Raycast Extension Maintainer Capability Pack Skill
Expert Raycast extension maintainer capability pack for reviewing Raycast command structure, manifest metadata, API usage, store submission checks, and privacy-safe release notes aligned to official Raycast developer docs.
Open the source and read safety notes before installing.
Safety notes
- This skill reviews extension behavior; it must not publish store updates or run untrusted extension code without maintainer approval.
- Extensions can invoke network APIs and local filesystem operations; verify least-privilege scopes before release.
- Do not embed long-lived API tokens in source; prefer Raycast preferences and secure storage patterns.
- Third-party dependencies in extensions inherit supply-chain risk; review updates before shipping.
Privacy notes
- Raycast extensions may read clipboard, local files, or user preferences depending on API usage.
- Network calls can transmit query text, auth tokens, and user identifiers to third-party services.
- Store release notes should not include internal API keys, employee data, or customer examples.
- Telemetry or analytics SDKs require explicit disclosure in extension README and store metadata.
Prerequisites
- Local Raycast development environment with the extension repository checked out.
- Access to extension source, package.json, manifest, and command entry points.
- Raycast CLI or store submission credentials for the maintainer account when publishing.
- Ability to run extension tests or manual command checks before release.
Schema details
- Install type
- package
- Reading time
- 9 min
- Difficulty score
- 80
- Troubleshooting
- Yes
- Breaking changes
- No
- Scope
- Source repo
- Skill type
- capability-pack
- Skill level
- expert
- Verification
- validated
- Verified at
- 2026-06-15
| Platform | Support | Install path |
|---|---|---|
| claude-code | Native | .claude/skills/<skill-name>/SKILL.md |
| codex | Native | .agents/skills/<skill-name>/SKILL.md |
| windsurf | Native | .windsurf/skills/<skill-name>/SKILL.md |
| gemini | Native | .gemini/skills/<skill-name>/SKILL.md or .agents/skills/<skill-name>/SKILL.md |
| cursor | Adapter | .cursor/rules/<skill-name>.mdc |
| cli | Manual | AGENTS.md or tool-specific context file |
Full copyable content
# Trigger
"Apply the Raycast extension maintainer capability pack for this extension."
# Required output
1) Extension inventory (commands, views, dependencies)
2) Manifest and metadata review findings
3) API permission and network boundary assessment
4) Store submission or update checklist
5) Privacy-safe release notes for usersAbout this resource
Knowledge Freshness
This capability pack is grounded in official Raycast developer documentation and
the public raycast/extensions repository verified on 2026-06-15. Raycast
APIs and store policies evolve; prefer live docs over cached assumptions.
Retrieval Sources
- https://developers.raycast.com/
- https://developers.raycast.com/basics/create-your-first-extension
- https://developers.raycast.com/api-reference/user-interface/list
- https://developers.raycast.com/information/manifest
- https://github.com/raycast/extensions
Source Verification Notes
Verified against public Raycast developer docs and the extensions monorepo on 2026-06-15:
- Raycast extensions declare commands, icons, and metadata through package and manifest files consumed by the Raycast store pipeline.
- API reference docs describe UI components, preferences, and environment constraints relevant to maintainer review.
- The public extensions repository provides reference implementations for command structure, dependencies, and store submission patterns.
Scope Note
This pack supports maintainers shipping or updating Raycast extensions. It does not replace Raycast store review or Apple platform policies for macOS distribution.
Core Workflow
- Inventory commands, views, dependencies, and external integrations.
- Review manifest metadata, icons, titles, and keyword accuracy.
- Check API usage for network calls, filesystem access, and preference storage.
- Run manual or automated tests for critical command paths and error states.
- Validate store submission requirements and changelog clarity.
- Produce privacy-safe release notes and upgrade guidance for users.
- Capture follow-up tasks for API deprecations or dependency updates.
Capability Scope
- Extension structure and command inventory review.
- Manifest and metadata validation.
- API permission and network boundary checks.
- Store submission readiness checklist.
- Privacy-safe user-facing release notes.
Compatibility
Native
- Claude Code / Claude: use as an Agent Skill when maintaining Raycast extensions or reviewing extension PRs.
Manual Adaptation
- Codex, Cursor, Windsurf, Generic AGENTS: apply the checklist to any Raycast extension repository using official developer docs.
Required Inputs
- Extension repository with manifest and command source files.
- Target Raycast version and breaking API changes since last release.
- List of external services, OAuth clients, and preference keys in use.
- Store listing text and prior release notes for diff review.
Production Rules
- Prefer Raycast preference APIs over hard-coded secrets.
- Document required permissions and network endpoints in README.
- Keep command titles and subtitles accurate to actual behavior.
- Test empty, error, and offline states—not only happy paths.
- Align store screenshots and descriptions with current UI.
- Bump dependencies deliberately; note supply-chain review in release notes.
