A curated collection of plugins and tools designed for AI-assisted development. This marketplace enables discovery and distribution of quality-controlled, well-maintained plugins for use with Claude Code and other AI development tools.
This marketplace is hosted in a private GitHub repository and requires GitHub authentication to access.
Choose one of the following authentication methods:
Option 1: GitHub CLI (Recommended)
-
Install GitHub CLI if not already installed:
# macOS brew install gh # Windows winget install --id GitHub.cli # Linux # See https://github.com/cli/cli/blob/trunk/docs/install_linux.md
-
Authenticate with GitHub:
gh auth login
Follow the prompts to authenticate via browser or token.
Option 2: Personal Access Token
-
Generate a GitHub Personal Access Token (classic):
- Go to GitHub Settings → Developer settings → Personal access tokens → Tokens (classic)
- Click "Generate new token (classic)"
- Give it a descriptive name (e.g., "Claude Code Marketplace Access")
- Select the
reposcope (this grants access to private repositories) - Generate and copy the token
-
Configure Claude Code with your GitHub token:
export GITHUB_TOKEN=your_token_hereOr add it to your shell configuration file (~/.zshrc, ~/.bashrc, etc.) to persist across sessions:
echo 'export GITHUB_TOKEN=your_token_here' >> ~/.zshrc source ~/.zshrc
You can add this marketplace using either the short form or full URL:
# Short form (GitHub owner/repo)
/plugin marketplace add bitwarden/ai-plugins
# Full GitHub URL
/plugin marketplace add https://github.com/bitwarden/ai-pluginsNote: After adding the marketplace, you will need to restart Claude Code for the changes to take effect.
Tip: You can also use /plugin interactively to manage marketplaces and plugins through a guided interface.
Once the marketplace is added, you can install plugins using:
/plugin install plugin-name@bitwarden-marketplacePlugins are installed by default to ~/.claude/plugins/ on your local system.
Note: After installing a plugin, you will need to restart Claude Code for the plugin to become active.
To add a plugin to this marketplace:
- Create your plugin following the official Claude plugin structure
- Place the plugin in the
plugins/directory - Add an entry to
.claude-plugin/marketplace.jsonin thepluginsarray:
{
"name": "your-plugin-name",
"source": "./plugins/your-plugin-name",
"description": "Brief description of your plugin",
"version": "1.0.0",
"author": {
"name": "Your Name",
"email": "[email protected]"
},
"keywords": ["keyword1", "keyword2"],
"category": "utility"
}Each plugin should follow this structure:
plugins/your-plugin-name/
├── .claude-plugin/
│ └── plugin.json (required manifest)
├── commands/ (slash commands - optional)
├── agents/ (subagents - optional)
├── skills/ (Agent Skills - optional)
├── hooks/ (event handlers - optional)
└── .mcp.json (MCP servers - optional)
All plugins contributed to this marketplace must include:
- Comprehensive README documentation - Clear description of capabilities, usage, and examples
- Proper error handling and validation - Plugins should fail gracefully with helpful error messages
- Security best practices - No credential exposure, input validation on all untrusted data
- Test coverage - Unit tests for core functionality and integration tests for external dependencies
- Semantic versioning - Follow semver format for version numbers
- Claude Code compatibility - Ensure plugins work reliably with Claude Code and similar AI development tools
To maintain consistency and quality across all plugins:
- Use
.editorconfigsettings for consistent formatting - Validate spelling against
.cspell.jsonand add domain-specific terms as needed - Ensure all pre-commit hooks pass before submitting pull requests
- Provide clear, helpful error messages for users
- Follow existing patterns in the repository
This is a Bitwarden-maintained repository with high security standards. All plugins must adhere to:
- Never commit credentials or API keys - Use environment variables or secure configuration methods
- Review all external dependencies for vulnerabilities - Regularly audit and update dependencies
- Follow principle of least privilege - Request only necessary permissions and access
- Validate all inputs as untrusted - Never assume external input is safe
- Fail safely and degrade gracefully - Plugins should handle errors without compromising security
All plugin changes must include a version bump and changelog entry.
Follow Semantic Versioning for all version changes:
- MAJOR (X.0.0): Breaking changes or incompatible modifications
- MINOR (0.X.0): New features or backward-compatible additions
- PATCH (0.0.X): Bug fixes, documentation updates, or security patches
A helper script automates version updates across all required files:
./scripts/bump-plugin-version.sh <plugin-name> <new-version>Example:
./scripts/bump-plugin-version.sh bitwarden-code-review 1.3.4After running the version bump script, update the changelog:
- Edit
plugins/<plugin-name>/CHANGELOG.md - Follow Keep a Changelog format
- Add an entry under the appropriate category:
- Added: New features
- Changed: Changes in existing functionality
- Deprecated: Soon-to-be removed features
- Removed: Removed features
- Fixed: Bug fixes
- Security: Security improvements
When developing plugins, follow these best practices:
- Documentation First - Write comprehensive documentation before implementation
- Security by Default - Assume all inputs are untrusted and validate accordingly
- Fail Safely - Plugins should degrade gracefully on errors rather than crash
- Version Compatibility - Clearly document version requirements and compatibility
- Performance - Consider performance implications for large-scale operations
- User Experience - Provide clear error messages and helpful feedback
- Version Every Change - Always bump version and update changelog for any plugin modification
- All contributions require review from repository maintainers (see
.github/CODEOWNERS) - Automated checks validate code quality, security, and compliance
- Human reviewers provide feedback and approve merged changes
- Follow Bitwarden Contributing Guidelines for all submissions