AI Plugin Scanner
The hashgraph-online/ai-plugin-scanner repository now ships two related products:
hol-guardfor local harness protection before Codex, Claude Code, Cursor, Gemini, or OpenCode launch new or changed toolsplugin-scannerfor repository and CI quality gates across Codex, Claude Code, Gemini CLI, and OpenCode plugin ecosystems
Use the scanner after a plugin is scaffolded and before publishing, registry ingestion, or GitHub review. Use Guard on developer machines where you want artifact trust and approval flows in front of local harness launches.
Canonical docs URL: https://hol.org/docs/libraries/ai-plugin-scanner/
Package MapDirect link to Package Map
pip install hol-guard
pip install plugin-scanner
The repository name is ai-plugin-scanner, but the published scanner CLI remains plugin-scanner. Older automation can still invoke compatibility aliases such as codex-plugin-scanner, but new docs and workflows should point at plugin-scanner and hashgraph-online/ai-plugin-scanner.
HOL GuardDirect link to HOL Guard
hol-guard protects local harness launches. It detects supported harnesses, installs Guard in front of them, records receipts for changed artifacts, and routes blocked changes into either inline approvals or the local approval center.
Primary commands:
hol-guard bootstrap
hol-guard install codex
hol-guard run codex --dry-run
hol-guard run codex
hol-guard approvals
hol-guard receipts
hol-guard status
hol-guard detect codex --json
Supported harnesses today:
codexclaude-codecursorgeminiopencode
Start with these Guard guides:
- Guard get started
- Local-first runtime and approvals
- Local-first and optional cloud
- Approval center and audit trail
- Guard architecture
- Harness support matrix
- Codex harness
- Claude Code harness
- Cursor harness
- Gemini harness
- OpenCode harness
- Testing and validation
When local Guard is already working and you want the signed-in operating model:
- Guard Cloud command center
- Devices and shared trust memory
- Inventory, ABOM, and artifact detail
- Receipts, changes, and history
- Alerts, watchlists, and advisories
- Team policy and delegated approvals
- Exceptions and expiring windows
- Billing, credits, and plans
plugin-scannerDirect link to plugin-scanner
plugin-scanner is the CI and maintainer-facing quality suite. It scans plugin manifests, marketplace metadata, skills, MCP configuration, apps, assets, and repository security posture. It can work against a single plugin or auto-detect supported plugin ecosystems inside a repository root.
EcosystemsDirect link to Ecosystems
plugin-scanner --list-ecosystems
Current built-in ecosystem adapters:
- Codex
- Claude Code
- Gemini CLI
- OpenCode
Scanner quick startDirect link to Scanner quick start
pip install plugin-scanner
plugin-scanner lint .
plugin-scanner verify .
plugin-scanner scan . --format json
plugin-scanner verify . --online
plugin-scanner doctor . --component mcp --bundle dist/doctor.zip
Command surfaceDirect link to Command surface
| Command | Purpose |
|---|---|
scan | Weighted repository or plugin scan with policy evaluation |
lint | Rule-level findings, --list-rules, --explain, and safe autofix support |
verify | Runtime and install-surface readiness checks, with optional --online probing |
submit | Scan + verify + policy gate that emits a plugin-quality artifact |
doctor | Component diagnostics and zipped troubleshooting bundles |
What it checksDirect link to What it checks
plugin-scanner currently covers:
- plugin manifests and marketplace metadata
- MCP stdio and remote HTTP verification
- skills, assets, and
.app.jsonsurfaces - security posture such as secrets, dangerous commands, action pinning, and lockfiles
- trust provenance for skills, MCP configuration, and top-level plugin packages
It supports policy profiles (default, public-marketplace, strict-security), baseline suppressions, config files like .plugin-scanner.toml, JSON/Markdown/SARIF output, and repository-mode scanning for marketplace roots that enumerate local plugins under ./plugins/....
Start with these scanner guides:
- Scanner quick start
- Ecosystems and repository mode
- Quality suite commands
- Policies, output, and trust provenance
- Trust provenance guide
- Report formats and CI automation
GitHub ActionDirect link to GitHub Action
The Marketplace wrapper lives in the dedicated hashgraph-online/ai-plugin-scanner-action repository. Use it when you want scanner checks in pull requests, release workflows, submission intake, or code-scanning automation without installing the CLI yourself.
Start with these action guides:
Trust Score ProvenanceDirect link to Trust Score Provenance
The scanner emits explicit trust provenance alongside quality grades:
- bundled skills use published HCS-28 baseline adapter IDs, weights, and denominator rules
- MCP configuration trust uses HCS-style adapter and contribution-mode patterns
- top-level plugin trust follows the same pattern locally
Start with the local trust guide:
Config FileDirect link to Config File
# .plugin-scanner.toml
[scanner]
profile = "public-marketplace"
baseline_file = "baseline.txt"
ignore_paths = ["tests/*", "fixtures/*"]
[rules]
disabled = ["README_MISSING"]
severity_overrides = { CODEXIGNORE_MISSING = "low" }
[verification]
online = false
[submission]
repos = ["hashgraph-online/awesome-codex-plugins"]
labels = ["plugin-submission"]
Container UsageDirect link to Container Usage
docker run --rm \
-v "$PWD:/workspace" \
ghcr.io/hashgraph-online/ai-plugin-scanner:<version> \
scan /workspace --format text
ResourcesDirect link to Resources
- hol-guard on PyPI
- plugin-scanner on PyPI
- HOL Plugin Registry
- GitHub Repository
- AI Plugin Scanner Action
Project BasicsDirect link to Project Basics
| Aspect | Status |
|---|---|
| License | Apache-2.0 |
| Latest Release | See the GitHub releases and linked package distributions |
| Supported Products | hol-guard, plugin-scanner, and the ai-plugin-scanner-action GitHub Action |
| Security Policy | SECURITY.md |