hook-generator

[Skill Scanner] Destructive bash command detected (rm -rf, chmod 777) The hook-generator itself is a benign and useful tool for creating event-driven shell-command hooks. However, it enables high-risk behavior: arbitrary shell execution with access to environment credentials and the filesystem, and the possibility of automatic execution of project-level hooks across team members. The primary threat is not contained code in this module but the powerful primitives it encourages (wildcard matchers, external scripts, npm/curl invocations) which can be abused for credential theft, data exfiltration, or executing arbitrary binaries. Treat project-level hooks with high caution, audit and sanitize any hook commands before installing, avoid '*' matchers, and prefer testing hooks in isolated/sandboxed environments. LLM verification: The package is a hook-generation and configuration helper that intentionally enables execution of arbitrary shell commands as automation hooks. The content itself is not evidently malicious, but it empowers high-risk behaviors: running arbitrary shell commands, executing external tooling and scripts, and automatically executing repository-supplied hooks. Absent stronger safeguards (sanitization patterns, sandboxing/isolation guidance, explicit opt-in for project hooks, and restrictions on networ