Skip to main content

claude-hook-writer

Provides expert guidance for writing secure and performant Claude Code hooks, ensuring best practices and reliability.

Install this skill

or
0/100

Security score

The claude-hook-writer skill was audited on Mar 4, 2026 and we found 25 security issues across 3 threat categories, including 1 critical. Review the findings below before installing.

Categories Tested

Security Issues

medium line 173

Template literal with variable interpolation in command context

SourceSKILL.md
173```bash
medium line 209

Template literal with variable interpolation in command context

SourceSKILL.md
209```bash
medium line 319

Template literal with variable interpolation in command context

SourceSKILL.md
319```bash
medium line 387

Template literal with variable interpolation in command context

SourceSKILL.md
387```bash
medium line 478

Template literal with variable interpolation in command context

SourceSKILL.md
478```json
medium line 615

Template literal with variable interpolation in command context

SourceSKILL.md
615```json
high line 630

Template literal with variable interpolation in command context

SourceSKILL.md
630**Use `${CLAUDE_PLUGIN_ROOT}`** to reference scripts—expands to hook installation directory.
critical line 281

Access to /etc/passwd

SourceSKILL.md
281- `"../../../etc/passwd"` (traversal attempts)
high line 281

Path traversal to sensitive directory

SourceSKILL.md
281- `"../../../etc/passwd"` (traversal attempts)
low line 263

Access to hidden dotfiles in home directory

SourceSKILL.md
263LOG_FILE=~/.claude-hooks/my-hook.log
low line 838

Access to hidden dotfiles in home directory

SourceSKILL.md
838echo "Hook running..." >> ~/.claude-hooks/debug.log
high line 182

Access to SSH directory

SourceSKILL.md
182".ssh/*"
low line 176

Access to .env file

SourceSKILL.md
176".env"
low line 177

Access to .env file

SourceSKILL.md
177".env.*"
low line 398

Access to .env file

SourceSKILL.md
398".env"
low line 399

Access to .env file

SourceSKILL.md
399".env.*"
low line 552

Access to .env file

SourceSKILL.md
552test_case "Sensitive .env file" \
low line 553

Access to .env file

SourceSKILL.md
553'{"input":{"file_path":".env"}}' \
low line 797

Access to .env file

SourceSKILL.md
797[[ "$FILE" != *".env"* ]] || exit 2
low line 817

Access to .env file

SourceSKILL.md
817if [[ $FILE == ".env" ]]; then
low line 818

Access to .env file

SourceSKILL.md
818echo "Don't edit .env" >&2
low line 823

Access to .env file

SourceSKILL.md
823if [[ $FILE == ".env" ]]; then
low line 824

Access to .env file

SourceSKILL.md
824echo "Blocked: .env is protected" >&2
low line 965

External URL reference

SourceSKILL.md
965- [Claude Code Hooks Docs](https://code.claude.com/docs/en/hooks)
low line 967

External URL reference

SourceSKILL.md
967- [PRPM Hook Packages](https://prpm.dev/packages?format=claude&subtype=hook)
Scanned on Mar 4, 2026
View Security Dashboard

Install this skill with one command

/learn @pr-pm/claude-hook-writer
GitHub Stars 95
Rate this skill
Categorydevelopment
UpdatedMarch 29, 2026
claude-codebackendml-ai-engineerbackend-developerdevops-sredevelopment
pr-pm/prpm