hooks-manager
Automates workflows in Claude Code by creating event-driven hooks for tasks like code formatting and security enforcement.
Install this skill
Security score
The hooks-manager skill was audited on Feb 19, 2026 and we found 14 security issues across 4 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 838 | ```bash |
Curl to non-GitHub URL
| 234 | curl -X POST http://localhost:8428/api/v1/write \ |
Curl to non-GitHub URL
| 242 | # curl -X POST https://your-webhook.com/telemetry \ |
Webhook reference - potential data exfiltration
| 241 | # Or send to webhook |
Webhook reference - potential data exfiltration
| 242 | # curl -X POST https://your-webhook.com/telemetry \ |
Access to hidden dotfiles in home directory
| 101 | mkdir -p ~/.claude/hooks |
Access to hidden dotfiles in home directory
| 102 | echo '[above-json]' > ~/.claude/hooks/auto-format.json |
Access to hidden dotfiles in home directory
| 448 | # Deploy to global (~/.claude/hooks/) |
Access to hidden dotfiles in home directory
| 458 | ls -la ~/.claude/hooks/ |
Access to hidden dotfiles in home directory
| 513 | for hook in ~/.claude/hooks/*.json .claude/hooks/*.json; do |
Access to hidden dotfiles in home directory
| 886 | - [ ] Hook file in correct location (~/.claude/hooks/ or .claude/hooks/) |
Access to .env file
| 414 | if [ -f ".env" ]; then |
External URL reference
| 234 | curl -X POST http://localhost:8428/api/v1/write \ |
External URL reference
| 242 | # curl -X POST https://your-webhook.com/telemetry \ |