AI Coding Tools Landscape
Supporting Capabilities

Community Extensions Market Map

Nascent
Emerging
Growth
Maturing
Mature

Community-built skills, subagents, plugins, and curated collections that extend AI coding agents beyond their out-of-box capabilities. The extension ecosystem is where practitioners share the workflows, prompts, and configurations that make agents effective on real projects.

Overview Recommendations Trends and Strategic Signals Tools Adoption and Traction New Entrants & Watch List

Overview

Category maturity: Emerging. Anthropic's Managed Agents launch, v2.1.101 plugin reliability fixes, and 12,102 indexed community plugins show strong developer pull, but the category explicitly lacks audit trails, compliance-grade logging, security review processes for contributed skills, and governance standards. Scale without governance is an Emerging signal, not a Growth signal — PE-CTOs should treat community extensions as sandbox-only until distribution and vetting consolidate.

Direction of travel: The center of gravity is shifting from individual skill curation to orchestration layers and governed deployment pipelines. The community is converging on Agent Teams as the production primitive, with collections like wshobson/agents (now 182 agents across 77 plugins) and oh-my-claudecode providing the scaffolding teams need to operationalize multi-agent workflows. Cross-vendor interoperability, established by codex-plugin-cc, will pull extension strategy toward runtime composition rather than single-platform lock-in.

Coalesced patterns: The SKILL.md format has achieved community-wide adoption as the standard interface for packaging reusable agent instructions. Plugin directories follow a consistent three-tier structure: skills (markdown instruction bundles in ~/.claude/skills/), MCP server plugins (Node.js or Python processes exposing tools via the Model Context Protocol), and slash commands (frontmatter-decorated markdown triggering specific workflows). The antigravity-awesome-skills versioned CHANGELOG format (semantic versioning with category-focused releases) has become the reference model for cross-tool skill collections. Distribution via the official Anthropic marketplace and plugin installation via /plugin install are the de facto standard delivery mechanism for team-deployable extensions.

Unsolved problems: Plugin discovery beyond starred GitHub collections remains friction-heavy. Quality signaling is inconsistent: a plugin with 500 stars and one with 15 use the same format and installation flow, with no objective signal distinguishing them for teams evaluating enterprise readiness. Versioning across ref-tracked plugins is improving (the v2.1.101 re-clone fix helps), but semantic compatibility guarantees between plugin versions and Claude Code CLI versions do not yet exist. Cross-tool skill compatibility (a skill targeting both Claude Code and Cursor) is claimed by several collections but not formally verified against a test harness.

Recommendations

  1. Enroll in the Claude Managed Agents public beta now to get ahead of the governance curve. The April 8 launch gives teams access to scoped permissions, identity management, and execution tracing at a predictable cost ($0.08/session-hour). PE-owned companies heading into an audit cycle or approaching SOC 2 renewal should treat this as the audit trail infrastructure for AI-assisted development, not just a convenience layer. The alternative is building agent execution logging in-house, which costs more than the session fee.

  2. Create a plugin governance policy before your team installs from community collections. The jeremylongshore/claude-code-plugins-plus-skills collection this week added security validation after reports of potential payload issues in penetration testing documentation. That incident pattern (useful skill, insufficiently reviewed content) will recur. A practical policy for a 50-200 person org: community plugins go through a designated reviewer before landing in shared team configuration, official Anthropic-managed plugins (the claude-plugins-official directory, now at 133 plugins with 16.8k stars) are approved by default, and any plugin that installs MCP server processes requires infrastructure team sign-off.

  3. Align your MCP server development roadmap with the 2026 spec priorities: transport scalability and enterprise auth. The MCP roadmap explicitly signals that Streamable HTTP with stateless session handling and horizontal scaling is the production-ready transport, and that enterprise auth (SSO, audit logs, MFA for high-risk operations) will arrive as extensions, not breaking core spec changes. Teams building internal MCP servers this quarter should design against Streamable HTTP and stub in auth extension points now, rather than refactoring later. Clare Liguori's addition as Core Maintainer (bringing AWS production agent runtime expertise) is a signal that these enterprise priorities will actually ship.

