Claude Code Atlas Claude Code Learning

Studio Notebook

Claude Code Atlas

Extensions: Skills, Plugins, And MCP

Understand how Claude Code becomes extensible through skills, plugins, and MCP connections.

Why this matters

Claude Code is extensible by design. One simple rule applies: extensions are how new capabilities enter the system without changing the whole app. Skills, built-in plugins, and MCP servers are the three ways that happens.

Tools are what the model calls. Commands are what the user types. Extensions are how new capabilities enter the system.

One growth surface, three extension paths

The quick model is simple: a local skill, a built-in plugin, or an MCP server lands on the command surface or the tool surface. That is the thing to keep in mind as you read the deeper pages.

How extensions enter Claude Code

local skill / built-in plugin / MCP server -> command or tool surface

  1. A local skill starts from markdown and frontmatter.
  2. A built-in plugin ships with the CLI as a capability bundle.
  3. An MCP server connects an external system to Claude Code tools and resources.

File-based skills extend the system from markdown and frontmatter

Skills begin as files. The loader reads metadata, classifies where the skill came from, and turns that source into a runtime path.

export type LoadedFrom =
  | 'commands_DEPRECATED'
  | 'skills'
  | 'plugin'
  | 'managed'
  | 'bundled'
  | 'mcp'

/**
 * Returns a claude config directory path for a given source.
 */
export function getSkillsPath(
  source: SettingSource | 'plugin',
  dir: 'skills' | 'commands',
): string {
  switch (source) {
    case 'policySettings':
      return join(getManagedFilePath(), '.claude', dir)
    case 'userSettings':
      return join(getClaudeConfigHomeDir(), dir)
    case 'projectSettings':
      return `.claude/${dir}`
    case 'plugin':
      return 'plugin'
    default:
      return ''
  }
}

Built-in plugins group capabilities that ship with the CLI

Built-in plugins are not loose files on disk. They are registered at startup, looked up by name, and then exposed as enabled or disabled plugin records.

/**
 * Register a built-in plugin. Call this from initBuiltinPlugins() at startup.
 */
export function registerBuiltinPlugin(
  definition: BuiltinPluginDefinition,
): void {
  BUILTIN_PLUGINS.set(definition.name, definition)
}

/**
 * Check if a plugin ID represents a built-in plugin (ends with @builtin).
 */
export function isBuiltinPluginId(pluginId: string): boolean {
  return pluginId.endsWith(`@${BUILTIN_MARKETPLACE_NAME}`)
}

/**
 * Get a specific built-in plugin definition by name.
 * Useful for the /plugin UI to show the skills/hooks/MCP list without
 * a marketplace lookup.
 */
export function getBuiltinPluginDefinition(
  name: string,
): BuiltinPluginDefinition | undefined {
  return BUILTIN_PLUGINS.get(name)
}

/**
 * Get all registered built-in plugins as LoadedPlugin objects, split into
 * enabled/disabled based on user settings (with defaultEnabled as fallback).
 * Plugins whose isAvailable() returns false are omitted entirely.
 */
export function getBuiltinPlugins(): {
  enabled: LoadedPlugin[]
  disabled: LoadedPlugin[]
} {
  const settings = getSettings_DEPRECATED()
  const enabled: LoadedPlugin[] = []
  const disabled: LoadedPlugin[] = []

  for (const [name, definition] of BUILTIN_PLUGINS) {
    if (definition.isAvailable && !definition.isAvailable()) {
      continue
    }

    const pluginId = `${name}@${BUILTIN_MARKETPLACE_NAME}`
    const userSetting = settings?.enabledPlugins?.[pluginId]
    // Enabled state: user preference > plugin default > true
    const isEnabled =
      userSetting !== undefined
        ? userSetting === true
        : (definition.defaultEnabled ?? true)

    const plugin: LoadedPlugin = {
      name,
      manifest: {
        name,
        description: definition.description,
        version: definition.version,
      },
      path: BUILTIN_MARKETPLACE_NAME, // sentinel — no filesystem path
      source: pluginId,
      repository: pluginId,
      enabled: isEnabled,
      isBuiltin: true,
      hooksConfig: definition.hooks,
      mcpServers: definition.mcpServers,
    }

    if (isEnabled) {
      enabled.push(plugin)
    } else {
      disabled.push(plugin)
    }
  }

  return { enabled, disabled }
}

MCP bridges external servers into Claude Code’s action surface

MCP extends Claude Code outward. The client keeps track of auth failures and session expiry so remote servers can be treated like first-class tool sources.

/**
 * Custom error class to indicate that an MCP tool call failed due to
 * authentication issues (e.g., expired OAuth token returning 401).
 * This error should be caught at the tool execution layer to update
 * the client's status to 'needs-auth'.
 */
export class McpAuthError extends Error {
  serverName: string
  constructor(serverName: string, message: string) {
    super(message)
    this.name = 'McpAuthError'
    this.serverName = serverName
  }
}

/**
 * Thrown when an MCP session has expired and the connection cache has been cleared.
 * The caller should get a fresh client via ensureConnectedClient and retry.
 */
class McpSessionExpiredError extends Error {
  constructor(serverName: string) {
    super(`MCP server "${serverName}" session expired`)
    this.name = 'McpSessionExpiredError'
  }
}

/**
 * Thrown when an MCP tool returns `isError: true`. Carries the result's `_meta`
 * so SDK consumers can still receive it — per the MCP spec, `_meta` is on the
 * base Result type and is valid on error results.
 */
export class McpToolCallError_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS extends TelemetrySafeError_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS {
  constructor(
    message: string,
    telemetryMessage: string,
    readonly mcpMeta?: { _meta?: Record<string, unknown> },
  ) {
    super(message, telemetryMessage)
    this.name = 'McpToolCallError'
  }
}

/**
 * Detects whether an error is an MCP "Session not found" error (HTTP 404 + JSON-RPC code -32001).
 * Per the MCP spec, servers return 404 when a session ID is no longer valid.
 * We check both signals to avoid false positives from generic 404s (wrong URL, server gone, etc.).
 */
export function isMcpSessionExpiredError(error: Error): boolean {
  const httpStatus =
    'code' in error ? (error as Error & { code?: number }).code : undefined
  if (httpStatus !== 404) {
    return false
  }
  // The SDK embeds the response body text in the error message.
  // MCP servers return: {"error":{"code":-32001,"message":"Session not found"},...}
  // Check for the JSON-RPC error code to distinguish from generic web server 404s.
  return (
    error.message.includes('"code":-32001') ||
    error.message.includes('"code": -32001')
  )
}

How this part breaks down

  1. skill-loading-and-frontmatter-contract Start with the local skill contract: where skills are discovered, how their frontmatter is parsed, and why the loader turns them into command-shaped capabilities.
  2. extensions-and-mcp-data-structures Read this appendix early if the extension objects feel abstract. It introduces recurring fields like LoadedFrom, plugin metadata, and MCP connection shapes before later pages depend on them.
  3. bundled-skills-and-startup-registration See how the CLI ships built-in skills, feature-gates some of them, and registers them during startup without scanning the filesystem.
  4. builtin-plugins-and-capability-bundles Follow the plugin path where several capabilities travel together: one built-in plugin can expose skills, hooks, and MCP servers under one enable/disable switch.
  5. mcp-client-connections-and-tool-bridges Study the bridge to external systems: transports, auth/session handling, and how remote MCP servers become Claude Code tools and resources.

Drill Deeper

Child Chapters