hooks-automation
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides educational content and functional recipes for implementing automation hooks within the Claude Code environment. It does not contain any executable malicious code.
- [COMMAND_EXECUTION]: The skill documents how to execute shell commands via hooks (e.g., using
Bash,osascript,powershell.exe). These examples are provided for legitimate automation purposes like desktop notifications, code formatting with Prettier, and running test suites. - [SAFE]: A dedicated security section in the documentation explicitly warns about the risks of hook execution and provides mitigations such as input sanitization, path traversal prevention, and avoiding access to sensitive files like
.envor.git/. - [EXTERNAL_DOWNLOADS]: The skill mentions well-known development tools and registries, such as
npxandnpm, which are standard utilities for JavaScript development and are considered safe under the trusted services recognition rules.
Audit Metadata