| name | hooks-eval |
| description | Use this skill BEFORE deploying hooks to production. Use when auditing existing hooks for security vulnerabilities, benchmarking hook performance, implementing hooks using Python SDK, understanding hook callback signatures, validating hooks against compliance standards. Do not use when deciding hook placement - use hook-scope-guide instead. DO NOT use when: writing hook rules from scratch - use hook-authoring instead. DO NOT use when: validating plugin structure - use validate-plugin instead. |
| category | hook-management |
| tags | ["hooks","evaluation","security","performance","claude-sdk","agent-sdk"] |
| dependencies | ["hook-scope-guide"] |
| provides | {"infrastructure":["hook-evaluation","security-scanning","performance-analysis"],"patterns":["hook-auditing","sdk-integration","compliance-checking"],"sdk_features":["python-sdk-hooks","hook-callbacks","hook-matchers"]} |
| estimated_tokens | 1200 |
| modules | ["modules/evaluation-criteria.md","modules/sdk-hook-types.md"] |
Table of Contents
Hooks Evaluation Framework
Overview
This skill provides a detailed framework for evaluating, auditing, and implementing Claude Code hooks across all scopes (plugin, project, global) and both JSON-based and programmatic (Python SDK) hooks.
Key Capabilities
- Security Analysis: Vulnerability scanning, dangerous pattern detection, injection prevention
- Performance Analysis: Execution time benchmarking, resource usage, optimization
- Compliance Checking: Structure validation, documentation requirements, best practices
- SDK Integration: Python SDK hook types, callbacks, matchers, and patterns
Core Components
| Component | Purpose |
|---|
| Hook Types Reference | Complete SDK hook event types and signatures |
| Evaluation Criteria | Scoring system and quality gates |
| Security Patterns | Common vulnerabilities and mitigations |
| Performance Benchmarks | Thresholds and optimization guidance |
Quick Reference
Hook Event Types
HookEvent = Literal[
"PreToolUse",
"PostToolUse",
"UserPromptSubmit",
"Stop",
"SubagentStop",
"TeammateIdle",
"TaskCompleted",
"PreCompact"
]
Verification: Run the command with --help flag to verify availability.
Note: Python SDK does not support SessionStart, SessionEnd, or Notification hooks due to setup limitations. However, plugins can define SessionStart hooks via hooks.json using shell commands (e.g., leyline's detect-git-platform.sh).
Plugin-Level hooks.json
Plugins can declare hooks via "hooks": "./hooks/hooks.json" in plugin.json. The evaluator validates:
- Referenced hooks.json exists and is valid JSON
- Shell commands referenced in hooks exist and are executable
- Hook matchers use valid event types
Hook Callback Signature
async def my_hook(
input_data: dict[str, Any],
tool_use_id: str | None,
context: HookContext
) -> dict[str, Any]:
...
Verification: Run the command with --help flag to verify availability.
Return Values
return {
"decision": "block",
"systemMessage": "...",
"hookSpecificOutput": {...}
}
Verification: Run the command with --help flag to verify availability.
Quality Scoring (100 points)
| Category | Points | Focus |
|---|
| Security | 30 | Vulnerabilities, injection, validation |
| Performance | 25 | Execution time, memory, I/O |
| Compliance | 20 | Structure, documentation, error handling |
| Reliability | 15 | Timeouts, idempotency, degradation |
| Maintainability | 10 | Code structure, modularity |
Detailed Resources
- SDK Hook Types: See
modules/sdk-hook-types.md for complete Python SDK type definitions, patterns, and examples
- Evaluation Criteria: See
modules/evaluation-criteria.md for detailed scoring rubric and quality gates
- Security Patterns: See
modules/sdk-hook-types.md for vulnerability detection and mitigation
- Performance Guide: See
modules/evaluation-criteria.md for benchmarking and optimization
Basic Evaluation Workflow
/hooks-eval --detailed
/hooks-eval --security-only --format sarif
/hooks-eval --performance-baseline
/hooks-eval --compliance-report
Verification: Run the command with --help flag to verify availability.
Integration with Other Tools
/hooks-eval --detailed
/analyze-hook hooks/specific.py
/validate-plugin .
Verification: Run the command with --help flag to verify availability.
Related Skills
abstract:hook-scope-guide - Decide where to place hooks (plugin/project/global)abstract:hook-authoring - Write hook rules and patternsabstract:validate-plugin - Validate complete plugin structure
Troubleshooting
Common Issues
Hook not firing
Verify hook pattern matches the event. Check hook logs for errors
Syntax errors
Validate JSON/Python syntax before deployment
Permission denied
Check hook file permissions and ownership
