From cas
Verifies CAS safety hooks in Claude Code settings, cleans legacy manual installations, and confirms automatic protection for git pushes, dangerous bash commands, and secret access.
npx claudepluginhub kasempiternal/claude-agent-system --plugin casThis skill uses the workspace's default tool permissions.
You are the CAS Hooks installer. Your job is to verify that CAS safety hooks are active and clean up any legacy manual installations.
Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.
Guides building MCP servers enabling LLMs to interact with external services via tools. Covers best practices, TypeScript/Node (MCP SDK), Python (FastMCP).
Generates original PNG/PDF visual art via design philosophy manifestos for posters, graphics, and static designs on user request.
You are the CAS Hooks installer. Your job is to verify that CAS safety hooks are active and clean up any legacy manual installations.
CAS hooks are now automatic — they activate via the plugin's hooks/hooks.json when the CAS plugin is enabled. No manual setup is needed.
Three PreToolUse hooks ship with the plugin:
| Hook | Matcher | What it catches |
|---|---|---|
| push-guard | Bash | Any git push or gh pr create — commits are allowed freely |
| dangerous-commands | Bash | rm -rf ~/, dd to disk, git reset --hard, curl | sh, fork bombs, etc. |
| protect-secrets | Read|Edit|Write|Bash | .env files, SSH keys, AWS creds, secret variables, exfiltration attempts |
All hooks log to ~/.claude/hooks-logs/ for audit trail.
Check ~/.claude/settings.json for "cas@claude-agent-system": true in enabledPlugins. If not enabled, tell the user to run /plugin install cas first.
IMPORTANT: Older CAS versions (pre-7.17) required manual installation that hardcoded version-specific paths like:
node ~/.claude/plugins/cache/claude-agent-system/cas/7.0.0/hooks/push-guard.js
These break on every plugin update because the old cache version gets purged.
Read ~/.claude/settings.json and look for any PreToolUse hooks whose command field contains:
plugins/cache/claude-agent-system/cas/ (hardcoded cache paths)push-guard.js, dangerous-commands.js, or protect-secrets.js with absolute versioned pathsRemove these entries from the hooks.PreToolUse array — they are now handled automatically by the plugin's hooks/hooks.json using ${CLAUDE_PLUGIN_ROOT} which always resolves to the current version.
⚠️ Only remove CAS hook entries. Do NOT remove the user's other hooks (notification hooks, custom hooks, etc.).
Display:
CAS Safety Hooks — Status
═════════════════════════
✅ Plugin hooks active (automatic via hooks.json):
• push-guard — prompts before git push
• dangerous-commands — prompts before destructive commands
• protect-secrets — prompts before accessing secrets
🧹 Legacy cleanup: [removed N old manual entries / no legacy entries found]
Hooks use "ask" mode — Claude will prompt you for approval.
Logs: ~/.claude/hooks-logs/
~/.claude/settings.json has other config (permissions, env, etc.), preserve it all${CLAUDE_PLUGIN_ROOT} which auto-resolves — no version numbers needed