A community-driven registry for the Claude Code ecosystem. Not affiliated with Anthropic.
Are you the author? Sign in to claim
Copy-paste hooks: block dangerous commands, protect secrets, auto-stage git, Slack alerts
🪝 Ready-to-use hooks for Claude Code — safety, automation, notifications, and more.
| Protecting Secrets | Blocking Dangerous Commands |
|---|---|
 |  |
A growing collection of tested, documented hooks you can copy, paste, and customize.
Runs before Claude executes a tool. Can block or modify the operation.
| Hook | Matcher | Description |
|---|---|---|
| block-dangerous-commands | Bash | Blocks dangerous shell commands (rm -rf ~, fork bombs, curl|sh) |
| protect-secrets | Read|Edit|Write|Bash | Prevents reading/modifying/exfiltrating sensitive files |
Runs after Claude executes a tool. Can react to results.
| Hook | Matcher | Description |
|---|---|---|
| auto-stage | Edit|Write | Automatically git stages files after Claude modifies them |
Fires when Claude needs user attention.
| Hook | Matcher | Description |
|---|---|---|
| notify-permission | permission_prompt|idle_prompt | Sends Slack alerts when Claude needs input |
Tools to help you build and debug hooks.
| Tool | Language | Description |
|---|---|---|
| event-logger | Python | Logs all hook events to inspect payload structures |
💡 Building a new hook? Use
event-logger.pyto discover what data Claude Code provides for each event before writing your own hooks.
1. Copy the hook script:
mkdir -p ~/.claude/hooks
cp hook-scripts/pre-tool-use/block-dangerous-commands.js ~/.claude/hooks/
2. Add to .claude/settings.json:
{
"hooks": {
"PreToolUse": [
{
"matcher": "Bash",
"hooks": [
{
"type": "command",
"command": "node ~/.claude/hooks/block-dangerous-commands.js"
}
]
}
]
}
}
3. Restart Claude Code — the hook is now active.
💡 Tip: Use multiple hooks together. Combine
block-dangerous-commands+protect-secretsfor comprehensive safety.
Security hooks support configurable safety levels:
| Level | What's Blocked | Use Case |
|---|---|---|
critical | Catastrophic only (rm -rf ~, fork bombs, dd to disk) | Maximum flexibility |
high | + Risky (force push main, secrets exposure, git reset --hard) | Recommended |
strict | + Cautionary (any force push, sudo rm, docker prune) | Maximum safety |
To change: Edit the SAFETY_LEVEL constant at the top of each hook.
const SAFETY_LEVEL = 'strict'; // or 'critical', 'high'
All hooks include comprehensive tests:
# Run all tests
npm test
# Run specific hook tests
node --test hook-scripts/tests/pre-tool-use/block-dangerous-commands.test.js
Test coverage:
See the official Claude Code hooks documentation for:
Contributions welcome! See CONTRIBUTING.md for guidelines.
Ideas for new hooks:
| Hook | Event | Description |
|---|---|---|
protect-tests | PreToolUse | Block test deletion/disabling |
auto-format | PostToolUse | Run prettier/black/gofmt after edits |
branch-guard | PreToolUse | Block changes on main/master branch |
context-snapshot | PreCompact | Preserve context before compaction |
session-summary | Stop | Generate summary on session end |
ntfy-notify | Notification | Free mobile push via ntfy.sh |
discord-notify | Notification | Discord webhook alerts |
cost-tracker | PostToolUse | Track token usage and estimate costs |
tts-alerts | Notification | Voice notifications via say/espeak |
rules-injector | UserPromptSubmit | Auto-inject CLAUDE.md rules |
rate-limiter | PreToolUse | Limit tool calls per minute |
context-injector | SessionStart | Inject project context on session start |
MIT © karanb192
Give Claude Code memory that evolves with your codebase via hooks and LLM-compiled knowledge
Security hooks with SSRF protection, MCP compression, and OpenTelemetry tracing
Context management with hooks for state via ledgers, MCP without context pollution
An LLM council that reviews your coding agent's every move for quality assurance
Community Package
@karanb192 on GitHub