{"id":51146405,"url":"https://github.com/jfrog/claude-plugin","last_synced_at":"2026-06-26T03:01:41.692Z","repository":{"id":355056267,"uuid":"1209475618","full_name":"jfrog/claude-plugin","owner":"jfrog","description":null,"archived":false,"fork":false,"pushed_at":"2026-06-21T17:03:13.000Z","size":197,"stargazers_count":3,"open_issues_count":2,"forks_count":3,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-21T19:04:58.151Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jfrog.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-13T13:16:58.000Z","updated_at":"2026-06-21T17:03:15.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/jfrog/claude-plugin","commit_stats":null,"previous_names":["jfrog/claude-plugin"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/jfrog/claude-plugin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fclaude-plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fclaude-plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fclaude-plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fclaude-plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jfrog","download_url":"https://codeload.github.com/jfrog/claude-plugin/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fclaude-plugin/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34801014,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-26T02:00:06.560Z","response_time":106,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-06-26T03:01:40.970Z","updated_at":"2026-06-26T03:01:41.680Z","avatar_url":"https://github.com/jfrog.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# JFrog Plugin for Claude Code\n\nJFrog plugin for [Claude Code](https://claude.com/product/claude-code): artifact management, security scanning, and supply-chain best practices, and Agent Guard.\n\n## Features\n\nThe JFrog plugin provides the following capabilities, grouped by component:\n\n| Component | Feature | Description |\n| --- | --- | --- |\n| **Skill** | JFrog Platform | Interact with Artifactory repositories, builds, permissions, users, access tokens, projects, release bundles, and platform administration via the JFrog CLI and REST/GraphQL APIs. Also covers security audits, CVE lookups, and Advanced Security exposure queries. |\n| **Skill** | Package safety \u0026 download | Check whether npm, Maven, PyPI, Go, and other packages are safe, curated, or allowed, then download them through Artifactory remote caches or curation-aware package managers. |\n| **Hook** | Agent Guard | Claude manages MCPs through the JFrog Agent Guard. Through the Agent Guard you can discover, install, configure, update, and remove MCP servers from the JFrog AI Catalog approved for your project, and authenticate to remote HTTP MCPs via OAuth, API key, or bearer token. |\n\n---\n\n## Prerequisites\n\nBefore installing, make sure you have:\n\n- **JFrog host URL and access token** — Your JFrog platform URL and a valid access token.\n- **Claude Code CLI** (≥ 1.0) — The Claude Code CLI.\n- **Node.js** (≥ 14) — with `npx` on your `PATH` (used by the Agent Guard hook).\n- **Skill runtime requirements** — `jf` CLI, `jq`, and `curl` on `PATH`, plus a configured JFrog instance. For the minimum versions, see the upstream skills [`Requirements`](https://github.com/jfrog/jfrog-skills/blob/v0.11.0/README.md#requirements). Configure the CLI with `jf config add` — see [Authentication](#authentication).\n- **JFrog AI Catalog** (optional) — If you want to use the Agent Guard feature, your JFrog subscription needs to include the AI Catalog entitlement. Contact your JFrog account team if you're unsure whether it's enabled.\n- **JFrog project** (optional) — If you want to use the Agent Guard feature.\n\n---\n\n## Installation\n\n###  Install the Claude plugin\n\nInside Claude Code, run:\n\n```\n/plugin install jfrog\n```\n\n### Local development\n\nFrom a clone of this repository (repository root **is** the plugin root):\n\n```bash\nclaude --plugin-dir /path/to/claude-plugin\n```\n\n---\n\n## Authentication\n\n### 1. Set persistent environment variables\n\n| Variable | Description |\n| --- | --- |\n| `JFROG_URL` | Your JFrog platform URL, e.g. `https://mycompany.jfrog.io` |\n| `JFROG_ACCESS_TOKEN` | Your JFrog access token |\n\n### 2. Configure the JFrog CLI\n\nIf you have never configured the JFrog CLI on this machine:\n\n1. Open your terminal.\n2. Run:\n   ```bash\n   jf config add\n   ```\n3. Follow the interactive prompts to enter the same JFrog platform URL and access token.