ClawHub

Hook Examples

v1.0.0

Provides code examples demonstrating uses of various OpenClaw hooks to intercept, modify, validate, or block operations at different execution stages.

0· 38·1 current·1 all-time
by@hanxiao-bot·duplicate of @hanxiao-bot/openclaw-hook-examples
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (hook examples) match the provided content: the SKILL.md contains multiple hook examples (before_tool_call, before_model_resolve, subagent_ended, etc.). No unrelated binaries, env vars, or install steps are requested.
Instruction Scope
Instructions stay within the domain of hook usage, but examples include logging full tool params and session context and demonstrate blocking tools and switching provider/models. Logging tool parameters may capture sensitive data (e.g., commands or credentials passed to tools) — the docs show console.log and a comment about writing to a file, so users should avoid copying those snippets into production without sanitization.
Install Mechanism
Instruction-only skill with no install spec or code files. This is the lowest-risk presentation — nothing is downloaded or written to disk by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. The examples reference ctx.session and event payloads that are expected in hook handlers — there is no disproportionate credential access requested.
Persistence & Privilege
always is false and the skill is user-invocable. There is no evidence this skill attempts to modify other skills or request persistent elevated privileges.
Assessment
This is a coherent examples-only skill — it doesn't install code or ask for secrets. Before using any snippet in your environment: (1) avoid logging raw tool params or session data (they may include secrets); sanitize or redact sensitive fields before writing logs; (2) test blocking rules carefully to avoid unintended denial of legitimate operations; (3) be cautious with dynamic model/provider switching (ensure you trust the target provider and model); and (4) don't paste these snippets into production unchanged — add input validation, rate-limiting/timeouts, and error handling as needed.

Like a lobster shell, security has layers — review code before you run it.

latestvk974bzjr8d9qxd64d3zavqjpc1842hwm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments