What is a Claude Code hook?

Hooks are scripts triggered by specific events in the Claude Code environment, allowing developers to automate tasks, validate inputs, or modify behaviors during the development lifecycle.

Why is hook exit code validation important?

Claude Code relies on specific exit codes to understand the status of a hook. Incorrect codes can cause automation to fail silently or block the CLI from proceeding correctly.

Does Hook Reviewer modify my files?

No, Hook Reviewer is a read-only tool. It analyzes your scripts and provides a YAML verdict with findings but never modifies your source code or plugin configurations.

What specific security risks does it check for?

It audits scripts for common security flaws such as shell injection, unauthorized path traversal, and unsafe handling of environment variables or user inputs.

How do I use the YAML verdict generated by the skill?

The YAML verdict provides a status (pass, pass_with_notes, or fail) along with specific details on what needs to be fixed to meet specification and security standards.

Hook Reviewer

Name: Hook Reviewer
Author: hjemmesidekongen

byhjemmesidekongen

0•

セキュリティとテスト

Audits and validates Claude Code hook scripts for security vulnerabilities, specification compliance, and reliable performance.

Hook Reviewer is a specialized auditing tool designed to ensure that Claude Code hooks function correctly and securely within your development environment. It implements a rigorous two-stage review methodology that first checks for technical specification compliance—including event types, exit codes, and JSON schemas—followed by a qualitative assessment of security risks like path traversal and shell injection. By operating in a strictly read-only mode, it provides developers with a safe, automated way to verify hook integrity and diagnose silent failures before committing changes, ultimately producing a standardized YAML verdict to guide improvements.

主な機能

01Security auditing for path traversal and input injection vulnerabilities

02Diagnostic mode for identifying the root cause of failing or silent hooks

03Support for auditing all 18 official Claude Code event types

04Automated validation of JSON schemas and exit code compliance

05Two-stage review process covering both technical specs and code quality

060 GitHub stars

ユースケース

01Security auditing of third-party plugin scripts before local installation

02Pre-commit validation of custom Claude Code hooks to prevent workflow breaks

03Debugging inconsistent automation behaviors and incorrect hook outputs

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add hjemmesidekongen/ai hook-reviewer

For use in Claude.ai and ChatGPT