Alpha Preview: Fidensa is currently in early testing. Scores are for demonstration purposes and are not considered final or reliable.

Plugin◉ Verified

disler-hooks-mastery

A comprehensive Claude extension suite that provides 12+ lifecycle hooks, sub-agents, slash commands, and output styles for automated logging, security enforcement, text-to-speech feedback, and multi-agent orchestration.

/ 74 · Grade F-D

F-D = below 60 (deductions)

“I need to extend Claude's functionality with comprehensive automation, security enforcement, logging capabilities, and multi-agent orchestration through a unified plugin system.”

AI-ExtensionsDevelopment-ToolsAutomationSecurityMulti-Agent-SystemsCode-Hooks

Publisher: dislerVersion: latestCertified: Apr 1, 2026Expires: Apr 1, 2027Source ↗

disler-hooks-mastery earned Verified status with a trust score of 49/74 (Grade F-D). Adversarial testing produced 4 findings (4 high). Supply chain is clean — 18 components with no known vulnerabilities. Tier is Verified rather than Certified due to unmitigated findings above severity thresholds.

Trust Score Breakdown

Eight weighted signals composing the aggregate trust score

security scan

100% × 15w

15.0

supply chain

100% × 10w

10.0

adversarial

38% × 25w

9.5

provenance

100% × 20w

20.0

consumer confirm

0% × 10w

0.0

behavioral pass

0% × 10w

0.0

contract accuracy

0% × 6w

0.0

uptime

100% × 4w

4.0

Scheme v2.0 · Weights provisional · Consumer confirmations and uptime use pipeline-derived baselines.

Findings

Security scan results, adversarial testing, and pipeline review

Security Scan — Cisco Skill Scanner

cisco-skill-scannerSKIPPED

critical: 0high: 0medium: 0low: 0

Adversarial Testing — 6 categories, 4 findings

prompt injection chainsprivilege escalationdata exfiltration side channelscapability squattingcontext poisoningdependency confusion

highWarnprompt injection chainsconfirmed

Several hook scripts directly incorporate user-provided content (prompts, tool inputs, file paths) into their processing logic without explicit data boundary markers. The user_prompt_submit.py hook processes raw user prompts, and pre_tool_use.py processes tool inputs that could contain instruction-like content. While these hooks have some validation, they don't explicitly mark user content as data-only, creating potential injection surfaces.

highWarnprompt injection chainsconfirmed

Multiple hook scripts execute system commands and file operations using user-provided content as parameters. The pre_tool_use.py hook processes bash commands from user input, and various hooks perform file operations with user-controlled paths. While there is some validation for dangerous patterns, the parameter injection surface remains significant, especially for path traversal and command injection through tool parameters.

highWarncapability squattingconfirmed

Multiple hook scripts contain conditional logic that references system state the user wouldn't anticipate, including environment variables (ENGINEER_NAME, ELEVENLABS_API_KEY, OPENAI_API_KEY), file existence checks, and system capabilities. These conditionals can alter behavior based on hidden system state rather than user-visible inputs.

highReviewcapability squattingconfirmed

The plugin declares 6 agents, 15 commands, 1 hook, and 35 scripts totaling 57 components, which is unusually large for a 'mastery' tutorial. This volume could obscure malicious content within legitimate educational material, making thorough review difficult.

Methodology v1.0 · 6 categories · ~55 attack patterns

Supply Chain

SBOM analysis and vulnerability assessment

Components

Direct deps

Transitive deps

Total vulns

Format: CycloneDX 1.5 · Generated: Apr 1, 2026

Component Inventory

57 components composing this plugin

agents

commands

hook

scripts

agents (6)

crypto.claude/agents/crypto

hello-world-agent.claude/agents/hello-world-agent.md

llm-ai-agents-and-eng-research.claude/agents/llm-ai-agents-and-eng-research.md

meta-agent.claude/agents/meta-agent.md

team.claude/agents/team

work-completion-summary.claude/agents/work-completion-summary.md

commands (15)

