Plugins
Bundled capability packs for the local shell — frontend, workflow, security, and their own skills.
Plugins are bundled capability packs installed into the local shell. Unlike a single skill, a plugin can ship several skills, tool bindings, and hooks together as a unit. LisaOS runs eleven enabled plugins.
The enabled set
| Plugin | Purpose |
|---|---|
| Frontend design | Production-grade frontend implementation |
| Issue tracker | Project-management integration |
| Workflow helpers | Code review, test-driven development, and plan-execution workflows |
| Repository host | Repository and pull-request access |
| Skill scaffolding | Bootstrapping new skills |
| Web scraping | Web scraping and search integration |
| Interactive playgrounds | Live HTML playgrounds |
| Design tool | Design read/write integration |
| Security guidance | Pre-tool warnings on dangerous patterns |
| Static analysis | Security scanning — static analysis, dependency, and secret detection |
| Messaging | (deprecated — read/send messaging) |
Plugin skills are catalogued separately
A plugin's own skills (design-taste helpers, frontend generators, output-formatting rules, and the like) are not counted in the custom-skill tally on the skills overview. They are catalogued as plugin-provided so the custom-skill count stays a clean measure of what the operator's team authored, distinct from what a plugin brought with it.
Security guidance runs at the tool boundary
Two of these plugins are load-bearing for safety rather than capability. The security-guidance plugin issues pre-tool warnings when a call matches a dangerous pattern, and the static-analysis plugin scans changes for vulnerabilities, risky dependencies, and secrets. Both sit at the boundary where the model is about to act, which is where a mistake is cheapest to catch. They complement — they do not replace — the security operations discipline and the clean-code pipeline.