  1. Claude Managed Agents launched April 8 as public beta, signaling Anthropic's push to own the production agent infrastructure layer. The service adds cloud-hosted session management, scoped permissions, identity management, and execution tracing at $0.08 per session-hour on top of standard API token costs. Early enterprise adopters include Rakuten, Asana, and Atlassian, each reporting deployment timelines measured in days rather than months. For PE-owned SaaS teams, this is the path from experimental agent use to governed, auditable production deployment without rebuilding infrastructure from scratch. (Source: Claude Managed Agents blog, Managed Agents docs)

  2. The MCP governance structure expanded this week with two strategic appointments that signal enterprise readiness as the near-term priority. Clare Liguori (Senior Principal Engineer, AWS, specializing in production agent runtimes) joined as Core Maintainer on April 8, and Den Delimarsky advanced to Lead Maintainer. The 2026 roadmap explicitly prioritizes audit trails, SSO-integrated auth, gateway behavior, and configuration portability, expected primarily as extensions rather than core spec changes. Teams that build MCP integrations today should anticipate that enterprise auth and audit capabilities will land as additive extensions, not breaking changes. (Source: MCP maintainer update, MCP 2026 roadmap)

  3. OpenAI's codex-plugin-cc (published March 30) established the first major cross-vendor plugin, adding three Codex slash commands directly into Claude Code sessions. The plugin adds /codex:review, /codex:adversarial-review, and /codex:rescue commands that delegate to a local Codex CLI process with no context window contention. This is a structural signal: the plugin ecosystem is evolving toward cross-vendor orchestration, not just single-model extension. Teams should expect the extension layer, not the underlying model, to become the primary competitive differentiator. (Source: SmartScope blog, popularaitools.ai)

Tools

WAwshobson/agents

  • Maker: wshobson (community-maintained, actively triaged)
  • Strengths:
    • Scale and breadth: 77 plugins, 182 agents, 149 skills, 96 commands in a single installable collection, updated for the full current model family (Opus 4.6, Sonnet 4.6, Haiku 4.5)
    • Active governance: multiple PRs merged per week, PR process documented, specific plugin-level contributions (block-no-verify, HADS documentation standard) land quickly
    • PluginEval and Conductor plugins provide quality assurance and orchestration patterns that map directly to team-scale workflows
  • Limitations:
    • Scale creates discoverability friction; finding the right agent or skill within 182 options requires familiarity with the collection's structure
    • No formal quality tier distinguishing battle-tested agents from recent community contributions
    • Community maintenance means support response time varies by contributor
  • Enterprise readiness: Developing. Active maintenance cadence and explicit model-version alignment are strong signals; formal security review and versioning guarantees are absent.
  • Best for: Engineering teams that want a single-install baseline for Claude Code agent capabilities without curating individual plugins.
  • This week: April 8 merges added block-no-verify (prevents git hook bypass), documentation-standards plugin with HADS skill, and agent-teams proper tool naming fix (PR #462). Documentation updated to reflect current counts (77/182/149/96).

hesreallyhim/awesome-claude-code

  • Maker: hesreallyhim (community-maintained with automated CI)
  • Strengths:
    • Comprehensive categorization across skills, hooks, slash-commands, orchestrators, tooling, CLAUDE.md files, and alternative clients
    • Automated validation CI (run validate #1493 merged this week) provides a quality floor that most community collections lack
    • Serves as the canonical discovery layer for the Claude Code ecosystem; inclusion here functions as a quality signal in itself
  • Limitations:
    • Curation rather than installation: the list points to resources but does not provide a standardized installation mechanism
    • Automated ticker updates (the majority of this week's commits) create noise in the commit history that obscures substantive changes
    • No enterprise-tier designation separating production-ready tools from experimental entries
  • Enterprise readiness: Developing. Automated validation and broad community trust are assets; lack of installation standardization means teams must evaluate and integrate each entry independently.
  • Best for: Teams doing initial discovery of the Claude Code ecosystem or researching which categories of tooling exist before selecting specific implementations.
  • This week: Substantive human commits limited to CI validation. Recent additions from prior weeks (Harness meta-skill, claude-devtools observability desktop app, Panaversity Agent Teams exercises) represent the current state of fresh content.

