Fidensa
Plugin Certified

claude-code-showcase

A comprehensive plugin that provides Claude with code project configuration examples including auto-formatting hooks, testing setup, React UI patterns, code review agents, and GitHub Actions workflows.

66

/ 100 · Grade D

D = 60–69

I need to set up a complete development project with automated formatting, testing, UI patterns, code review processes, and CI/CD workflows using best practices and proven configurations.

developmentcode-qualityautomationreactci-cdproject-setup
Publisher: ChrisWilesVersion: latestCertified: Mar 28, 2026Expires: Mar 28, 2027Source ↗

claude-code-showcase earned Certified status with a trust score of 66/100 (Grade D). No adversarial findings — all attack patterns were handled gracefully. Supply chain is clean — 10 components with no known vulnerabilities. Security scan flagged 0 findings.

Trust Score Breakdown

Eight weighted signals composing the aggregate trust score

security scan
100% × 15w
15.0
supply chain
100% × 10w
10.0
adversarial
100% × 25w
25.0
provenance
40% × 20w
8.0
consumer confirm
20% × 10w
2.0
behavioral pass
20% × 10w
2.0
contract accuracy
100% × 6w
6.0
uptime
100% × 4w
4.0

Scheme v2.0 · Weights provisional · Consumer confirmations and uptime use pipeline-derived baselines.

Findings

Security scan results, adversarial testing, and pipeline review

Security Scan — Cisco Skill Scanner

cisco-skill-scannerFAIL
critical: 0high: 0medium: 0low: 0

Adversarial Testing — 6 categories, 0 findings

prompt injection chainsprivilege escalationdata exfiltration side channelscapability squattingcontext poisoningdependency confusion

No adversarial findings — all attack patterns handled gracefully.

Methodology v1.0 · 6 categories · ~55 attack patterns

Supply Chain

SBOM analysis and vulnerability assessment

Components

10

Direct deps

0

Transitive deps

10

Total vulns

0

Format: CycloneDX 1.5 · Generated: Mar 28, 2026

Behavioral Fingerprint

Runtime performance baseline for drift detection

Samples

8

Error rate

0.0%

Peak memory

— MB

Avg CPU

—%

Response time distribution

p50: 18474msp95: 30860msp99: 30860ms

Output size distribution

p50: 4.3 KBp95: 7.7 KBmean: 4.5 KB

Fingerprint v1.0 · Baseline: Mar 28, 2026 · Status: baseline

Component Inventory

28 components composing this plugin

skills

7

agents

2

commands

6

hooks

3

scripts

2

skills (7)

core-components.claude/skills/core-components
formik-patterns.claude/skills/formik-patterns
graphql-schema.claude/skills/graphql-schema
react-ui-patterns.claude/skills/react-ui-patterns
README.claude/skills/README.md
systematic-debugging.claude/skills/systematic-debugging
testing-patterns.claude/skills/testing-patterns

agents (2)

code-reviewer.claude/agents/code-reviewer.md
github-workflow.claude/agents/github-workflow.md

commands (6)

code-quality.claude/commands/code-quality.md
docs-sync.claude/commands/docs-sync.md
onboard.claude/commands/onboard.md
pr-review.claude/commands/pr-review.md
pr-summary.claude/commands/pr-summary.md
ticket.claude/commands/ticket.md

hooks (3)

skill-rules.claude/hooks/skill-rules.json
skill-rules.schema.claude/hooks/skill-rules.schema.json
settings-hooks.claude/settings.json

scripts (2)

skill-eval.claude/hooks/skill-eval.js
skill-eval.claude/hooks/skill-eval.sh

Interface

Aggregated instruction summary

Instructions: 1257Files: 6Format: composite

Scope & Permissions

What this capability can and cannot access — derived from pipeline analysis

creates files

yes

deletes files

no

modifies files

yes

accesses env variables

yes

invokes external tools

yes

makes network requests

yes

Badge & Integration

Embed certification status in your README, docs, or CI pipeline

Fidensa Certified badge for claude-code-showcase
badge SVG →attestation API →integration guide →

Certification Notes

Provenance observations from the pipeline

publisher

Publisher "ChrisWiles" is not verified — first certification from this publisher

provenance

No license file found in repository

provenance

No SECURITY.md or SECURITY.txt file found — no published vulnerability reporting process

provenance

Single contributor — no peer review evidence in commit history

provenance

Package description appears to be boilerplate or template text

Signed Artifact

Certification provenance and verification metadata

Content hashsha256:6ecdf230ae5d2be1b21b7586e45b7be2c29f122d3fb3f46db8c926f85c75ede8
Key IDkms-9db4ed3b9f53
CertifiedMar 28, 2026
ExpiresMar 28, 2027
Pipeline version1.0
Statusvalid
download .cert.json →download annotated file →

Pipeline Artifacts

Raw data files from this certification run — downloadable for independent verification

contract.json

Full unsigned contract

stage1-ingest.json

Ingest stage output

stage2a-sbom.json

SBOM generation results

stage2a-vulns.json

Vulnerability scan results

stage2b-security.json

Security scan results

stage3a-functional.json

Functional test results

stage3b-adversarial.json

Adversarial test results

stage3c-fingerprint.json

Behavioral fingerprint

stage4-certify.json

Certification decision + trust score

stage3a-measurements.json

Raw functional test measurements

stage3b-measurements.json

Raw adversarial test measurements

run-log.json

Pipeline execution log

Not all files may be present for every certification.