meta-hook-creator

This is a documentation/template skill describing how to create lifecycle hooks for Claude Code. The content itself contains no explicit malicious code, hard-coded credentials, obfuscated payloads, or download-and-execute instructions. However, the documented capabilities (arbitrary shell commands, subagents, writing CLAUDE_ENV_FILE, and async/background execution) are powerful and, if misused or if untrusted hooks are installed, could enable credential harvesting, data exfiltration, command injection, or autonomous actions. Risk therefore arises from hook implementations and deployment policies rather than from this document alone. Recommend: enforce code review, require least privilege for hooks, restrict network access or whitelisted endpoints for hook processes, and avoid installing untrusted hook scripts.