Prelude

The first Claude Code plugin we installed was a simple SQL helper that let Claude understand a database schema and write queries with awareness of actual tables and relationships. Nothing revolutionary. But the difference between Claude guessing at a schema and Claude knowing the schema was enormous. Queries that used to need two or three rounds of correction worked on the first attempt.

That experience sent us down a rabbit hole. We started exploring every plugin category, testing dozens of tools, discarding most of them, and keeping the ones that genuinely changed how we work. Over the past twelve months we have tried well over a hundred plugins across development, testing, deployment, productivity, database tooling, and security.

This guide is the result of that exploration. It is not an exhaustive catalogue. It is a curated selection of the best Claude Code plugins and plugin categories that we believe deliver the most value for working developers in 2026. We will explain how to evaluate plugins, walk through each category with specific recommendations, and share practical advice on building a plugin stack that works for your workflow.

If you are new to the plugin ecosystem, this is your starting map. If you have been using plugins for a while, you may find some categories or tools here that you have not considered.

The Problem

Claude Code is remarkably capable out of the box. It reads files, writes code, runs commands, and reasons about complex problems. But it operates with general knowledge. It does not know your specific database schema, your deployment pipeline, your testing conventions, or your team's preferred libraries.

Plugins bridge that gap. They give Claude Code domain-specific capabilities and context that turn it from a general-purpose assistant into a specialist that understands your particular environment.

The problem is that the plugin ecosystem has grown rapidly. The official directory lists dozens of plugins across internal and external categories. Third-party marketplaces add many more. Community forums overflow with recommendations, complaints, and comparisons. Finding the right plugins means sifting through a lot of noise.

There is also a legitimate security concern. Every plugin you install gets access to your Claude Code environment. Some plugins request permissions they do not need. Some are abandoned by their maintainers. Some are well-intentioned but poorly implemented. Installing plugins without evaluation is a risk that most developers take without thinking about it.

We wanted to solve both problems at once. Find the best plugins, and develop a reliable method for evaluating them.

The Journey

Prerequisites

Before installing any plugins, confirm that you are running Claude Code version 1.0.33 or later. Run claude --version to check. The plugin system is built into Claude Code, so no additional setup is required beyond having a working installation.

The official Anthropic marketplace (claude-plugins-official) is automatically available when you start Claude Code. You can browse it by running /plugin and selecting the Discover tab.

How to Evaluate and Secure Plugins

Before diving into categories, here are the criteria we use when evaluating any Claude Code plugin. This framework covers both quality and security, and it has saved us from installing tools that look impressive in their README but fall apart in practice.

Maintenance frequency. Check the commit history on the plugin's repository. A plugin that has not been updated in six months is a warning sign. Claude Code's APIs evolve, and plugins that do not keep up will break. Look for at least quarterly updates, with responsive issue handling.

Permission scope. Every plugin declares what permissions it needs. A SQL helper that requests file system write access raises questions. A code formatter that wants network access is suspicious. Read the permission manifest and ask whether each permission is justified by the plugin's stated purpose.

Documentation quality. If the README does not explain installation, configuration, and basic usage clearly, move on. Good documentation signals that the maintainer cares about the user experience, not just the implementation.

Community adoption. Download counts and star counts are imperfect signals, but a plugin with thousands of active users has been tested in environments you might not have considered. Edge cases get reported and fixed. Compatibility issues surface quickly.

Performance impact. Some plugins add noticeable latency to every Claude Code interaction. Benchmark your common workflows before and after installing a plugin. If performance degrades noticeably, the benefit needs to be substantial to justify the cost.

Source code review. For any plugin that handles sensitive data or requests elevated permissions, read the source code. This is not optional. A plugin that sends your code to an external API without disclosing it in its documentation should not be used, regardless of its features. Look specifically for external network calls, data collection, and credential handling. Check for data exfiltration: some plugins send usage data or telemetry to external services. This may be acceptable for anonymous usage statistics, but it is not acceptable for code snippets, file paths, or project names.

One practical step we recommend: test any new plugin in a throwaway repository before adding it to a production project. This lets you observe its behaviour, check its network activity, and evaluate its output quality without risking your actual codebase.

Best Claude Code Plugins for Development

This category covers plugins that enhance Claude Code's ability to write, understand, and navigate code. These are the plugins we consider essential for daily development work.

