Stats
Actions
Tags
'%20stop-opacity%3D'0.16'%2F%3E%3Cstop%20offset%3D'1'%20stop-color%3D'rgb(200%2C90%2C60)'%20stop-opacity%3D'0.03'%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Crect%20width%3D'320'%20height%3D'200'%20fill%3D'url(%23g)'%2F%3E%3Ccircle%20cx%3D'250'%20cy%3D'56'%20r%3D'92'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.06'%2F%3E%3Ccircle%20cx%3D'64'%20cy%3D'172'%20r%3D'58'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.05'%2F%3E%3C%2Fsvg%3E)
From claude-config
Blocks risky Bash commands via a pre-execution safety check and validates file writes after they complete. Runs shell scripts as hooks.
2 events · 3 hooks
Safety signals detected in this hook configuration
Where this hook configuration is defined
Defined in hooks/hooks.json
Event handlers and matchers — expand Raw Configuration for the full JSON
Edit|Write|Readbash -c 'PROBE="$HOME/.claude/.full-suite-active"; if [ -f "$PROBE" ] && command -v python3 >/dev/null 2>&1; then if HN=sensitive-file-guard python3 -c "import json,os,sys; d=json.load(open(sys.argv[1])); sys.exit(0 if d.get(\"schema\")==1 and d.get(\"hooks\",{}).get(os.environ[\"HN\"]) is True else 1)" "$PROBE" 2>/dev/null; then exit 0; fi; fi; FILE="${CLAUDE_FILE_PATH:-}"; if [ -z "$FILE" ]; then exit 0; fi; if echo "$FILE" | grep -qE "\.(env|pem|key|p12|pfx)$"; then echo "[BLOCKED] Sensitive file access blocked: $FILE" >&2; exit 2; fi; if echo "$FILE" | grep -qiE "(secrets|credentials|passwords|private)[/\\]"; then echo "[BLOCKED] Sensitive directory access blocked: $FILE" >&2; exit 2; fi; exit 0'5msBashbash -c 'PROBE="$HOME/.claude/.full-suite-active"; if [ -f "$PROBE" ] && command -v python3 >/dev/null 2>&1; then if HN=dangerous-command-guard python3 -c "import json,os,sys; d=json.load(open(sys.argv[1])); sys.exit(0 if d.get(\"schema\")==1 and d.get(\"hooks\",{}).get(os.environ[\"HN\"]) is True else 1)" "$PROBE" 2>/dev/null; then exit 0; fi; fi; CMD="${CLAUDE_TOOL_INPUT:-}"; if echo "$CMD" | grep -qE "rm\s+(-rf|--recursive)\s+/($|[^a-zA-Z])"; then echo "[BLOCKED] Dangerous delete command blocked" >&2; exit 2; fi; if echo "$CMD" | grep -qE "chmod\s+(777|a\+rwx)"; then echo "[BLOCKED] Dangerous permission change blocked" >&2; exit 2; fi; if echo "$CMD" | grep -qE "(curl|wget).*\|.*sh"; then echo "[BLOCKED] Remote script execution blocked" >&2; exit 2; fi; exit 0'5msEdit|Writebash -c 'FILE="${CLAUDE_FILE_PATH:-}"; if [ -z "$FILE" ] || [ ! -f "$FILE" ]; then exit 0; fi; EXT="${FILE##*.}"; case "$EXT" in py) if command -v black >/dev/null 2>&1; then black --quiet "$FILE" 2>/dev/null; fi; if command -v isort >/dev/null 2>&1; then isort --quiet "$FILE" 2>/dev/null; fi;; ts|tsx|js|jsx|json|md) if command -v npx >/dev/null 2>&1 && [ -f "$(dirname "$FILE")/node_modules/.bin/prettier" ] || command -v prettier >/dev/null 2>&1; then npx prettier --write "$FILE" 2>/dev/null; fi;; cpp|cc|cxx|h|hpp|hxx) if command -v clang-format >/dev/null 2>&1; then clang-format -i "$FILE" 2>/dev/null; fi;; kt|kts) if command -v ktlint >/dev/null 2>&1; then ktlint -F "$FILE" 2>/dev/null; fi;; go) if command -v gofmt >/dev/null 2>&1; then gofmt -w "$FILE" 2>/dev/null; fi;; rs) if command -v rustfmt >/dev/null 2>&1; then rustfmt "$FILE" 2>/dev/null; fi;; esac; exit 0'30msnpx claudepluginhub kcenon/claude-config --plugin claude-config