hooks-builder
Enables the creation of event-driven hooks for automating tasks and enforcing security in Claude Code, enhancing workflow efficiency.
Install this skill
Security score
The hooks-builder skill was audited on Feb 12, 2026 and we found 13 security issues across 2 threat categories, including 1 critical. Review the findings below before installing.
Categories Tested
Security Issues
Destructive rm -rf command
| 293 | - Malicious inputs: `{"tool_input": {"file_path": "; rm -rf /"}}` |
Access to hidden dotfiles in home directory
| 38 | ~/.claude/settings.json → Personal hooks (all projects) |
Access to hidden dotfiles in home directory
| 162 | "command": "echo \"$(date) | $tool_name\" >> ~/.claude/audit.log" |
Access to hidden dotfiles in home directory
| 329 | "command": "echo \"$(date) | $tool_name\" >> ~/.claude/audit.log" |
Access to hidden dotfiles in home directory
| 346 | "command": "python3 ~/.claude/hooks/file-protector.py" |
Access to hidden dotfiles in home directory
| 378 | "hooks": [{"type": "command", "command": "~/.claude/hooks/setup-env.sh"}] |
Access to hidden dotfiles in home directory
| 382 | "hooks": [{"type": "command", "command": "~/.claude/hooks/validate.sh"}] |
Access to hidden dotfiles in home directory
| 386 | "hooks": [{"type": "command", "command": "~/.claude/hooks/format.sh"}] |
Access to hidden dotfiles in home directory
| 438 | chmod +x ~/.claude/hooks/my-hook.sh |
Access to .env file
| 196 | if [[ "$file_path" == *".env"* ]]; then |
Access to .env file
| 197 | echo "BLOCKED: Cannot modify .env files" >&2 |
Access to .env file
| 221 | if '.env' in file_path: |
Access to .env file
| 222 | print("BLOCKED: Cannot modify .env files", file=sys.stderr) |