official --scope project
claude plugin install security-guidance@claude-plugins-official --scope project
claude plugin install pr-review-kit@claude-plugins-official --scope projectAdd to project scope in frontend repos:
claude plugin install frontend-design@claude-plugins-official --scope project
claude plugin install playwright@claude-plugins-official --scope projectPersonal / situational (install locally when you need them):
claude plugin install figma@claude-plugins-official --scope local