Review Matrix
| Topic | Signal | Action |
|---|---|---|
| Metadata | Title/icon mismatch | Fix manifest before submit |
| Network | Undocumented API host | Add README disclosure |
| Secrets | Token in source | Move to preferences/Keychain |
| UX | Missing empty state | Add List.EmptyView handling |
| Dependencies | Major version bump | Run regression pass |
| Store | Changelog gap | Add user-visible changes |
Output Contract
- Extension inventory summary.
- Manifest and metadata findings with severity.
- API/network boundary assessment.
- Store submission checklist status.
- Privacy-safe release notes draft.
Troubleshooting
Issue: Extension fails locally but passes CI Fix: Reproduce in Raycast dev mode with clean preferences and latest Raycast build.
Issue: Store rejects metadata Fix: Compare against manifest schema docs and similar merged extensions in the monorepo.
Issue: OAuth redirect fails for new users Fix: Verify client IDs, redirect URLs, and Raycast environment callback handling.
Issue: Command list performance degrades Fix: Paginate data fetches and defer heavy work until item selection.
Duplicate Check
Checked content/skills/, content/tools/, open PRs, and the live catalog for
Raycast extension maintainer workflows. HeyClaude lists Raycast integrations, but
no skills entry provides a reusable Raycast extension maintainer capability
pack with review matrix and output contract.
Editorial Disclosure
Submitted as an independent source-backed HeyClaude content entry by
kiannidev. It is based on public Raycast developer documentation and the
public raycast/extensions repository. No paid placement, referral link,
affiliate link, or vendor sponsorship is used.
Source citations
Add this badge to your README
Show that Raycast Extension Maintainer Capability Pack Skill is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.
[](https://heyclau.de/entry/skills/raycast-extension-maintainer-capability-pack)How it compares
Raycast Extension Maintainer Capability Pack Skill side by side with 2 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.
| Field | Raycast Extension Maintainer Capability Pack Skill Expert Raycast extension maintainer capability pack for reviewing Raycast command structure, manifest metadata, API usage, store submission checks, and privacy-safe release notes aligned to official Raycast developer docs. Open dossier | Raycast Extension Dev Publish Capability Pack Skill Expert Raycast extension capability skill for command design, extension architecture, testing, and store-ready publication workflows. Open dossier | Spectral OpenAPI Contract Audit Capability Pack Skill Expert Spectral review skill for auditing OpenAPI contracts, OAS rulesets, lint results, schema drift, CI gates, and API release readiness. Open dossier |
|---|---|---|---|
| Trust | |||
| Install risk | Review first | Review first | Review first |
| Notes | Safety ✓ Privacy ✓ | Safety · Privacy · | Safety ✓ Privacy ✓ |
| Category | skills | skills | skills |
| Source | source-backed | first-party | source-backed |
| Author | kiannidev | JSONbored | oktofeesh1 |
| Added | 2026-06-15 | 2026-04-10 | 2026-06-03 |
| Platforms | Claude CodeCodexWindsurfGeminiCursorCLIRaycast | Claude CodeCodexWindsurfGeminiCursorCLIRaycast | Claude CodeCodexWindsurfGeminiCursorCLI |
| Source repo | — | — | — |
| Safety notes | ✓This skill reviews extension behavior; it must not publish store updates or run untrusted extension code without maintainer approval. Extensions can invoke network APIs and local filesystem operations; verify least-privilege scopes before release. Do not embed long-lived API tokens in source; prefer Raycast preferences and secure storage patterns. Third-party dependencies in extensions inherit supply-chain risk; review updates before shipping. | — missing | ✓Installing Spectral adds npm packages to the selected project environment; pin the reviewed version and avoid global installs for review work. Spectral can lint local files, globs, and remote contract URLs; review source locations before running checks in shared CI. Ruleset changes can silently weaken future API gates; review disabled rules, severity changes, and overrides as release-impacting changes. JavaScript rulesets and custom functions such as `.spectral.js` execute Node.js code; do not run attacker-supplied rulesets from untrusted PRs unless they have been inspected and executed in a sandboxed environment. The source ZIP is external and version-pinned for reference; package trust should remain a maintainer decision. |
| Privacy notes | ✓Raycast extensions may read clipboard, local files, or user preferences depending on API usage. Network calls can transmit query text, auth tokens, and user identifiers to third-party services. Store release notes should not include internal API keys, employee data, or customer examples. Telemetry or analytics SDKs require explicit disclosure in extension README and store metadata. | — missing | ✓OpenAPI files can reveal internal route names, hostnames, example payloads, business object names, and planned endpoints. Lint reports can include source paths, schema paths, rule names, snippets, and examples from the reviewed contract. Keep public review notes focused on rule IDs, contract paths, compatibility impact, and summarized examples; omit details that do not need to be public. |
| Prerequisites |
|
|
|
| Install | — | | |
| Config | — | — | — |
| Citations | |||
| Claim | Unclaimed | Unclaimed | Unclaimed |
Featured in
Signals
Loading live community signals…
A short, calm digest of reviewed Claude resources. Unsubscribe any time.