hook-development
Create Claude Code hooks for validation and automation
También disponible en: anthropics,anthropics
Claude Code hooks enable event-driven automation for validation, security enforcement, and workflow control. This skill provides comprehensive guidance for implementing prompt-based and command hooks to validate tool execution, enforce policies, and integrate with development workflows.
Descargar el ZIP de la skill
Subir en Claude
Ve a Configuración → Capacidades → Skills → Subir skill
Activa y empieza a usar
Pruébalo
Usando "hook-development". Create a hook that blocks dangerous bash commands
Resultado esperado:
- PreToolUse hook created for Bash commands
- Blocks dangerous operations: rm -rf, dd, mkfs, /dev/null redirects (returns deny)
- Warns on privilege escalation: sudo, su commands (returns ask)
- Approves safe commands: ls, pwd, echo, date, whoami
- Configuration saved to hooks/hooks.json
Usando "hook-development". Create a SessionStart hook for Node.js project
Resultado esperado:
- SessionStart hook created for project context loading
- Detects Node.js via package.json file presence
- Sets PROJECT_TYPE=nodejs in CLAUDE_ENV_FILE
- Detects TypeScript if tsconfig.json exists
- Checks for CI configuration in .github/workflows
Usando "hook-development". Create a Stop hook for test enforcement
Resultado esperado:
- Stop hook created for task completion verification
- Reviews transcript for Write/Edit tool usage
- Blocks completion if code was modified without tests
- Returns decision: approve or block with reason
- Requires restart of Claude Code to activate
Auditoría de seguridad
SeguroDocumentation skill providing guidance for creating Claude Code hooks. All static findings are FALSE POSITIVES: patterns detected in documentation files (Markdown) showing example code snippets, and security validation scripts that BLOCK dangerous commands (PreToolUse hooks that deny rm -rf, dd, mkfs). The skill contains development utilities for hook validation and testing. No network calls, credential access, or data exfiltration detected.
Factores de riesgo
⚡ Contiene scripts (3)
⚙️ Comandos externos (2)
Puntuación de calidad
Lo que puedes crear
Build secure plugins
Implement validation hooks in plugins to block dangerous operations, validate file writes, and enforce security policies
Automate workflows
Create hooks that enforce test runs, verify builds, and ensure compliance before task completion
Enforce policies
Deploy hooks that detect sensitive file access, block privilege escalation, and audit command execution
Prueba estos prompts
Create a PreToolUse hook that validates Write operations. Block writes to system directories like /etc and /sys. Also block writes to files matching .env, secrets, or credentials patterns. Use prompt-based hook type.
Create a PreToolUse hook for Bash commands. Block commands containing rm -rf, dd, mkfs, or redirects to /dev/null. For sudo commands, return ask instead of deny. Use both command hook for quick checks and prompt hook for deep analysis.
Create a Stop hook that reviews the transcript. Verify that if code was modified (Write/Edit tools used), tests were run. Also verify the project builds successfully. Block task completion with a clear reason if requirements are not met.
Create a SessionStart hook that detects the project type. Check for package.json (Node.js), Cargo.toml (Rust), go.mod (Go), pyproject.toml (Python), or pom.xml (Java). Set PROJECT_TYPE environment variable in CLAUDE_ENV_FILE. Also detect CI configuration.
Mejores prácticas
- Use prompt-based hooks for complex validation that requires context-aware reasoning
- Set appropriate timeouts: 5-10 seconds for command hooks, 15-30 seconds for prompt hooks
- Always validate JSON output and use set -euo pipefail in bash scripts
Evitar
- Do not use hardcoded paths - use CLAUDE_PLUGIN_ROOT and CLAUDE_PROJECT_DIR environment variables
- Do not assume hook execution order - hooks run in parallel and do not see each other output
- Do not create long-running hooks - they will timeout and block workflows