Claude skill tweaks#47
Conversation
| - `defaultValue` — pre-populated value | ||
| - `validation` — e.g. `{ "required": true }` | ||
| - `allowEncryption: true` — marks the field as a secret (encrypted at rest); use on any token, password, or key field | ||
| - `allowEncryption: true` — legacy way to mark a `text` field as a secret; **prefer `type: "password"` instead** for any token, password, or key field |
There was a problem hiding this comment.
would be tempted to remove entirely, not sure I've ever seen this used or see a valid use case
There was a problem hiding this comment.
Are fields of type password encrypted automatically?
There was a problem hiding this comment.
yes, they are automatically encrypted, rather than the user having to choose if they are or not
on further search, the only field that supports allowEncryption is the key-value field, i.e. the only one which shows the user UI to toggle encryption.
So i think it should be removed
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
There was a problem hiding this comment.
LGTM — small documentation fixes to the build-plugin skill (prefer field type and corrected property name).
Extended reasoning...
Overview
This PR makes two targeted edits to .claude/skills/build-plugin/SKILL.md: (1) reframes the allowEncryption bullet/example as legacy, steering Claude toward the password field type for secrets, and (2) corrects the documented property name from importFrequencyMinutes to frequencyMinutes in the indexDefinitions section. No plugin code or schemas are touched.
Security risks
None. This is internal documentation guiding Claude when authoring plugins; if anything, it improves security posture by nudging contributors toward the dedicated password field type instead of the legacy text + allowEncryption pattern.
Level of scrutiny
Low. The repo's versioning rule only applies inside plugin directories, and this PR doesn't modify any plugin. The changes are localised, mechanical, and self-evidently correct on a quick read.
Other factors
The bug-hunting system flagged a pre-existing duplicate help bullet in the same list. It pre-dates this PR and isn't a blocker — leaving it as an inline nit is appropriate.
This is the only field that actually supports this property currently, the other fields have no UI to support encrypting values
The skill previously used a placeholder @yourhandle in the metadata.json template without prompting Claude to collect this from the user, meaning plugins could be created with an unresolved placeholder. An explicit AskUserQuestion instruction now ensures the author name is always gathered at the point it is needed. The author type silently defaults to "community" to keep the interaction minimal.
The build-plugin skill mentioned that the documentation link in metadata.json should point to docs/README.md, but never explicitly instructed Claude to create the file. This made it easy to skip. The fix adds docs/README.md to the Phase 3 checklist entry, the folder structure diagram, and a new section explaining what the file should contain (prerequisites, config field descriptions, object types, known limitations). The section also explains why it matters — the file is surfaced directly in-product when users add the plugin, so it needs to work as a self-contained setup guide without relying on external links.
Was using incorrect property name
Otherwise Claude can name each perspective the same i.e. Overview, which show next to each other in the UI
|
|
||
| --- | ||
|
|
||
| ## Required user inputs (always ask) |
There was a problem hiding this comment.
So this works, but if you use auto mode in Claude it still bypasses this, may remove
Similar to other AskUserQuestions, does use roughly my handle
| > ⚠️ When using a data stream as the autocomplete source, the backing stream must return rows with `label` (string) and `value` columns, and those columns must have `"role": "label"` and `"role": "value"` declared in the stream's metadata — otherwise the dropdown won't populate correctly. | ||
|
|
||
| **`key-value`** — list of key/value pairs (useful for custom headers, tags): | ||
| **`key-value`** — list of key/value pairs (useful for custom headers, tags). Set `allowEncryption: true` to let users mark individual values as encrypted — use this when the field may contain sensitive data such as secret environment variables: |
There was a problem hiding this comment.
Not supported for data streams - only plugin-level ui.json. Could clarify or remove this?
Co-authored-by: Dave Clarke <02DClarke@gmail.com>
🧩 Plugin PR Summaryℹ️ No plugins were modified in this PR. |
2 participants
📋 Summary
Tweaks to the
build-pluginClaude skill and repo config:Config fields & correctness
importFrequencyMinutes→frequencyMinutes(correct property name)idproperty for built-in datastream (was using incorrect property name)--suffixhint from skill — can cause Claude to create new plugins instead of updating the existing oneCredential handling
passwordfield type over plain text withallowEncryptionallowEncryptiontip into key-value field section — it's the only field that actually supports this property (other fields have no UI for encrypting values)Scaffolding improvements
docs/README.mdwhen scaffolding a new pluginmetadata.jsonDashboard authoring
Skill housekeeping
helpproperty in skill forui.json.editorconfigto preserve indentation consistent with the product repo🔍 Scope of change
📚 Checklist