\n\n---\n\n## Usage\n\nOnce configured, interact with the JFrog plugin through natural language. Examples are grouped by capability.\n\n### JFrog Platform skill\n\n| Ask the agent… | What happens |\n| --- | --- |\n| \"List my Artifactory repositories.\" | Returns repositories via the JFrog CLI. |\n| \"Upload this build to Artifactory.\" | Publishes build artifacts and metadata. |\n| \"Run a security audit on this project.\" | Runs an Xray / Advanced Security audit and summarizes findings. |\n| \"Show me details on CVE-2021-23337.\" | Looks up CVE details in JFrog Advanced Security. |\n| \"Create a scoped access token for CI.\" | Creates an access token with the requested scope. |\n| \"Promote this release bundle to production.\" | Uses Lifecycle / Distribution APIs to promote the bundle. |\n\n### Package safety \u0026 download skill\n\n| Ask the agent… | What happens |\n| --- | --- |\n| \"Is `lodash@4.17.21` safe to install?\" | Checks JFrog Public Catalog signals and curation policy for the package. |\n| \"Is this Maven package approved for use?\" | Checks curation entitlement and policy for the requested package. |\n| \"Download `requests` via JFrog.\" | Resolves the package through an Artifactory remote cache or curation-aware package manager. |\n\n### MCP server management (Agent Guard)\n\n| Ask the agent… | What happens |\n| --- | --- |\n| \"Which MCP servers can I install?\" | Returns all MCP servers approved for your current project that you can install. |\n| \"What MCP servers do I already have?\" | Returns only the MCP servers already installed on your machine. |\n| \"Show me the details for the filesystem MCP server.\" | Returns detailed metadata, required configuration (environment variables, runtime arguments), and active tool policies for a given server. |\n| \"Add the GitHub MCP server.\" | Installs an approved MCP server and syncs its tool policies locally. Secrets are requested via a CLI command — never in chat. |\n| \"Update the environment variables for the Slack MCP.\" | Replaces the configuration for an already-installed server without removing and reinstalling it. |\n| \"Remove the Slack MCP server.\" | Removes the server and its stored credentials from your local setup. Changes apply immediately. |\n| \"Log in to the remote Jira MCP server using OAuth.\" | Authenticates with a remote HTTP-based MCP server (OAuth, API key, or bearer token). |\n| \"Log out of the Jira MCP server.\" | Removes stored authentication credentials for a server. |\n\n### How secrets are handled\n\nWhen an MCP server requires a sensitive configuration, the agent cannot set the value directly. Instead, it returns a CLI command for you to copy and run in your terminal. Secrets such as API keys, tokens, and connection strings are never exposed in the agent chat history.\n\n---\n\n## Troubleshooting\n\nSee the [JFrog MCP Registry troubleshooting guide](https://docs.jfrog.com/ai-ml/docs/mcp-registry-troubleshooting).\n\n---\n\n## Updating the vendored skills\n\nThe `skills/` tree is vendored from [`jfrog/jfrog-skills`](https://github.com/jfrog/jfrog-skills) at the version pinned in [`.github/scripts/sync-skills-vendor.json`](.github/scripts/sync-skills-vendor.json). To pull a newer upstream release into this repo:\n\n1. Bump `pin` in `.github/scripts/sync-skills-vendor.json` to the new tag (e.g. `v0.12.0`).\n2. Run the sync script from the repo root:\n\n   ```bash\n   node .github/scripts/sync-skills.mjs\n   ```\n\n   It downloads the pinned tarball from `codeload.github.com`, extracts it, and replaces the directories listed in `paths` (today: `skills/`).\n3. Bump `version` in [`.claude-plugin/plugin.json`](.claude-plugin/plugin.json) so users actually receive the update — Claude Code skips installs whose resolved version hasn't changed.\n4. Update the pinned-version link in the [Prerequisites](#prerequisites) section so the skill runtime requirements point at the new tag.\n5. Commit the pin bump, the regenerated `skills/` tree, the version bump, and the README link bump together, and open a PR.\n\nSee [`VENDOR.md`](VENDOR.md) for the full picture.\n\n---\n\n## Contributing\n\nSee [`CONTRIBUTING.md`](CONTRIBUTING.md) for development setup, coding conventions, and the pull-request process.\n\n## Security\n\nSee [`SECURITY.md`](SECURITY.md) for how to report vulnerabilities.\n\n## License\n\nLicensed under the [Apache License 2.0](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjfrog%2Fclaude-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjfrog%2Fclaude-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjfrog%2Fclaude-plugin/lists"}