Skip to content

alexlitinsky/claude-hooks

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.claude
.claude
 
 
README.md
README.md
 
 
hook.py
hook.py
 
 
test_hook.py
test_hook.py
 
 

Repository files navigation

Claude Code Dangerous Command Interceptor Hook

A pre-tool-use hook for Claude Code that intercepts and blocks dangerous bash commands before they are executed.

What it does

Blocks destructive commands including:

  • rm -rf / — filesystem destruction
  • dd if=/dev/zero of=/dev/sda — disk wiping
  • mkfs — filesystem formatting
  • :(){ :|:& };: — fork bombs
  • curl | sh, wget | sh — untrusted remote code execution
  • Writing to raw disk devices

Safe commands pass through normally.

How it works

  1. Claude Code invokes the hook before every Bash tool call
  2. The hook reads the tool input JSON from stdin
  3. It checks the command against a list of dangerous patterns
  4. If dangerous: exits non-zero with an error message (blocks execution)
  5. If safe: exits 0 (allows execution)

Setup

Option 1: Project settings (.claude/settings.json)

The included .claude/settings.json configures the hook automatically for this project:

{
  "hooks": {
    "pre-tool-use": [
      {
        "matcher": "Bash",
        "hooks": [
          {
            "type": "command",
            "command": "python3 $PROJECT_DIR/hook.py"
          }
        ]
      }
    ]
  }
}

Option 2: Global settings

Copy the hook configuration to ~/.claude/settings.json and update the path to hook.py.

Testing

python3 test_hook.py

This runs all test cases, verifying that dangerous commands are blocked and safe commands are allowed.

Requirements

  • Python 3.10+
  • Claude Code with hooks support

About

Claude Code pre-tool-use hook that intercepts dangerous bash commands

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages