Back to Hooks
Event Hooks
Community

proagent-security

2 events · 5 hooks

From proagent-security
2
Install
1
Install the plugin
$
npx claudepluginhub diegouis/provectus-marketplace --plugin proagent-security

Want just this hook?

Then install: npx claudepluginhub u/[userId]/[slug]

Risk Indicators
Executes bash commandsModifies files
Source

Defined in hooks/hooks.json

Configuration
{
  "PreToolUse": [
    {
      "hooks": [
        {
          "type": "command",
          "command": "which jq >/dev/null 2>&1 || exit 0; jq -r '.tool_input.command // empty' | { read cmd; if echo \"$cmd\" | grep -qE 'git commit|git add|git push'; then if which security-scan >/dev/null 2>&1; then echo '[proagent-security] Git operation detected. Run `security-scan scan --staged-only` to check staged files for secrets before committing.'; else echo '[proagent-security] Git operation detected. Verify no hardcoded secrets (AWS keys, GitHub tokens, private keys, database URLs) are included in staged files. Check .gitignore includes .env, *.pem, *.key, secrets/. Tip: install `security-scan` (pip install security-scan) for automated pre-commit secret detection.'; fi; fi; }",
          "timeout": 10
        },
        {
          "type": "command",
          "command": "which jq >/dev/null 2>&1 || exit 0; jq -r '.tool_input.command // empty' | { read cmd; if echo \"$cmd\" | grep -qE 'npm install|pip install|poetry install|go mod download|docker build'; then echo '[proagent-security] Dependency install detected. Consider running dependency vulnerability audit: npm audit --audit-level=high, pip-audit --strict, govulncheck, or trivy image scan.'; fi; }",
          "timeout": 10
        }
      ],
      "matcher": "Bash"
    }
  ],
  "PostToolUse": [
    {
      "hooks": [
        {
          "type": "command",
          "command": "which jq >/dev/null 2>&1 || exit 0; jq -r '.tool_input.file_path // empty' | { read fp; if echo \"$fp\" | grep -qE '\\.(env|pem|key|p12|pfx)$'; then echo '[proagent-security] WARNING: Sensitive file written. Verify this file is in .gitignore and will not be committed to version control.'; fi; }",
          "timeout": 10
        }
      ],
      "matcher": "Write"
    },
    {
      "hooks": [
        {
          "type": "command",
          "command": "which jq >/dev/null 2>&1 || exit 0; jq -r '.tool_input.file_path // empty' | { read fp; if echo \"$fp\" | grep -qE '\\.(env|pem|key|p12|pfx)$'; then echo '[proagent-security] WARNING: Sensitive file edited. Verify this file is in .gitignore and will not be committed to version control.'; fi; }",
          "timeout": 10
        }
      ],
      "matcher": "Edit"
    },
    {
      "hooks": [
        {
          "type": "command",
          "command": "which jq >/dev/null 2>&1 || exit 0; jq -r '.tool_input.prompt // empty' | { read prompt; if echo \"$prompt\" | grep -qi 'security-specialist\\|vulnerability.scan\\|threat.model\\|compliance.check'; then echo '[proagent-security] Security assessment completed. Review findings by severity (CRITICAL > HIGH > MEDIUM > LOW) and prioritize remediation.'; fi; }",
          "timeout": 5
        }
      ],
      "matcher": "Task"
    }
  ]
}
Summary
{
  "riskFlags": {
    "touchesBash": true,
    "matchAllTools": false,
    "touchesFileWrites": true
  },
  "typeStats": {
    "command": 5
  },
  "eventStats": {
    "PreToolUse": 2,
    "PostToolUse": 3
  },
  "originCounts": {
    "absolutePaths": 0,
    "pluginScripts": 0,
    "projectScripts": 0
  },
  "timeoutStats": {
    "commandsWithoutTimeout": 0
  }
}
Stats
Stars2
Forks1
Last CommitMar 12, 2026

Similar Hooks