Claude Code Extensions Registry
Single source of truth for all Claude Code extensions used across SecurityV0 repos. Every plugin, skill, agent, MCP server, and hook is listed here with its location, status, and purpose.
Related docs:
Plugins
Installed (Recommended)
Plugins every developer should install. These are verified and provide clear value.
| Plugin | Source | Version | What it does | Install command |
|---|
typescript-lsp | Official marketplace | 1.0.0 | Real-time TS type diagnostics after every edit -- catches errors before tests | claude plugin install typescript-lsp |
superpowers | Official marketplace | 5.0.6 | 15 workflow skills: TDD, systematic debugging, plan writing/execution, parallel agents, worktrees, code review | claude plugin install superpowers |
claude-mem | thedotmack | 10.6.2 | Cross-session memory capture -- auto-records what Claude does, compresses with AI, injects relevant context into future sessions | claude plugin marketplace add thedotmack/claude-mem && claude plugin install claude-mem@thedotmack |
Superpowers skills inventory
The superpowers plugin adds these skills (all auto-available after install):
| Skill | When to use |
|---|
test-driven-development | Writing tests before implementation |
systematic-debugging | Structured root cause analysis |
writing-plans | Designing implementation plans with Claude |
executing-plans | Following through on approved plans |
subagent-driven-development | Delegating work to focused sub-agents |
dispatching-parallel-agents | Running multiple agents concurrently |
verification-before-completion | Final check before marking work done |
using-git-worktrees | Isolated development with worktrees |
finishing-a-development-branch | Clean up and prepare for merge |
requesting-code-review | Generating review requests |
receiving-code-review | Processing review feedback |
brainstorming | Structured idea generation |
writing-skills | Meta-skill for creating new skills |
Pre-installed (Came with Setup)
These were configured during initial project setup and are already available.
| Plugin | Source | What it does |
|---|
notion-workspace-plugin | Notion marketplace | Read/write Notion pages and databases via OAuth |
frontend-design | Official marketplace | Design system for building production-grade UIs |
figma | Official marketplace | Figma integration (currently disabled) |
Evaluated -- Not Installed
Plugins and tools we investigated and decided not to install, with reasons.
| Plugin / Tool | Source | Verdict | Why |
|---|
codebase-memory-mcp (DeusData) | GitHub | DO NOT INSTALL | Security issues: path traversal, symlink following, no auth on delete. Too young (v0.3.2, 7 days old at evaluation 2026-03-03). Re-evaluate in 3-6 months. |
pyright-lsp | Official marketplace | DEFERRED | Valuable for Python projects, but our Python footprint (connectors, scripts) is small relative to TypeScript. Install when Python work increases. |
hairyhenderson/obsidian-tasks-mcp | GitHub | SKIP | Too narrow -- tasks-only, doesn't help with general vault access. |
Serena (oraios/serena) | GitHub | WATCH | LSP-based code queries -- best alternative to codebase-memory-mcp. 97% token savings for symbol lookups. Consider if structural code queries become a pain point. |
Context7 | Official marketplace | INSTALLED SEPARATELY | External docs lookup (not codebase). Already available as MCP server, not needed as plugin. |
To Evaluate
Plugins and tools on our radar that haven't been assessed yet.
| Plugin / Tool | Source | Why it's interesting | Priority |
|---|
memsearch (Zilliz) | GitHub | Vector-based memory search -- may be better than claude-mem for large histories | Low |
julep-ai/memory-store-plugin | GitHub | Dev tracking, git commit analysis, team knowledge base | Low |
pr-review-toolkit | Official marketplace | Specialized PR review agents -- may complement our /review-pr skill | Medium |
code-review | Official marketplace | Anthropic-verified code review plugin | Medium |
playwright (Microsoft) | Official marketplace | Browser automation -- could replace our custom Playwright scripts | Medium |
| Auto Dream | Built-in (server-side) | Auto-consolidates memory files every 24h. Server-side rollout -- check via /memory. No install needed. | Watch |
Skills
Shared skills (sv0-skills -- auto-discovered everywhere)
| Skill | Location | Status | What it does | When to use |
|---|
/sprint-review | sv0-skills/sprint-review/SKILL.md | Active | Generates visual sprint review with before/after screenshots, GitHub status collection, verdict derivation, HTML rendering, and Cloudflare deployment | End of sprint -- producing stakeholder-facing review |
/excalidraw-diagram | sv0-skills/excalidraw-diagram/SKILL.md | Active | Creates Excalidraw diagrams (architecture, workflows, data flows) with automated PNG rendering via Playwright. Forked from coleam00, brand colors customized. Requires uv + Playwright. | Architecture diagrams, flow charts, system overviews |
/review-pr | sv0-skills/review-pr/SKILL.md | Active | Reviews any PR for code quality, security, and correctness -- posts structured feedback as a PR comment | Code review on any SecurityV0 PR |