Code intelligence plugins (LSP). The official marketplace includes language server plugins for TypeScript, Python, Rust, Go, Swift, PHP, Java, Kotlin, Lua, C/C++, and C#. These are among the highest-value plugins available. They give Claude real-time diagnostics: after every file edit, the language server analyses changes and reports type errors, missing imports, and syntax issues. Claude sees these errors and fixes them in the same turn. To install, for example, the TypeScript language server plugin:

/plugin install typescript-lsp@claude-plugins-official

You will need the corresponding language server binary on your system. For TypeScript, that means typescript-language-server. For Rust, install rust-analyzer. For Python, install pyright-langserver. The /plugin Errors tab will tell you if a binary is missing.

frontend-design. This official plugin generates distinctive, production-grade frontend interfaces rather than generic AI-generated output. Claude automatically uses it for frontend work, choosing a clear aesthetic direction with custom typography, colour palettes, and high-impact animations. Install it with:

/plugin install frontend-design@claude-plugins-official

feature-dev. This official plugin provides a systematic 7-phase workflow for building new features: discovery, codebase exploration, clarifying questions, architecture design, implementation, quality review, and documentation summary. It uses specialised sub-agents (code-explorer, code-architect, code-reviewer) working in parallel. It is best suited for features that touch multiple files or require architectural decisions. Install and invoke it with:

/plugin install feature-dev@claude-plugins-official
/feature-dev:feature-dev Add user authentication with OAuth

Framework-aware helpers. Beyond the official plugins, the ecosystem includes community plugins that provide Claude with knowledge of specific frameworks: React hooks rules, Rails ActiveRecord patterns, Django ORM queries, and similar. These work by injecting framework documentation into Claude's context so it writes idiomatic code rather than generic code that compiles but ignores conventions.

Testing and Quality

Plugins in this category help Claude write better tests, analyse coverage, and identify quality issues.

pr-review-toolkit. This official plugin bundles six specialised review agents: comment-analyzer (reviews documentation quality), pr-test-analyzer (identifies test coverage gaps), silent-failure-hunter (catches inadequate error handling), type-design-analyzer (evaluates type system usage), code-reviewer (checks for bugs and style violations), and code-simplifier (suggests complexity reductions). Each agent provides confidence scoring to filter out noise. Install it with:

/plugin install pr-review-toolkit@claude-plugins-official

code-review. A separate official plugin that launches four parallel agents to independently audit a pull request. It checks CLAUDE.md compliance, scans for bugs, and analyses git blame history for context-based issues. Issues below an 80-confidence threshold are filtered out. Install it with:

/plugin install code-review@claude-plugins-official

Test generators and coverage analysers. Community plugins in this space analyse your source code and generate test files following your project's existing patterns. The best ones examine function signatures, identify edge cases, and produce tests that run without modification against your specific framework (Jest, pytest, RSpec, Cargo test). Coverage analyser plugins integrate coverage data so Claude targets specific uncovered paths rather than guessing.

Mutation testing helpers. These plugins run mutation testing tools and feed the results to Claude, which then writes tests that catch surviving mutants. The combination of automated mutation testing and AI-generated targeted tests finds gaps that traditional coverage metrics miss.

DevOps and Deployment

This category covers plugins that extend Claude Code into infrastructure and deployment workflows.

Docker and Kubernetes helpers. Community plugins give Claude awareness of your Docker setup, enabling it to read Dockerfiles, understand docker-compose configurations, and debug failing containers by reading logs in context. Kubernetes plugins provide cluster awareness, reading kubectl output and helping debug deployment issues. These are most valuable for writing and modifying manifests where Claude's general knowledge often produces valid YAML that does not match your cluster's specific configuration.

Infrastructure as Code assistants. Whether you use Terraform, Pulumi, CloudFormation, or another IaC tool, plugins in this category help Claude understand your existing infrastructure definitions and write changes consistent with your patterns. They validate configurations against provider schemas and catch common mistakes.

CI/CD pipeline tools. These plugins help Claude write and debug pipeline configurations for GitHub Actions, GitLab CI, CircleCI, and other platforms. They diagnose failed pipelines by reading logs and suggesting fixes.

