Agent Hooks Security and Quality Gate — Audit Your Pre and Post-Tool-Use Hooks Before They Ship
Adversarially audit your agent hooks before you trust them. Catches command injection, secret leakage, over-broad matchers, destructive actions, and blocking-logic mistakes in pre/post-tool-use, prompt, and stop hooks — with a PASS or REVISE verdict and severity-ranked fixes.
- Identify command injection in shell-based lifecycle hooks
- Prevent secret leakage in post-tool-use reporting scripts
- Fix blocking logic in security gates to prevent fail-open vulnerabilities
$12
· or 60 creditsSecure checkout via Stripe
Included in download
- Identify command injection in shell-based lifecycle hooks
- Prevent secret leakage in post-tool-use reporting scripts
- file_read, file_write automation included
- Ready for aContent-only skill (SKILL.md)
See it in action
You say
Audit this hook before I enable it. Here's my post-tool-use hook config and the script it calls: Config: { "event": "post-tool-use", "matcher": "*", "command": "./report.sh" } report.sh: #!/bin/bash RESULT="$1" curl -X POST https://logs.example.net/report -d "result=$RESULT" Is it safe to ship? Give me a verdict and ranked fixes.
Your agent does
Verdict: REVISE Findings: - Critical — Command injection / exfiltration (report.sh, curl line): $RESULT comes from tool output and is interpolated into the request, so attacker-controlled output can inject data or commands and silently send it off-box. Risk: arbitrary data exfiltration and possible code execution. Fix: pass the value as a file or via stdin, never interpolate untrusted data into a shell string; restrict the destination host. - High — Over-broad matcher (config, "matcher": "*"): the hook fires on every tool, widening the attack surface. Fix: scope the matcher to the specific tools that actually need reporting. - Medium — Missing network timeout (report.sh, curl line): a hung request can stall the agent loop. Fix: add --max-time 5 and fail closed on error. - Low — No provenance check on report.sh: confirm the script is trusted and version-controlled. Fix it, then re-run this audit to confirm a PASS before you ship.
Agent Hooks Security and Quality Gate — Audit Your Pre and Post-Tool-Use Hooks Before They Ship
Adversarially audit your agent hooks before you trust them. Catches command injection, secret leakage, over-broad matchers, destructive actions, and blocking-logic mistakes in pre/post-tool-use, prompt, and stop hooks — with a PASS or REVISE verdict and severity-ranked fixes.
$12
· or 60 creditsSecure checkout via Stripe
Included in download
- Identify command injection in shell-based lifecycle hooks
- Prevent secret leakage in post-tool-use reporting scripts
- file_read, file_write automation included
- Ready for aContent-only skill (SKILL.md)
- Instant install
See it in action
You say
Audit this hook before I enable it. Here's my post-tool-use hook config and the script it calls: Config: { "event": "post-tool-use", "matcher": "*", "command": "./report.sh" } report.sh: #!/bin/bash RESULT="$1" curl -X POST https://logs.example.net/report -d "result=$RESULT" Is it safe to ship? Give me a verdict and ranked fixes.
Your agent does
Verdict: REVISE Findings: - Critical — Command injection / exfiltration (report.sh, curl line): $RESULT comes from tool output and is interpolated into the request, so attacker-controlled output can inject data or commands and silently send it off-box. Risk: arbitrary data exfiltration and possible code execution. Fix: pass the value as a file or via stdin, never interpolate untrusted data into a shell string; restrict the destination host. - High — Over-broad matcher (config, "matcher": "*"): the hook fires on every tool, widening the attack surface. Fix: scope the matcher to the specific tools that actually need reporting. - Medium — Missing network timeout (report.sh, curl line): a hung request can stall the agent loop. Fix: add --max-time 5 and fail closed on error. - Low — No provenance check on report.sh: confirm the script is trusted and version-controlled. Fix it, then re-run this audit to confirm a PASS before you ship.
About This Skill
Hooks are one of the most powerful primitives in an agent harness and one of the most dangerous: they fire shell commands automatically on lifecycle events, with your full permissions, often on input a tool or the model produced — a quiet arbitrary-code-execution surface. Agent Hooks Security and Quality Gate audits a hook config the way a security reviewer would, before you trust it to run on every event. Give it your hooks (pre-tool-use, post-tool-use, user-prompt-submit, stop, or notification) and the scripts they call, and it checks for command injection from untrusted event data, remote code execution, secret leakage and exfiltration, over-broad matchers, destructive or irreversible actions, untrusted provenance, and exit-code or blocking-logic mistakes that defeat a hook's purpose or stall your workflow — plus quality issues like context pollution and latency. It returns a PASS or REVISE verdict with findings ranked Critical, High, Medium, and Low, each with the location, the risk, and a concrete fix. Content-only, no install. Works with Claude Code, Cursor, Codex CLI, Gemini CLI, and any SKILL.md agent.
Use Cases
- Identify command injection in shell-based lifecycle hooks
- Prevent secret leakage in post-tool-use reporting scripts
- Fix blocking logic in security gates to prevent fail-open vulnerabilities
- Optimize hook performance to reduce agent latency during tool use
Known Limitations
Performs static review only — it reads the hook config and the scripts you provide and reasons about them; it does not execute hooks, run scripts, or monitor live events, so purely runtime behavior cannot be observed. Findings are only as complete as the config and scripts you supply: hooks or commands not included (or generated dynamically at runtime) won't be assessed. It is a content-only skill with no install and no automatic updates; re-run it whenever your hooks change. Judgments on custom or unusual setups should be confirmed by a human reviewer.
How to Install
mkdir -p ~/.claude/skills && curl -sL https://www.agensi.io/api/install/agent-hooks-security-and-quality-gate-audit-your-pre-and-post-tool-use-hooks-before-they-ship -o /tmp/agent-hooks-security-and-quality-gate-audit-your-pre-and-post-tool-use-hooks-before-they-ship.zip && unzip -o /tmp/agent-hooks-security-and-quality-gate-audit-your-pre-and-post-tool-use-hooks-before-they-ship.zip -d ~/.claude/skills && rm /tmp/agent-hooks-security-and-quality-gate-audit-your-pre-and-post-tool-use-hooks-before-they-ship.zipFree skills install directly. Paid skills require purchase - use the download button above after buying.
Reviews
No reviews yet - be the first to share your experience.
Only users who have downloaded or purchased this skill can leave a review.
Early access skill
Be the first to review this skill.
Only users who have downloaded or purchased this skill can leave a review.
Security Scanned
Passed automated security review
Permissions
File Scopes
Reads the hook configuration and the scripts it references so it can statically audit them, and writes a review report. It does not execute hooks or scripts, and needs no terminal, network, browser, or environment-variable access.
aContent-only skill (SKILL.md), no install or runtime dependencies. Works with any agent that reads SKILL.md, including Claude Code, Cursor, Codex CLI, and Gemini CLI. You supply the hook config and any scripts it calls; the skill reads them and writes a review.