/track | sv0-skills/track/SKILL.md | Active | Create, claim, and close GitHub Issues across all SecurityV0 repos. Enforced by pre-prompt hook. | Task management: /track create, /track close, /track status |
/stakeholder-review | sv0-skills/stakeholder-review/SKILL.md | Active | 7-role parallel review (CISO, SecOps, QA, UX, Auditor, Enterprise, CEO). Produces consolidated scorecard with round-over-round tracking. | Multi-perspective feature review |
/platform-visual-capture | sv0-skills/platform-visual-capture/SKILL.md | Active | Orchestrates Playwright screenshot capture for all UI pages + entity details | Capturing complete visual snapshot of platform UI |
Per-repo skills
| Skill | Location | Status | What it does | When to use |
|---|
/deploy | sv0-platform/.claude/skills/deploy/SKILL.md | Active | Production deployment to Hetzner via SSH + Docker | Deploying to production |
/deploy-dev | sv0-platform/.claude/skills/deploy-dev/SKILL.md | Active | PR preview deployment to pr-N.dev.securityv0.com | PR preview instances |
/review-ui | sv0-platform/.claude/skills/review-ui/SKILL.md | Active | Evaluates UI against product vision | UX review against design intent |
/visual-review | sv0-platform/.claude/skills/visual-review/SKILL.md | Active | Pixel-diff screenshot comparison for PRs | Visual regression checks |
/notion | sv0-documentation/.claude/skills/notion/SKILL.md | Active | Notion page sync -- fetch, convert to markdown, write to repo | Syncing Notion specs to documentation |
/sync-notion | sv0-documentation/.claude/skills/sync-notion/SKILL.md | Active | Notion-to-docs sync with mkdocs layout awareness | Bulk Notion sync operations |
Agents
| Agent | Location | Status | Model | What it does | When to use |
|---|
ciso-reviewer | sv0-platform/.claude/agents/ciso-reviewer.md | Active | Opus | 15-year CISO persona (Wiz, CrowdStrike, Veza). Evaluates 5-second comprehension, "so what?", "what do I do now?", credibility, noise-vs-signal. Read-only -- cannot edit files. | Validating UX copy, finding descriptions, evidence packs |
security-auditor | sv0-platform/.claude/agents/security-auditor.md | Active | Opus | Audits code for tenant isolation, input validation, read-only invariant, secret handling, evidence integrity, determinism. Reports by severity (CRITICAL/HIGH/MEDIUM/INFO) with file paths and line numbers. Read-only. | Security review of code changes |
doc-reviewer | sv0-documentation/.claude/agents/doc-reviewer.md | Active | Sonnet | Checks API contracts, type definitions, file references, code examples, stale content, and missing docs against the codebase. Reports as WRONG/STALE/MISSING/DRIFT. Language-agnostic. | Documentation accuracy checks |
All agents use permissionMode: default. Platform agents (ciso-reviewer, security-auditor) are platform-only. The doc-reviewer is shared via auto-discovery from all repos.
MCP Servers
Installed
| Server | Transport | Status | What it enables | Install command |
|---|
| GitHub | HTTP | GA (official) | Issues, PRs, Projects, Actions, code security | claude mcp add --transport http github https://api.githubcopilot.com/mcp/ |
| Notion | HTTP | GA (official) | Read/create/edit pages, query databases | claude mcp add --transport http notion https://mcp.notion.com/mcp |
Available but not installed
| Server | Status | Notes |
|---|
| Slack | GA (partner-app model, Feb 2026) | Webhook-first for now. See docs.slack.dev for partner app setup. |
| Jira (Atlassian Rovo) | GA | We don't use Jira. Available if needed. |
| DigitalOcean | GA | Not needed -- we use Hetzner. |
| StackHawk (DAST) | Beta | Premature for a 3-person team. |
| Context7 | GA | External docs lookup. Installed as MCP server, not as plugin. |
Hooks
| Hook | Location | Trigger | What it does |
|---|
| GitHub Issue Injection | sv0-platform/.claude/hooks/check-github-issues.sh | UserPromptSubmit -- fires before Claude processes your message | Queries GitHub for open issues across SecurityV0 repos and injects them into Claude's context. Prevents duplicating existing work. |
| Slack Session Summary | sv0-platform/.claude/hooks/session-summary-to-slack.sh | Stop -- fires when Claude finishes responding | If commits were created in the last 10 minutes, posts a summary to #sv0-dev via the Slack webhook. No commits = no post. Requires SLACK_WEBHOOK_URL in .claude/settings.local.json. |
How to Add an Extension
Adding a new evaluation
When you evaluate a new plugin or skill:
- Install and test it in a real workflow (not just "hello world")
- Add it to the appropriate section above with:
- Source and version
- What it does (one line)
- Verdict: INSTALL, DEFERRED, SKIP, or WATCH
- Why (specific reason, not "seems good")
- If recommending install, add the install command and update the onboarding guide
- Commit to
sv0-documentation
Skill placement rule of thumb
Goes in sv0-skills (shared) | Stays in repo .claude/skills/ |
|---|
| Useful across all SV0 repos | Only makes sense in one repo |
| No hardcoded paths or server IPs | References deployment targets, config file paths, Notion IDs |
| Pure capability (diagram, review, track) | Repo-specific workflow (deploy, sync-notion) |
Useful Links