Linter for Claude Code hooks configuration (the 'hooks' block of settings.json). Validates event names, matcher shape, command entries, and flags dangerous commands or hardcoded secrets.
Project description
claude-hooks-check
A small Python linter for Claude Code hooks configuration — the hooks block inside your settings.json, or a standalone hooks JSON.
It catches the common foot-guns before you hand a command to Claude that it will silently run on your machine:
- unknown event names (typos like
PreToolYse,SessionStrat) - malformed matcher blocks (missing
hooksarray, wrong shape) - hook entries missing
typeor with an unknown type - command hooks with empty / non-string
command - dangerous command patterns:
rm -rf /,curl | sh,sudo ...,dd if=... of=/dev/..., fork bombs - hardcoded secrets in command strings (Anthropic, OpenAI, AWS, GitHub, Stripe, Google)
- invalid or suspiciously-high
timeoutvalues
Accepts both shapes:
- a full Claude Code
settings.json— the linter reads itshookskey - a bare hooks JSON — e.g.
{ "PreToolUse": [...] }
Install
pip install claude-hooks-check
Usage
claude-hooks-check ~/.claude/settings.json
claude-hooks-check .claude/settings.json
Exit status: 0 on no errors, 1 on any errors.
Library API
from claude_hooks_check import validate_hooks_file
result = validate_hooks_file(".claude/settings.json")
for issue in result.errors:
print(issue.code, issue.event, issue.matcher, issue.message)
Issue codes
| Code | Severity | Meaning |
|---|---|---|
| E000 | error | file-level problem (missing, empty, not JSON, not an object) |
| E010 | error | hooks is not an object |
| E021 | error | event value is not an array |
| E050 | error | matcher block is not an object |
| E051 | error | matcher is not a string |
| E052 | error | matcher block missing hooks array |
| E053 | error | hooks is not an array |
| E101 | error | hook entry is not an object |
| E102 | error | hook entry missing type |
| E103 | error | unknown hook type |
| E104 | error | command hook has empty / non-string command |
| E105 | error | timeout is not a positive integer |
| E200 | error | dangerous command pattern detected |
| E201 | error | hardcoded secret in command |
| W001 | warning | no hooks and no recognized event at root |
| W011 | warning | hooks object is empty |
| W020 | warning | unknown event name |
| W022 | warning | event has no matcher blocks |
| W054 | warning | matcher block has empty hooks array |
| W105 | warning | timeout over one hour |
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file claude_hooks_check-0.1.0.tar.gz.
File metadata
- Download URL: claude_hooks_check-0.1.0.tar.gz
- Upload date:
- Size: 7.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
980851b8ebc7d9539239a1d61ea3c3a31cd065090eeca81409c61b67ade7a467
|
|
| MD5 |
d21635480d4292cc47f4bb1c4220eed4
|
|
| BLAKE2b-256 |
1c830a49d745d890795ecfbd5c84e956a59515cf1a90365afc6edcaa44bf1e2b
|
File details
Details for the file claude_hooks_check-0.1.0-py3-none-any.whl.
File metadata
- Download URL: claude_hooks_check-0.1.0-py3-none-any.whl
- Upload date:
- Size: 8.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
acd34ede509713057ce011354d6537cc1c9d6932152daa66b0793ffa2ff0eb9d
|
|
| MD5 |
c2ee376b3c65beee3fbeee4b141a01ed
|
|
| BLAKE2b-256 |
6f51abcf2cf6f60a5fe44c1904dc6a70731323b42dbbee82754d8594457257f3
|
