Claude Code Plugin
Analyze.
Validate.
Optimize.
Slash commands that audit your Claude Code configuration and fix issues — in one interactive workflow.
MIT Licensed · v2.5.0 · Works on all platforms
Everything you need to ship a solid Claude Code setup
Two commands. Seven evaluation pillars. One workflow.
Deep Analysis
7-pillar evaluation covering security, instructions, context efficiency, commands, hooks, and MCP. Every finding includes file paths and specific line numbers.
Interactive Triage
Not just a report dump. Walk through findings by effort level — Quick Wins, Recommended, or Advanced — and decide what to fix, skip, or customize.
Guided Fixes
Agent Smith builds an execution plan from your decisions. Review once, confirm, and all accepted changes are applied. No manual file editing.
Score History
Every analysis saves your score. See trend indicators, detect regressions, and track improvement over time per-project.
Create Configs
Bootstrap a new Claude Code setup with /create-agent. Generates CLAUDE.md, .claudeignore, settings.json with deny rules, and starter commands.
No Overclaims
We tell you exactly what we can and can't measure. No inflated scores, no unmeasurable metrics. Every report includes a limitations section.
Up and running in 60 seconds
Install the plugin
claude plugin install agent-smith One-time setup. Works on all platforms.
Run the analysis
/analyze-agent In any project with a Claude Code configuration.
Review your scores
AGENT_SMITH_REPORT.md 7 pillars scored individually. Full report saved automatically.
Triage and fix
Quick Wins → Apply Walk through findings. Accept, skip, or customize. Apply all at once.
Measured across 7 pillars
Each weighted by real-world impact on your Claude Code experience.
Security Posture
Sensitive file protection, deny rules, dangerous patterns
Instruction Clarity
CLAUDE.md quality, structure, contradictions, stale references
Configuration Quality
settings.json structure, allow/deny rules, wiring integrity
Context Efficiency
.claudeignore coverage, duplication, embedded vs referenced content
Command & Extension Design
Commands, agents, skills: quality, naming, frontmatter
Hook Safety
hooks.json validity, dangerous commands, pre/post action scripts
MCP Integration
MCP server configuration, count, permissions
Real issues. Real file paths.
- Missing .claudeignore patterns
- Unprotected sensitive files (.env, *.pem, *.key)
- Dangerous Bash(*) allow rules
- Unsafe hook commands (rm -rf, sudo)
- Hardcoded personal paths (/Users/name/)
- --no-verify git safety bypasses
- Unscoped agents (missing model/tools)
- Stale cross-file references
- Duplicated content across files
## Findings
### Critical
- Hardcoded personal paths in settings.local.json
Lines 22, 35: /Users/mam/... breaks portability
- Stale allow rule references install.sh
Line 18: install scripts deleted in v2.0
### Important
- Missing deny rules for *.p12, *.pfx, credentials*
- Overly broad allow: Bash(curl:*) enables exfiltration
### Suggestions
- Add binary patterns to .claudeignore: *.zip, *.tar.gz
- Update command reference in AGENT_SMITH.md line 396
We measure what you control
No inflated claims. No unmeasurable metrics. Just honest analysis.
Can Measure
- Your instruction files (CLAUDE.md, rules, agents)
- Your commands, skills, and extensions
- Your .claudeignore coverage
- Your deny/allow rules and hooks
- Your MCP server configuration
- Cross-file wiring integrity
- Score trends over time
Cannot Measure
- Claude Code's internal system prompt
- Built-in tool schemas
- Model routing decisions
- Runtime context usage
- Conversation history
"Every Agent Smith report includes a Limitations section. We believe developers deserve to know exactly what they're getting."
Get started in three commands
Works on macOS, Linux, and Windows