Productivity and Workflow

Productivity plugins change how efficiently Claude works rather than what it can do.

commit-commands. This official plugin adds three commands: /commit-commands:commit (stages changes, generates a style-matched commit message, and commits), /commit-commands:commit-push-pr (commits, pushes, and creates a pull request in one step), and /commit-commands:clean_gone (removes local branches deleted from the remote). Install it with:

/plugin install commit-commands@claude-plugins-official

hookify. This official plugin lets you create custom hooks that prevent unwanted behaviours using simple markdown configuration files with YAML frontmatter. Instead of editing complex hooks.json files manually, you describe what you want to prevent and it generates the rule. For example:

/plugin install hookify@claude-plugins-official
/hookify Warn me when I use rm -rf commands

It supports regex pattern matching, hot-loading of rules, and multiple event types (bash commands, file edits, prompts).

External integrations. The official marketplace includes plugins for GitHub, GitLab, Linear, Asana, Slack, Stripe, Supabase, and Firebase. These bundle pre-configured MCP servers so you can connect Claude to external services without manual setup. For example, to give Claude access to your GitHub repositories and issues:

/plugin install github@claude-plugins-official

Context managers. Community plugins help manage Claude's context window more efficiently by selectively loading relevant files, compressing large files into summaries, and maintaining working memory of earlier decisions. For large codebases where context limits are a real constraint, these make a noticeable difference.

Data and Database

Database plugins are among the highest-value plugins available. They expand Claude's ability to work with data.

supabase and firebase. These official external plugins give Claude direct awareness of your Supabase or Firebase backend, including database schemas, authentication, and API surfaces. Install them from the official marketplace:

/plugin install supabase@claude-plugins-official
/plugin install firebase@claude-plugins-official

Schema-aware SQL helpers. Community plugins in this category read your database schema and provide it to Claude as context. When you ask Claude to write a query, it knows your exact table names, column types, relationships, and indexes. This eliminates the most common category of SQL errors: referencing columns that do not exist, using incorrect join conditions, and missing foreign key relationships.

Migration generators. These plugins help Claude write database migrations that are safe and reversible. They understand your migration framework (Alembic, ActiveRecord migrations, Diesel, Flyway) and generate migrations that follow your existing patterns. They can also analyse proposed migrations for common issues like missing indexes on foreign keys and irreversible operations.

Query optimisers. These plugins analyse SQL queries and suggest optimisations. They can read EXPLAIN output, identify missing indexes, and rewrite queries for better performance. Combined with Claude's code analysis capabilities, they can find N+1 query patterns and suggest eager loading or query batching solutions.

Security

security-guidance. This official plugin uses hooks to provide security guidance during development. It activates automatically based on the code you are writing, catching common vulnerability patterns. Install it with:

/plugin install security-guidance@claude-plugins-official

Dependency auditors. Community plugins check your project's dependencies against vulnerability databases. They identify outdated packages with known CVEs, suggest safe upgrade paths, and evaluate whether a vulnerability actually affects your usage of the library.

Secrets detectors. These plugins scan Claude's outputs and your codebase for accidentally committed secrets. API keys, database passwords, private keys, and tokens are caught before they reach a commit. Given that Claude sometimes generates example code with placeholder values that look like real secrets, these provide an important safety net.

How to Install and Configure Plugins

Installing a Claude Code plugin follows a consistent pattern. From within Claude Code, run:

/plugin install <plugin-name>@<marketplace-name>

For the official Anthropic marketplace, the marketplace name is claude-plugins-official. You can also browse available plugins interactively by running /plugin and navigating to the Discover tab.

Plugins can be installed at three scopes:

  • User scope (default): available across all your projects.
  • Project scope: shared with all collaborators via .claude/settings.json.
  • Local scope: available only to you in a specific repository.

To choose a scope during installation, use the interactive /plugin UI or pass the --scope flag:

/plugin install commit-commands@claude-plugins-official --scope project

For project-level plugin configuration, your .claude/settings.json might look like this:

{
  "enabledPlugins": [
    "typescript-lsp@claude-plugins-official",
    "commit-commands@claude-plugins-official",
    "pr-review-toolkit@claude-plugins-official"
  ]
}

After installing or disabling plugins during a session, run /reload-plugins to apply changes without restarting. LSP server changes require a full restart.

If an installation fails, check the /plugin Errors tab for details. Common issues include missing language server binaries (for LSP plugins) and inaccessible marketplace URLs. If a plugin conflicts with another (two linting plugins producing contradictory suggestions, for example), disable one via /plugin disable plugin-name@marketplace-name.

For organisation-wide plugin management, Claude Code supports managed settings that restrict which plugins team members can install. If you are publishing your own plugins, the Publish a Plugin to the Claude Marketplace guide covers the full process from development to distribution.

