Hook Development
This skill should be used when the user asks to "create a hook", "add a PreToolUse/PostToolUse/Stop hook", "validate tool use", "implement prompt-based hooks", "use ${CLAUDE_PLUGIN_ROOT}", "set up event-driven automation", "block dangerous commands", or mentions hook events (PreToolUse, PostToolUse, Stop, SubagentStop, SessionStart, SessionEnd, UserPromptSubmit, PreCompact, Notification). Provides comprehensive guidance for creating and implementing Claude Code plugin hooks with focus on advanced prompt-based hooks API.
Security
1 critical severity finding. Installing this skill is not recommended: please review these findings carefully if you do intend to do so.
E006: Malicious code pattern detected in skill scripts
What this means
Detected high-risk code patterns in the skill content — including its prompts, tool definitions, and resources — such as data exfiltration, backdoors, remote code execution, credential theft, system compromise, supply chain attacks, and obfuscation techniques.
Why it was flagged
Malicious code pattern detected (high risk: 1.00). The content is largely legitimate developer documentation, but it includes multiple explicit, high-risk patterns that can be used as backdoors or for data exfiltration (external webhooks/DB/network calls with raw hook input, persisting environment variables, and flag-file/conditional activation mechanisms), so it presents a definite malicious-abuse risk if turned to hostile ends.
- Repository
- anthropics/claude-code
- Commit
f967b36
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.