AgentSkillsCN

Enhance Plugins

增强插件功能

SKILL.md
<!-- AUTO-GENERATED by scripts/gen-adapters.js - DO NOT EDIT -->

name: enhance-plugins description: "Use when analyzing plugin structures, MCP tools, and plugin security patterns." version: 5.0.0 argument-hint: "[path] [--fix]"

OpenCode Note: Invoke agents using @agent-name syntax. Available agents: task-discoverer, exploration-agent, planning-agent, implementation-agent, deslop-agent, delivery-validator, sync-docs-agent, consult-agent Example: @exploration-agent analyze the codebase

enhance-plugins

Analyze plugin structures, MCP tools, and security patterns against best practices.

Parse Arguments

(JavaScript reference - not executable in OpenCode)

Plugin Locations

PlatformLocation
Claude Codeplugins/*/, .claude-plugin/plugin.json
OpenCode.opencode/plugins/, MCP in opencode.json
CodexMCP in ~/.codex/config.toml

Workflow

  1. Discover - Find plugins in plugins/ directory
  2. Load - Read plugin.json, agents, commands, skills
  3. Analyze - Run pattern checks by certainty level
  4. Report - Generate markdown output
  5. Fix - Apply auto-fixes if --fix (HIGH certainty only)

Detection Patterns

1. Tool Schema Design (HIGH)

Based on function calling best practices:

Required elements:

json
{
  "name": "verb_noun",
  "description": "What it does. When to use. What it returns.",
  "input_schema": {
    "type": "object",
    "properties": {
      "param": {
        "type": "string",
        "description": "Format and example"
      }
    },
    "required": ["param"],
    "additionalProperties": false
  }
}

The "Intern Test" - Can someone use this tool given only the description?

IssueCertaintyAuto-Fix
Missing additionalProperties: falseHIGHYes
Missing required arrayHIGHYes
Missing tool descriptionHIGHNo
Missing param descriptionsMEDIUMNo
Vague names (search, process)MEDIUMNo

2. Description Quality (HIGH)

Tool descriptions must include:

  • What the function does
  • When to use it (trigger context)
  • What it returns
json
// Bad - vague
"description": "Search for things"

// Good - complete
"description": "Search product catalog by keyword. Use for inventory queries or price checks. Returns matching products with prices."

Parameter descriptions must include:

  • Format expectations
  • Example values
  • Relationships to other params
json
// Bad
"query": { "type": "string" }

// Good
"query": {
  "type": "string",
  "description": "Search keywords. Supports AND/OR. Example: 'laptop AND gaming'"
}

3. Schema Structure (MEDIUM)

IssueWhy It Matters
Deep nesting (>2 levels)Reduces generation quality
Missing enums for constrained valuesAllows invalid states
No min/max on numbersUnbounded inputs
>20 tools per pluginIncreases error rates

Prefer flat structures:

json
// Bad - nested
{ "config": { "settings": { "timeout": 30 } } }

// Good - flat
{ "timeout_seconds": 30 }

4. Plugin Structure (HIGH)

Required files:

code
plugin-name/
├── .claude-plugin/
│   └── plugin.json      # name, version, description
├── commands/            # User-invokable commands
├── agents/              # Subagent definitions
├── skills/              # Reusable skill implementations
└── package.json         # Optional, for npm plugins

plugin.json validation:

  • name: lowercase, kebab-case
  • version: semver format (^\d+\.\d+\.\d+$)
  • description: explains what plugin provides

Version sync: plugin.json version must match package.json if present.

5. MCP Server Patterns (MEDIUM)

For plugins exposing MCP tools:

Transport types:

  • stdio - Standard I/O (most common)
  • http - HTTP/SSE transport

Configuration:

json
{
  "mcp": {
    "server-name": {
      "type": "local",
      "command": ["node", "path/to/server.js"],
      "environment": { "KEY": "value" },
      "enabled": true
    }
  }
}

Security principles:

  • User consent for data access
  • No transmission without approval
  • Tool descriptions are untrusted input

6. Security Patterns (HIGH)

HIGH Certainty issues:

PatternRiskDetection
Unrestricted BashCommand executiontools:.*Bash[^(]
Command injectionShell escape\${.*} in commands
Path traversalFile access\.\.\/ in paths
Hardcoded secretsCredential leakAPI keys, passwords

MEDIUM Certainty issues:

PatternRisk
Broad file accessData exfiltration
Missing input validationInjection attacks
No timeout on toolsResource exhaustion

Input validation required: (JavaScript reference - not executable in OpenCode)

7. Error Handling (MEDIUM)

Tools should return structured errors:

json
{
  "type": "tool_result",
  "tool_use_id": "id",
  "content": "Error: [TYPE]. [WHAT]. [SUGGESTION].",
  "is_error": true
}

Retry guidance:

  • Transient (429, 503): exponential backoff
  • Validation (400): no retry, return error
  • Timeout: configurable, default 30s

8. Tool Count (LOW)

"Less-is-More" approach:

  • Research shows reducing tools improves accuracy by up to 89%
  • Limit to 3-5 relevant tools per task context
  • Consider dynamic tool loading for large toolsets

Auto-Fixes

IssueFix
Missing additionalPropertiesAdd "additionalProperties": false
Missing requiredAdd all properties to required array
Version mismatchSync plugin.json with package.json

Output Format

markdown
## Plugin Analysis: {name}

**Files scanned**: {count}

| Certainty | Count |
|-----------|-------|
| HIGH | {n} |
| MEDIUM | {n} |

### Tool Schema Issues
| Tool | Issue | Fix | Certainty |

### Structure Issues
| File | Issue | Certainty |

### Security Issues
| File | Line | Issue | Certainty |

Pattern Statistics

CategoryPatternsCertainty
Tool Schema5HIGH
Descriptions2HIGH
Schema Structure4MEDIUM
Plugin Structure3HIGH
MCP Patterns2MEDIUM
Security6HIGH/MEDIUM
Error Handling2MEDIUM
Tool Count1LOW
Total25-
<examples> ### Schema Strictness <bad_example> ```json { "properties": { "path": { "type": "string" } } } ``` </bad_example> <good_example> ```json { "properties": { "path": { "type": "string", "description": "File path" } }, "required": ["path"], "additionalProperties": false } ``` </good_example>

Tool Description

<bad_example>

json
"description": "Search for things"

</bad_example> <good_example>

json
"description": "Search product catalog by keyword. Use for inventory or price queries. Returns products with prices."

</good_example>

Security

<bad_example>

yaml
tools: Read, Bash  # Unrestricted

</bad_example> <good_example>

yaml
tools: Read, Bash(git:*)  # Scoped

</good_example> </examples>

References

  • agent-docs/FUNCTION-CALLING-TOOL-USE-REFERENCE.md - Tool schema, descriptions, security
  • agent-docs/CLAUDE-CODE-REFERENCE.md - Plugin structure, MCP config
  • agent-docs/OPENCODE-REFERENCE.md - OpenCode MCP integration
  • agent-docs/CODEX-REFERENCE.md - Codex MCP config

Constraints

  • Auto-fix only HIGH certainty issues
  • Security warnings are advisory - do not auto-fix
  • Preserve existing plugin.json fields
  • Never modify tool behavior, only schema definitions