Hook Development for Claude Code Plugins

Name: claude-code/hook-development
Author: anthropics

View on GitHub↗

Share on X Share on LinkedIn Share on Bluesky

100Critical

The skill allows arbitrary command execution, data exfiltration,

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

Hook Development for Claude Code Plugins: Hooks are event-driven automation scripts that execute in response to Claude Code events. Use hooks to validate operations, enforce policies, add context, and integrate external tools into workflows.

Actually does

This skill provides comprehensive documentation and guidance on developing Claude Code plugin hooks. It details how to configure `prompt` and `command` type hooks, which can execute `bash` scripts, use `jq` for JSON parsing, and interact with files like `hooks/hooks.json` and environment variables. It also references external documentation at `https://docs.claude.com/en/docs/claude-code/hooks`.

Threat Analysis

AI Agent Traps ↗Scanned 4/14/2026

Content InjectionPerceptionclean

Semantic ManipulationReasoning1 finding

Cognitive StateMemory & Learningclean

Behavioural ControlAction3 findings

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Nameanthropics/claude-code/hook-development

Registrygithub

Version5c18c787f262

PURLpkg:github/anthropics/claude-code@5c18c787f262?skill=hook-development

Stars114,388

Installs455,628

Source

Repository ↗SKILL.md ↗

SHA-256d14528f389ca...

SHA-1ceb5948fc4c0...

MD5c847080190bb...

TLSHca72f826ec58...

ssdeep384:CCyHyaI9...

Size16,246 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

GitHub

https://github.com/anthropics/claude-code/tree/main/skills/hook-development

455,628 installs

Claude CodeDocs

/plugin marketplace add anthropics/claude-code

/plugin install hook-development@anthropics/claude-code

Skills.shDocs

npx skills add https://github.com/anthropics/claude-code --skill hook-development

Assessments (2)

AI Agent Traps ↗

Arbitrary Command Execution via Command Hookscriticalcommand execution

The skill explicitly allows for the execution of arbitrary bash commands via 'command hooks' triggered by various events, posing a critical risk for system compromise.

100% confidenceline 505

{"type": "command", "command": "bash ${CLAUDE_PLUGIN_ROOT}/scripts/validate.sh"}

Data Exfiltration and Reconnaissance via Command Hookshighdata exfiltration

Command hooks, with access to `$CLAUDE_PROJECT_DIR` and `$CLAUDE_PLUGIN_ROOT`, can be used to read sensitive files, enumerate system information, and exfiltrate data.

100% confidence

Available in all command hooks: - $CLAUDE_PROJECT_DIR - $CLAUDE_PLUGIN_ROOT

Resource Abuse via Parallel Executionmediumresource abuse

Multiple matching hooks run in parallel, and while timeouts are present, command hooks can still be designed to consume excessive resources up to their timeout, potentially leading to denial of service.

90% confidence

All matching hooks run in parallel

Semantic Manipulation via Prompt-Based Hooksmediumprompt injection

Prompt-based hooks allow LLM-driven decision making and can inject context or instructions into the agent's reasoning, potentially manipulating its perception or evading oversight.

100% confidenceline 507

{"type": "prompt", "prompt": "Evaluate if this tool use is appropriate: $TOOL_INPUT"}

Version History (2)

f348a16da8285Low4/15/2026 5c18c787f262current100Critical4/14/2026

Dependencies (13)

agent-sdk-dev.claude-plugin/marketplace.jsonnot scanned

claude-opus-4-5-migration.claude-plugin/marketplace.jsonnot scanned

code-review.claude-plugin/marketplace.jsonnot scanned

commit-commands.claude-plugin/marketplace.jsonnot scanned

explanatory-output-style.claude-plugin/marketplace.jsonnot scanned

feature-dev.claude-plugin/marketplace.jsonnot scanned

frontend-design.claude-plugin/marketplace.jsonnot scanned

hookify.claude-plugin/marketplace.jsonnot scanned

learning-output-style.claude-plugin/marketplace.jsonnot scanned

plugin-dev.claude-plugin/marketplace.jsonnot scanned

pr-review-toolkit.claude-plugin/marketplace.jsonnot scanned

ralph-wiggum.claude-plugin/marketplace.jsonnot scanned

security-guidance.claude-plugin/marketplace.jsonnot scanned

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/github/anthropics/claude-code/hook-development.svg)](https://mondoo.com/ai-agent-security/skills/github/anthropics/claude-code/hook-development)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/github/anthropics/claude-code/hook-development"><img src="https://mondoo.com/ai-agent-security/api/badge/github/anthropics/claude-code/hook-development.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/github/anthropics/claude-code/hook-development.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow