Knox • Security Plugin

The plugin's code, hooks, and instructions are consistent with a Claude Code out‑of‑process security enforcement tool; nothing requested is disproportionate to that purpose, but review install scripts, webhook targets, and audit-log placement before installing.

This skill appears to be what it claims: an out‑of‑process security hook for Claude Code. Before installing, do these checks: (1) If you plan to use the manual git/npm install path, inspect scripts/postinstall.js and any npm lifecycle scripts — npm install can run arbitrary code. (2) Review and control the configured audit path and file permissions so sensitive data isn't written to a location you don't expect. (3) If you enable alerts/webhooks, verify the webhook endpoint is trusted (a webhook could receive metadata about detections). (4) Confirm you are comfortable with the plugin reading files passed to hooks (InstructionsLoaded, ConfigChange) — this is required for its scanning function. (5) Keep in mind the plugin runs node processes on every tool call (added latency) and has self‑protection that prevents easy local disabling; that is intentional but means removing it may require manual edits. If you want more assurance, review lib/config.js, scripts/postinstall.js, and the writeAudit implementation before enabling in production.