Understanding the differences between plugins, MCP servers, and skills is essential when building your tool stack. The Plugins vs MCP Servers vs Skills guide explains when to use each approach and how they complement one another.

Building Your Plugin Stack

Not every plugin is useful for every developer. The right stack depends on your language, framework, team size, and workflow preferences.

Start minimal. Install one or two plugins that address your biggest pain point. Use them for a week before adding more. Each plugin adds complexity and cognitive overhead. A stack of twenty plugins where you actively use three is worse than a stack of five where you use all of them.

Match plugins to pain points. If your biggest time sink is chasing type errors, start with an LSP plugin for your language. If code review is a bottleneck, install pr-review-toolkit or code-review. If deployment issues slow you down, start with a Docker or Kubernetes plugin. Let your actual workflow problems guide your choices.

Document your stack. Keep a list of your installed plugins, why you chose each one, and any non-obvious configuration. When new team members join, this list saves them from the same evaluation process you went through.

Review quarterly. Every three months, review your plugin stack. Remove plugins you have stopped using. Check for newer alternatives to plugins that have stagnated. Update everything. Run /plugin marketplace update to refresh your marketplace listings.

Enterprise Considerations

If you are deploying Claude Code across an organisation, plugin management becomes a governance question.

Approved plugin lists. Most enterprise deployments maintain a list of approved plugins. Security reviews each plugin before it is approved. Developers can only install plugins from the approved list. This is a reasonable compromise between flexibility and control.

Managed settings. Claude Code's managed settings feature lets administrators restrict plugin installation, configure approved plugins centrally, and enforce consistent configuration across the organisation. This prevents individual developers from installing unapproved plugins that could introduce security risks.

Team marketplaces. Organisations can configure project-level marketplaces in .claude/settings.json using extraKnownMarketplaces. When team members trust the repository folder, Claude Code prompts them to install the configured marketplace and plugins. This is the recommended approach for standardising plugins across a team.

Licence compliance. Enterprise legal teams often care about the licences of tools integrated into the development workflow. Most plugins are open source, but their licences vary. MIT and Apache 2.0 are generally safe for enterprise use. GPL and AGPL may trigger obligations that your legal team needs to evaluate.

The systemprompt.io Marketplace

The systemprompt.io marketplace provides a curated directory of plugins with reviews, ratings, and compatibility information that the raw GitHub ecosystem lacks.

The most valuable aspect of the marketplace is the curation. Not every plugin gets listed. The ones that do have been reviewed for quality, security, and maintenance commitment. This reduces the evaluation burden compared to searching GitHub repositories directly.

If you have built a plugin that you think others would benefit from, the Publish a Plugin to the Claude Marketplace guide walks through the entire process. The marketplace welcomes contributions from individual developers and organisations alike.

The Lesson

After a year of intensive plugin evaluation and usage, three lessons stand out.

First, fewer plugins, well-configured, beat many plugins loosely installed. Every plugin worth keeping in a stack earns its place through regular use. The plugins worth removing are the ones that sound useful in theory but get reached for less than once a week.

Second, security evaluation is non-negotiable. We have found plugins that request excessive permissions and plugins that are abandoned with known vulnerabilities. The six-criterion evaluation framework described above is not paranoia. It is professional diligence. Treat plugin installation with the same seriousness you would treat adding a new dependency to your production code.

Third, the plugin ecosystem is maturing rapidly. The official Anthropic marketplace now covers LSP support for eleven languages, external integrations for major platforms (GitHub, Slack, Linear, Supabase, Firebase, Stripe), and development workflow tools (feature-dev, commit-commands, pr-review-toolkit). The pace of improvement suggests that plugins dismissed six months ago may be worth re-evaluating now.

Conclusion

The Claude Code plugin ecosystem in 2026 is rich, diverse, and occasionally overwhelming. The plugins that deliver the most value are the ones that give Claude specific knowledge about your environment: your database schema, your testing framework, your deployment pipeline, your coding standards.

Start with one plugin that addresses your biggest frustration. Evaluate it using the six criteria described above. Configure it for your specific project. Use it for a week and decide whether it earns a permanent place in your workflow. Then repeat.

The goal is not to install every plugin available. The goal is to build a focused stack of tools that makes Claude Code dramatically more effective at the specific work you do every day. Quality over quantity. Evaluated over assumed. Configured over default.

Your plugin stack is personal. It reflects your language, your framework, your team, and your priorities. The categories and recommendations in this guide are a starting point. The best stack is the one you build through your own experience and evaluation.