docs: add bash security hook example#30245
Open
corvid-agent wants to merge 1 commit intoanthropics:mainfrom
Open
docs: add bash security hook example#30245corvid-agent wants to merge 1 commit intoanthropics:mainfrom
corvid-agent wants to merge 1 commit intoanthropics:mainfrom
Conversation
Add a PreToolUse hook that detects destructive operations (rm -rf, dd, git push --force), privilege escalation (sudo, chmod 777), credential exposure (cat .env, echo $API_KEY), file-write bypass patterns (sed -i, tee, python -c open()), and network exfiltration (curl | bash, nc -l). Commands are regex-matched with case-insensitive patterns. Destructive and privilege escalation patterns block (exit 2); credential and bypass patterns warn (exit 0 with stderr). Configurable via BASH_SECURITY_HOOK_ALLOWLIST. Also adds a README to examples/hooks/ documenting both hook examples and the exit code conventions. Addresses community concerns in anthropics#29795, anthropics#29984, anthropics#29275, anthropics#29328. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This was referenced Mar 3, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a comprehensive bash command security analyzer as a PreToolUse hook example, plus a README for the
examples/hooks/directory.The hook detects and blocks:
rm -rf,dd of=,mkfs,git push --force,git reset --hard,DROP TABLEsudo,su,doas,chmod 777,chmod +s,chown rootcurl | bash,wget | sh,nc -l,curl --data $VARcat .env,echo $API_KEY,printenv,historysed -i,tee,python -c open(),perl -pie,ruby -e File.Destructive/escalation/exfiltration patterns block (exit 2). Credential/bypass patterns warn (exit 0 with stderr). Configurable allowlist via
BASH_SECURITY_HOOK_ALLOWLISTenv var.Why
The
examples/hooks/directory currently has a single example that redirectsgreptorg. Community issues document real concerns aboutrm -rfexecuting without prompts (#29984), tool-switching circumvention where blocking Edit/Write causes Claude to usesed -i/teevia Bash instead (#29795), and requests for sudo/privilege watchers (#29275).This hook addresses all of those patterns in a single, drop-in example.
Changes
examples/hooks/bash_security_hook.py— new hook (165 lines)examples/hooks/README.md— documents both hook examples and exit code conventionsTest plan
rm -rf /,sudo apt install,curl | bash) — should blockls,git status,bun test) — should pass throughBASH_SECURITY_HOOK_ALLOWLIST=sudoallowssudocommandsgrep "rm" logfile.txtRelates to #29795, #29984, #29275, #29328
🤖 Generated with Claude Code