ASAntigravity Awesome Skills (sickn33)

  • Maker: sickn33 (community-maintained, cross-tool focus)
  • Strengths:
    • 1,400+ skills across Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more, with active CHANGELOG following semantic versioning
    • Cross-tool compatibility is explicitly maintained; teams using hybrid environments (e.g., Cursor for inline edits, Claude Code for agentic tasks) can share a single skill library
    • Installer CLI and bundle structure reduce per-developer setup friction for team deployments
  • Limitations:
    • Cross-tool compatibility claims lack a formal test harness; teams should verify skill behavior in their specific toolchain combination before standardizing
    • Breadth creates category sprawl (WordPress SEO blogging, puzzle activity planning) that requires team-specific curation to avoid noise
    • Recent releases (v9.11-9.13) focus on niche use cases (Rayden UI, Monte Carlo data platform) with limited general applicability
  • Enterprise readiness: Developing. 30K+ stars (crossed April 3) and semantic versioned releases are maturity signals; security review process for contributed skills is not documented.
  • Best for: Multi-tool engineering environments that need skills portable across more than one AI coding agent.
  • This week: v9.13.0 (April 12) added WordPress tooling and VS Code extension guide; v9.12.0 (April 11) added Rayden UI component generation pair and skill-optimizer diagnostic tool; v9.11.0 (April 9) added cross-tool skill management guidance and Monte Carlo data platform integration.

jeremylongshore/claude-code-plugins-plus-skills

  • Maker: jeremylongshore (community-maintained)
  • Strengths:
    • Largest single collection: 415 plugins, 2,811 skills, 154 agents across 22 categories
    • CCPI package manager provides CLI-based installation and discovery that approaches professional package management UX
    • SaaS skill packs (111 packs for platforms like Deepgram, LangChain, Linear, Gamma) accelerate integration for B2B SaaS teams already using those platforms
  • Limitations:
    • Scale introduces quality variance; the recent security validation addition following penetration testing documentation concerns indicates the review process is reactive rather than proactive
    • Curated Weekly Picks help with discovery but do not provide objective quality signals across the full 2,811-skill catalog
    • CCPI package manager is a community tool with no formal support or compatibility guarantees against Claude Code CLI version updates
  • Enterprise readiness: Early. Scale and CCPI tooling are strong signals; documented security incident and reactive review process require teams to apply their own security review layer before production deployment.
  • Best for: Teams that want breadth across SaaS integrations and are willing to invest in curation and security review before standardizing on specific skills.
  • This week: Security validation strengthened following penetration testing documentation concerns; external skill syncing from community repositories added; 25 product strategy and UX design skills integrated.

oh-my-claudecode logooh-my-claudecode

  • Maker: Yeachan-Heo (community-maintained)
  • Strengths:
    • Smart model routing between Haiku, Sonnet, and Opus 4.6 based on task complexity, directly addressing cost management for team-scale deployments
    • Five execution modes (Autopilot, Ultrapilot, Ralph, Swarm, Pipeline) map to distinct team workflow patterns, from fully autonomous to sequential pipeline
    • Mandatory architectural verification, security reviewers, and QA agents built into the framework rather than left to individual developers
  • Limitations:
    • Very recently emerged (858 stars in 24 hours this week); production track record at team scale is unverified
    • Depends on Claude Code's experimental Agent Teams feature, which requires CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS in settings.json and is not yet GA
    • Framework complexity (32 specialized agents, 40+ skills) introduces its own coordination overhead that smaller teams may not need
    • Single-maintainer project with no vendor backing: long-term viability depends on one author's continued involvement
    • No audit trail or compliance-grade logging: agent decisions and actions are not recorded in a format suitable for technical due diligence review
  • Enterprise readiness: Early. Architecture and design decisions (mandatory verification, security agents, cost routing) are enterprise-aligned, but maturity is days-old. No audit trail or vendor continuity assurance. Treat as a structured pilot candidate, not a production standard.
  • Best for: Teams of 5-20 engineers ready to move beyond single-agent Claude Code use and pilot true multi-agent development workflows before Agent Teams reaches GA.
  • This week: Emerged as the week's fastest-growing Claude Code tool; trending #1 on GitHub in the AI coding category.

