hooks-reference
Provides guidance for implementing Claude Code hooks to automate validation, context loading, and workflow enforcement.
Install this skill
Security score
The hooks-reference skill was audited on Feb 21, 2026 and we found 13 security issues across 3 threat categories, including 2 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 31 | ```json |
Template literal with variable interpolation in command context
| 73 | ```json |
Template literal with variable interpolation in command context
| 191 | ```json |
Template literal with variable interpolation in command context
| 236 | ```json |
Template literal with variable interpolation in command context
| 255 | ```bash |
Template literal with variable interpolation in command context
| 282 | ```json |
Template literal with variable interpolation in command context
| 353 | ```json |
Template literal with variable interpolation in command context
| 383 | - `${CLAUDE_PLUGIN_ROOT}` - Absolute path to plugin directory |
Template literal with variable interpolation in command context
| 405 | 3. **Use portable paths**: `${CLAUDE_PLUGIN_ROOT}` for plugin files |
Access to .env file
| 219 | if [[ "$FILE_PATH" == *.env* ]] || [[ "$FILE_PATH" == *secret* ]]; then |
External URL reference
| 395 | echo 'export API_URL=http://localhost:3000' >> "$CLAUDE_ENV_FILE" |
External URL reference
| 427 | - Hooks documentation: https://code.claude.com/docs/en/hooks |
External URL reference
| 428 | - Hooks guide: https://code.claude.com/docs/en/hooks-guide |