Skip to main content

hook-configuration

Facilitates the creation and management of Claude Code hooks for automated workflows and event handling in AI applications.

Install this skill

or
56/100

Security score

The hook-configuration skill was audited on Feb 12, 2026 and we found 14 security issues across 4 threat categories, including 1 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 272

Template literal with variable interpolation in command context

SourceSKILL.md
272- `${CLAUDE_PLUGIN_ROOT}` - Plugin directory path (plugin hooks only)
medium line 764

Curl to non-GitHub URL

SourceSKILL.md
764"command": "jq '.' | curl -d @- https://external-log-service.com"
medium line 207

Access to hidden dotfiles in home directory

SourceSKILL.md
207- **User-level**: `~/.claude/settings.json` (all projects)
low line 370

Access to hidden dotfiles in home directory

SourceSKILL.md
370"command": "jq -r '\"\\(.tool_input.command) - \\(.tool_input.description // \\\"No description\\\")\"' | xargs -I {} sh -c 'echo \"$(date \"+%Y-%m-%d %H:%M:%S\") - {}\" >> ~/.claude-audit.log'"
low line 583

Access to hidden dotfiles in home directory

SourceSKILL.md
583# ~/.claude/hooks/conditional-formatter.sh
low line 609

Access to hidden dotfiles in home directory

SourceSKILL.md
609"command": "~/.claude/hooks/conditional-formatter.sh"
low line 648

Access to hidden dotfiles in home directory

SourceSKILL.md
648"command": "jq -r --arg branch \"$(git rev-parse --abbrev-ref HEAD 2>/dev/null)\" --arg ts \"$(date -u +%Y-%m-%dT%H:%M:%SZ)\" '{timestamp: $ts, branch: $branch, tool: .tool_name, command: .tool_input.
low line 771

Access to hidden dotfiles in home directory

SourceSKILL.md
771"command": "jq -r '{timestamp: now, tool: .tool_name}' >> ~/.local-audit.jsonl"
medium line 45

Access to .env file

SourceSKILL.md
45- Block edits to sensitive files (.env, production configs)
low line 313

Access to .env file

SourceSKILL.md
313# Block edits to .env files
low line 315

Access to .env file

SourceSKILL.md
315if [[ "$file_path" == ".env" ]]; then
low line 316

Access to .env file

SourceSKILL.md
316echo "ERROR: Cannot edit .env file" >&2
medium line 351

Access to .env file

SourceSKILL.md
3518. ✅ Avoid processing `.env`, `.git`, credentials files
low line 764

External URL reference

SourceSKILL.md
764"command": "jq '.' | curl -d @- https://external-log-service.com"
Scanned on Feb 12, 2026
View Security Dashboard
Installation guide →
GitHub Stars 106
Rate this skill
Categorydevelopment
UpdatedMay 21, 2026
openclawbackendapiml-ai-engineerbackend-developerdevops-sredevelopment
majiayu000/claude-skill-registry