ECEverything Claude Code (affaan-m)

  • Maker: affaan-m (community-maintained, hackathon-origin)
  • Strengths:
    • Production-oriented from origin (Anthropic hackathon winner); v1.10.0 includes a dashboard GUI with dark/light theme for configuration management
    • 36+ specialized subagents covering language-specific review (TypeScript, Python, Java, Kotlin, Go, C++, Rust) and domain expertise (ClickHouse, Django, Laravel, Spring Boot, PostgreSQL) map well to B2B SaaS backend team needs
    • Multiple installation paths (plugin marketplace, direct OSS installer with shell scripts/PowerShell, language-selective install) reduce deployment friction
  • Limitations:
    • ECC 2.0 control-plane rewrite in Rust (alpha in v1.10.0) introduces stability uncertainty during the transition period
    • Operator workflow expansion (billing ops, workspace audits) adds scope that goes beyond coding assistance, potentially blurring governance boundaries
    • Media tooling addition in v1.10.0 is out-of-scope for most engineering teams and signals scope expansion that could complicate focused adoption
  • Enterprise readiness: Developing. Token optimization and memory persistence are production-aligned; Rust control-plane alpha and scope expansion require careful version pinning for stable team deployments.
  • Best for: B2B SaaS engineering teams running polyglot backends (particularly Java, Go, Kotlin, or Python stacks) that need language-specialist agent coverage without building it in-house.
  • This week: v1.10.0 released with dashboard GUI, operator workflow expansion, ECC 2.0 alpha in Rust, and media tooling additions.

Adoption and Traction

  • wshobson/agents: quemsah/awesome-claude-plugins adoption index ranks this the second-most-adopted plugin collection across 12,102 indexed repositories, behind only the official Anthropic directory. (Source: quemsah/awesome-claude-plugins)

  • antigravity-awesome-skills: Crossed 30,000 GitHub stars on April 3, 2026. Indexed as the third-most-adopted plugin collection in the quemsah tracking project with 37 plugins referenced across repositories. (Source: sickn33/antigravity-awesome-skills)

  • oh-my-claudecode: 858 new stars in the 24 hours following this week's community coverage; 28,200+ ratings on the product page as of April 13. Trending #1 in AI coding category on GitHub. (Source: ohmyclaudecode.com)

  • claude-plugins-official (Anthropic): 16,800+ stars, 2,000+ forks, 241 commits. Leads the quemsah adoption index with 133 plugins referenced across tracked repositories. (Source: anthropics/claude-plugins-official)

  • Claude Code CLI: Pushed 30+ releases in five weeks (v2.1.69 to v2.1.104), reflecting the highest iteration velocity in the tool's history. (Source: help.apiyi.com Claude Code changelog)

  • Claude Managed Agents: Three named enterprise customers (Rakuten, Asana, Atlassian) cited in the April 8 launch announcement, each with production workloads deployed within a week of onboarding. (Source: Claude Managed Agents)

New Entrants & Watch List

oh-my-claudecode (Yeachan-Heo): The week's standout new entrant. A zero-config multi-agent orchestration layer with smart cost routing, 32 agents, and five execution modes. Relevant for growth-stage B2B SaaS teams preparing for Agent Teams GA. Installable from the Claude plugin marketplace. Watch for production case studies in the next 2-4 weeks that will clarify whether the 30-50% token savings claim holds at team scale.

codex-plugin-cc (OpenAI): Published March 30, now circulating widely in community discussions. Adds three Codex slash commands to Claude Code via a local Codex CLI subprocess. The watch list item is not the plugin itself but the ecosystem pattern it establishes: if cross-vendor plugins become common, the extension strategy for growth-stage teams shifts from "which AI coding tool" to "which orchestration layer ties the tools together." Teams should evaluate this plugin as an early signal, not a production tool.

quemsah/awesome-claude-plugins: An n8n-based workflow that tracks plugin adoption metrics across 12,102 GitHub repositories. Not a plugin collection itself, but the first community-built adoption intelligence layer for the Claude Code ecosystem. As it matures, it will provide the quality signal that currently requires manual curation. Worth bookmarking as a due-diligence resource before standardizing on any community plugin.

MCP 2.4 enterprise auth extensions (modelcontextprotocol): Not yet shipped, but the roadmap explicitly scopes MFA for high-risk operations and real-time audit logs as near-term deliverables. Teams building internal MCP servers for production use should design auth extension points into their architecture now. The maintainer expansion (Clare Liguori from AWS) increases confidence that these will ship on the stated timeline.

← Previous Spec-Driven Development Supporting Capabilities Next → AI Memory Supporting Capabilities