docs: reframe scanner section as CI quality gate

README.md

@@ -22,6 +22,7 @@
 
 ## Contents
 
+- [Start Here](#start-here)
 - [Official Plugins](#official-plugins)
 - [Community Plugins](#community-plugins)
 - [Plugin Development](#plugin-development)
@@ -30,6 +31,22 @@
 
 ---
 
+## Start Here
+
+New plugin workflow:
+
+1. Create with `$plugin-creator`
+2. Validate with [`codex-plugin-scanner`](https://github.com/hashgraph-online/codex-plugin-scanner)
+3. Gate PRs with the [HOL scanner GitHub Action](https://github.com/hashgraph-online/hol-codex-plugin-scanner-action)
+4. Ship or submit with confidence
+
+Quick preflight:
+
+```bash
+pipx run codex-plugin-scanner lint .
+pipx run codex-plugin-scanner verify .
+```
+
 ## Official Plugins
 
 <details>
@@ -124,54 +141,35 @@ $plugin-creator
 
 Currently no self-serve marketplace submission. Plugins are distributed via local marketplaces (`~/.agents/plugins/marketplace.json`), repo marketplaces (`$REPO_ROOT/.agents/plugins/marketplace.json`), or GitHub repos by pointing a marketplace source at a repo. OpenAI has stated third-party marketplace submissions are coming soon.
 
-## Scan Your Plugin
+## Validate Before You Ship
 
-Before submitting a plugin, run the [codex-plugin-scanner](https://github.com/hashgraph-online/codex-plugin-scanner) to check for security issues and best practices. It scores your plugin from 0-100 and generates actionable findings.
+After scaffolding with `$plugin-creator`, use [codex-plugin-scanner](https://github.com/hashgraph-online/codex-plugin-scanner) as your quality gate before publishing, review, or distribution.
 
-### Quick Check
+### Local Preflight
 
 ```bash
-pip install codex-plugin-scanner
-codex-plugin-scanner ./my-plugin
+pipx run codex-plugin-scanner lint .
+pipx run codex-plugin-scanner verify .
 ```
 
-### CI Integration
-
-Add to your plugin's GitHub Actions as a PR gate:
+### PR Gate (GitHub Actions)
 
 ```yaml
-- uses: hashgraph-online/codex-plugin-scanner/action@v1.1.0
+- uses: hashgraph-online/hol-codex-plugin-scanner-action@v1
   with:
     plugin_dir: "."
-    min_score: 70
     fail_on_severity: high
 ```
 
-### Pre-commit Hook
-
-Catch issues before they reach CI:
-
-```yaml
-# .pre-commit-config.yaml
-repos:
-  - repo: https://github.com/hashgraph-online/codex-plugin-scanner
-    rev: v1.1.0
-    hooks:
-      - id: codex-plugin-scanner
-```
+### Submission Preflight
 
-### What It Checks
+Use scanner outputs as evidence for maintainers/reviewers:
 
-| Category | Max Points |
-|----------|-----------|
-| Manifest Validation | 25 |
-| Security | 20 |
-| Best Practices | 15 |
-| Marketplace | 15 |
-| Skill Security | 15 |
-| Code Quality | 10 |
+- Structural lint results
+- Publish-readiness verification output
+- SARIF/findings for CI and code scanning
 
-Plugins scoring **80+** get a "Verified by Scanner" badge in this list.
+The score is best used as a quick trust signal and triage summary (not the only readiness signal).
 
 ## Guides & Articles
 

plugins.json

@@ -2,7 +2,7 @@
   "$schema": "https://json-schema.org/draft/2020-12/schema",
   "name": "awesome-codex-plugins",
   "version": "1.0.0",
-  "last_updated": "2026-03-31",
+  "last_updated": "2026-04-01",
   "total": 27,
   "categories": [
     "Development & Workflow",