# Hanko - Validate Claude Code plugin manifests before submission > Go CLI and GitHub Action that validates `.claude-plugin/plugin.json` and `.claude-plugin/marketplace.json` before you submit to the Anthropic marketplace, buildwithclaude, or cc-marketplace. Catches reserved names, duplicate hooks, the `agents`-as-bare-directory footgun, path traversal, and schema errors that the official validator reports opaquely. **Trust pledge:** Zero network calls in the binary. The install script is the only time bytes cross the network. - HTML page: https://roninforge.org/hanko - Source: https://github.com/RoninForge/hanko - License: MIT ## Why "Hanko" Hanko (判子) is the personal seal Japanese employees use to stamp official documents - the ritual act of approving a submission. The tool serves the same purpose for plugin manifests: stamp it with hanko before you submit. ## Install curl -fsSL https://roninforge.org/hanko/install.sh | sh Or via Homebrew: brew install roninforge/tap/hanko The release artifact is a single statically-linked Go binary, ~4 MB, zero runtime dependencies. Supports macOS arm64/amd64, Linux amd64/arm64, Windows amd64. ## Quick start # Validate the current directory (looks for .claude-plugin/plugin.json and/or marketplace.json). hanko validate # Validate against a specific marketplace's stricter rules. hanko validate --marketplace anthropic hanko validate --marketplace buildwithclaude hanko validate --marketplace cc-marketplace # JSON output for CI use. hanko validate --json ## What Hanko catches - All 8 reserved marketplace names plus the impersonation pattern. - Duplicate `hooks` and `hooks.json` declarations (a v2.1+ footgun introduced when both shapes became valid). - The `agents` field set to a bare directory string instead of an array of agent objects. - Path traversal in component paths. - Schema violations against the embedded JSON Schema (the upstream `hesreallyhim/claude-code-json-schema` is included and credited). - Per-marketplace stricter rules where applicable. Errors include the schema path, a fix suggestion, and a docs link. ## Per-marketplace rule layering Hanko knows about three marketplace targets and applies stricter rules per target: - `anthropic` - the official Anthropic marketplace - `buildwithclaude` - the buildwithclaude.com marketplace - `cc-marketplace` - the cc-marketplace.com marketplace ## GitHub Action - uses: RoninForge/hanko@v0 with: path: . The action runs Hanko on every PR and posts a sticky comment with the validation summary. The action listing is on the GitHub Actions Marketplace. ## What Hanko does NOT do - Does not submit your plugin. Hanko is a local validator. Submission is a separate step you do yourself. - Does not phone home. Zero network calls in the binary. - Does not modify your files. It only reads them and prints a report. ## Sibling tool Tsuba (https://roninforge.org/tsuba.md) scaffolds plugin directories that pass Hanko validation on the first run. `tsuba validate` shells out to Hanko.