claude-code-hooks
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Heuristic detections for destructive system commands (e.g., rm -rf /) and fork bombs in references/security-patterns.md are false positives. These strings are members of a DANGEROUS_PATTERNS array within a script example designed to detect and block malicious command injection in hook scripts.
- [SAFE]: The documentation provides extensive security guidance, such as quoting shell variables to prevent word splitting/injection, implementing path traversal checks using realpath, and validating JSON input schemas using jq.
- [SAFE]: No hardcoded credentials or unauthorized network operations were detected. Examples for network access (like curl for notifications) demonstrate best practices such as loading keys from separate secret files and avoiding logging of sensitive data.
Audit Metadata