Agent Hooks
v1.1.0Claude Code Stop/PreToolUse/PostToolUse hook 脚本集。当 agent 提前停止、工具反复失败、或以投机语言完成任务时自动干预。每个脚本是独立的 bash hook,配到 settings.json 即可生效。不用于设计决策(用 harness-design-patter...
⭐ 0· 80·0 current·0 all-time
by_silhouette@lanyasheng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The scripts implement Stop/PreToolUse/PostToolUse hooks and only require local session state under $HOME; this matches the 'agent-hooks' description. Minor inconsistency: SKILL.md and the scripts expect an NC_SESSION env var and write state to $HOME/.openclaw/shared-context/sessions, but the registry metadata lists no required env vars and the install example references ~/.claude/settings.json — the differing config paths and the undocumented NC_SESSION requirement should be clarified.
Instruction Scope
Instructions are narrowly scoped to hook behavior: read hook JSON from stdin, write/read per-session state files under $HOME/.openclaw/shared-context/sessions, and optionally run local linters/diagnostics (ruff, pyright, tsc, cargo, go, shellcheck) if present. They do not call external network endpoints or request unrelated system credentials. Concerns: the SKILL.md example shows adding commands to ~/.claude/settings.json while the scripts actually use ~/.openclaw for session state — this mismatch could cause user misconfiguration. Also the skill expects NC_SESSION (session id) to be present at runtime but that env var is not declared in registry metadata.
Install Mechanism
There is no automated install spec (instruction-only deployment). The package includes bash scripts and tests; nothing is downloaded from external URLs and no archives are extracted. This is low risk, but installing requires placing scripts on disk and wiring them into your settings.json.
Credentials
The skill does not request API keys or secrets. It does rely on NC_SESSION and $HOME for session identification and storage; NC_SESSION is used by every script but is not declared in the registry metadata. The scripts also use common utilities (jq, md5/md5sum/shasum, optionally python3) and may call local developer tools (pyright, ruff, npx, cargo, go, shellcheck) if available — these are reasonable for diagnostics but you should be aware linters/tools will be invoked on file paths provided by the agent.
Persistence & Privilege
Skill does not request 'always: true' and is user-invocable. Scripts create and update per-session files under $HOME/.openclaw/shared-context/sessions (state, cancel signals, error trackers). This file-write persistence is expected for a hook system, but combined with Stop hook behavior it means a hooked agent can be prevented from stopping until safety valves trigger — review the safety valve implementations and ensure you trust the scripts before enabling Stop hooks on live/high-privilege agents.
Assessment
What to check before installing:
- Confirm the session directory and settings file: the SKILL.md example mentions ~/.claude/settings.json but the scripts use $HOME/.openclaw/shared-context/sessions. Decide which path you will use and update scripts/settings consistently.
- Provide NC_SESSION at runtime (NC_SESSION is required by the scripts but not declared in metadata). Without it hooks will often permissively allow stop or exit silently.
- Inspect the scripts yourself (they're plain bash and included here). They only read stdin and write session files, and they do not contact external servers, but they will run local linters/commands if present — make sure those tools are safe in your environment.
- Be cautious when enabling Stop hooks: they intentionally block agent termination to force continued work. Confirm you trust the hook logic and its safety valves (auth/cancel/stale/max iterations) before enabling in production or with sensitive agents.
- Consider testing in an isolated environment (temporary HOME) first. The repo includes unit tests that simulate behavior; run them in a sandbox to verify behavior with your platform's jq/md5/python tool availability.
- If you want the metadata to match runtime needs, ask the maintainer to declare NC_SESSION in requires.env and to clarify the config paths in SKILL.md/metadata.Like a lobster shell, security has layers — review code before you run it.
latestvk97drxsdctykfd35drwfwzw5gx84b7s2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.