creating-claude-hooks

Guides users in creating and publishing Claude Code hooks, detailing format, event types, and execution requirements.

Install this skill

or

14/100

Security score

The creating-claude-hooks skill was audited on May 12, 2026 and we found 20 security issues across 2 threat categories, including 1 critical. Review the findings below before installing.

Categories Tested

Security Issues

medium line 100

Template literal with variable interpolation in command context

SourceSKILL.md

100

```json

medium line 351

Template literal with variable interpolation in command context

SourceSKILL.md

351

```json

medium line 368

Template literal with variable interpolation in command context

SourceSKILL.md

368

```json

medium line 400

Template literal with variable interpolation in command context

SourceSKILL.md

400

```json

high line 451

Template literal with variable interpolation in command context

SourceSKILL.md

451	\| Absolute paths missing \| Can't find scripts \| Use `${CLAUDE_PLUGIN_ROOT}` \|

medium line 492

Template literal with variable interpolation in command context

SourceSKILL.md

492

```bash

critical line 331

Piping content to bash shell

SourceSKILL.md

331	\| Bash \| `command` \|

medium line 24

Access to hidden dotfiles in home directory

SourceSKILL.md

24	- Configure in `.claude/settings.json`, `~/.claude/settings.json`, or plugin's `hooks.json`

medium line 65

Access to hidden dotfiles in home directory

SourceSKILL.md

65	Configure hooks in `.claude/settings.json` (project) or `~/.claude/settings.json` (global):

low line 280

Access to hidden dotfiles in home directory

SourceSKILL.md

280	~/.claude/hooks/PreToolUse

low line 281

Access to hidden dotfiles in home directory

SourceSKILL.md

281	~/.claude/hooks/Stop

low line 517

Access to hidden dotfiles in home directory

SourceSKILL.md

517	LOG_FILE=~/.claude-hooks/debug.log

low line 573

Access to hidden dotfiles in home directory

SourceSKILL.md

573	- Logs session start time to `~/.claude/session.log`

low line 580

Access to hidden dotfiles in home directory

SourceSKILL.md

580	- write access to `~/.claude/`

low line 586

Access to hidden dotfiles in home directory

SourceSKILL.md

586	echo "Session started at $(date)" >> ~/.claude/session.log

low line 169

Access to .env file

SourceSKILL.md

169	.env\|.pem\|*.key)

low line 189

Access to .env file

SourceSKILL.md

189	// Block .env files

low line 190

Access to .env file

SourceSKILL.md

190	if (filePath.endsWith('.env')) {

low line 191

Access to .env file

SourceSKILL.md

191	console.error('Blocked: Cannot modify .env files');

low line 493

Access to .env file

SourceSKILL.md

493	BLOCKED=(".env" ".env." ".pem" "*.key")

Scanned on May 12, 2026

View Security Dashboard

Installation guide →

GitHub Stars 95

Rate this skill

Categorydevelopment

UpdatedMay 13, 2026

claude claude-code frontend docx git api testing backend ml-ai-engineer technical-writer product-manager development content media product