Event Hooks

credential-guard

1 event · 5 hooks

npx claudepluginhub yurukusa/cc-safe-setup --plugin credential-guard

Risk Indicators

Executes bash commandsModifies files

Source

Defined inline in plugin.json manifest

Configuration

PreToolUse

Matcher: Write

Hooks:

command

FILE=$(echo "$CC_TOOL_INPUT" | jq -r '.file_path' 2>/dev/null); if echo "$FILE" | grep -qE '\.env$|\.env\.|credentials|secret'; then echo "BLOCKED: Writing to sensitive file: $FILE" >&2; exit 2; fi

Matcher: Edit

Hooks:

command

FILE=$(echo "$CC_TOOL_INPUT" | jq -r '.file_path' 2>/dev/null); if echo "$FILE" | grep -qE '\.env$|\.env\.|credentials|secret'; then echo "BLOCKED: Editing sensitive file: $FILE" >&2; exit 2; fi

Matcher: Bash

Hooks:

command

CMD=$(echo "$CC_TOOL_INPUT" | jq -r '.command' 2>/dev/null); if echo "$CMD" | grep -qE '(sk|pk|api|key|token|secret|password)[-_]?[a-zA-Z0-9]{20,}'; then echo 'WARNING: Possible API key or token detected in command. Verify no secrets are exposed.' >&2; fi

Matcher: Write

Hooks:

command

FILE=$(echo "$CC_TOOL_INPUT" | jq -r '.file_path' 2>/dev/null); if echo "$FILE" | grep -qE 'serviceaccount.*\.json|key\.json|credentials\.json'; then echo "BLOCKED: Writing to service account file: $FILE" >&2; exit 2; fi

Matcher: Bash

Hooks:

command

CMD=$(echo "$CC_TOOL_INPUT" | jq -r '.command' 2>/dev/null); CONTENT=$(echo "$CC_TOOL_INPUT" | jq -r '.command' 2>/dev/null); if echo "$CONTENT" | grep -qE 'ANTHROPIC_API_KEY|OPENAI_API_KEY|AWS_SECRET|GITHUB_TOKEN|DATABASE_URL' | head -1; then echo 'WARNING: Environment variable with potential secret detected in command.' >&2; fi

Summary

Runs 'npx @nizos/probity --agent claude-code' before Bash, Write, or Edit tool calls to audit operations. Executes bash, affects file writes via PreToolUse matcher.

Similar Hooks

probity

1 event · 1 hook

probity

reins

383

2 events · 10 hooks

reins

ctx

3 events · 21 hooks

ctx

Stats

Parent Repo Stars8

Parent Repo Forks1

Actions

View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.