feat: add Zoom plugin

[saoudrizwan]

Zoom

Adds a Zoom plugin for planning, building, and debugging Zoom integrations across REST APIs, SDKs, webhooks, WebSockets, OAuth, app surfaces, AI services, and MCP planning.

The plugin is skills-first because most Zoom work depends on the user's app type, account permissions, runtime platform, and deployment model. It includes detailed workflow packs for REST APIs, OAuth, Meeting SDK, Video SDK, Zoom Apps SDK, Team Chat, Phone, Contact Center, Virtual Agent, Cobrowse, Probe SDK, Rivet SDK, RTMS, webhooks, WebSockets, and Zoom AI service workflows such as Scribe, Summarizer, and Translator.

Cline Primitives

This plugin uses skills and rules.

The skills route broad Zoom requests into the right product surface, then provide focused implementation guidance and reference material for each workflow. The MCP-related skills are guidance-only: they help the user decide whether MCP is appropriate, choose the right Zoom MCP endpoint, identify required scopes, and plan user-managed configuration.

Because Cline exposes installed skills as slash-invokable entries, common workflows such as zoom-start, zoom-plan-product, zoom-plan-integration, setup-zoom-oauth, debug-zoom, setup-zoom-mcp, and product-specific build workflows are available directly by skill name.

The zoom:safety rule keeps Zoom credentials, meeting content, recordings, transcripts, chat messages, docs, whiteboards, webhook payloads, and MCP/tool results private. It also requires explicit user approval before live Zoom writes, app configuration changes, local server setup, package installs, message sends, meeting joins, recording/transcript access, and MCP setup.

Requirements

Live workflows require a Zoom account and whatever app permissions, OAuth scopes, SDK credentials, webhook secret tokens, or local project dependencies apply to the chosen integration.

The plugin does not install dependencies, call Zoom APIs, create Zoom apps, register webhooks, join meetings, send chat messages, download recordings, or write MCP settings during installation.

Zoom MCP is intentionally user-managed in this plugin. The available Zoom MCP endpoints require bearer-token headers, and this plugin should not collect or persist those secrets. Users who want MCP access configure their own MCP entry and keep tokens in their own terminal, environment, secret manager, or MCP settings.

Trust Boundaries

Zoom content and connector results can contain private business data and untrusted text from meetings, recordings, transcripts, docs, whiteboards, Team Chat, and webhook payloads. The plugin guidance treats that material as data, not instructions.

For production systems, the plugin steers deterministic workflows toward REST APIs, SDKs, webhooks, or WebSockets, and reserves MCP for user-approved agentic workflows where dynamic tool access is actually the right fit.

[saoudrizwan]

Closing this plugin PR for now because this cleanup pass is limiting plugin marketplace PRs to plugins that only bundle MCP servers and/or skills. This PR includes additional plugin primitive(s): rules.

Those primitives may still be useful, but we are keeping this batch scoped to MCP and skill distribution.