agent_prompts.claude/commands/agent_prompts

all_tools.claude/commands/all_tools.md

build.claude/commands/build.md

cook.claude/commands/cook.md

cook_research_only.claude/commands/cook_research_only.md

crypto_research.claude/commands/crypto_research.md

crypto_research_haiku.claude/commands/crypto_research_haiku.md

git_status.claude/commands/git_status.md

plan.claude/commands/plan.md

plan_w_team.claude/commands/plan_w_team.md

prime.claude/commands/prime.md

prime_tts.claude/commands/prime_tts.md

question.claude/commands/question.md

sentient.claude/commands/sentient.md

update_status_line.claude/commands/update_status_line.md

hooks (1)

settings-hooks.claude/settings.json

scripts (35)

notification.claude/hooks/notification.py

permission_request.claude/hooks/permission_request.py

post_tool_use.claude/hooks/post_tool_use.py

post_tool_use_failure.claude/hooks/post_tool_use_failure.py

pre_compact.claude/hooks/pre_compact.py

pre_tool_use.claude/hooks/pre_tool_use.py

session_end.claude/hooks/session_end.py

session_start.claude/hooks/session_start.py

setup.claude/hooks/setup.py

stop.claude/hooks/stop.py

subagent_start.claude/hooks/subagent_start.py

subagent_stop.claude/hooks/subagent_stop.py

user_prompt_submit.claude/hooks/user_prompt_submit.py

anth.claude/hooks/utils/llm/anth.py

oai.claude/hooks/utils/llm/oai.py

ollama.claude/hooks/utils/llm/ollama.py

task_summarizer.claude/hooks/utils/llm/task_summarizer.py

elevenlabs_tts.claude/hooks/utils/tts/elevenlabs_tts.py

openai_tts.claude/hooks/utils/tts/openai_tts.py

pyttsx3_tts.claude/hooks/utils/tts/pyttsx3_tts.py

tts_queue.claude/hooks/utils/tts/tts_queue.py

ruff_validator.claude/hooks/validators/ruff_validator.py

ty_validator.claude/hooks/validators/ty_validator.py

validate_file_contains.claude/hooks/validators/validate_file_contains.py

validate_new_file.claude/hooks/validators/validate_new_file.py

status_line.claude/status_lines/status_line.py

status_line_v2.claude/status_lines/status_line_v2.py

status_line_v3.claude/status_lines/status_line_v3.py

status_line_v4.claude/status_lines/status_line_v4.py

status_line_v5.claude/status_lines/status_line_v5.py

status_line_v6.claude/status_lines/status_line_v6.py

status_line_v7.claude/status_lines/status_line_v7.py

status_line_v8.claude/status_lines/status_line_v8.py

status_line_v9.claude/status_lines/status_line_v9.py

helloapps/hello.py

Interface

Aggregated instruction summary

Instructions: 0Files: 0Format: composite

Scope & Permissions

What this capability can and cannot access — derived from pipeline analysis

✓creates files

✓deletes files

⚠modifies files

yes

⚠accesses env variables

yes

⚠invokes external tools

yes

✓makes network requests

Badge & Integration

Embed certification status in your README, docs, or CI pipeline

badge SVG →attestation API →integration guide →

Certification Notes

Provenance observations from the pipeline

publisher

Publisher "disler" is not verified — first certification from this publisher

provenance

No license file found in repository

provenance

No SECURITY.md or SECURITY.txt file found — no published vulnerability reporting process

provenance

Single contributor — no peer review evidence in commit history

provenance

Package description appears to be boilerplate or template text

Signed Artifact

Certification provenance and verification metadata

Content hash

sha256:f7c525260d4d8c6dbc1f7503e2dffb7a0c58173b93b42ab2b93297a953b5c5d3

Key ID

kms-9db4ed3b9f53

Certified

Apr 1, 2026

Expires

Apr 1, 2027

Pipeline version

1.0

Status

valid

Annotated Filedownload →

The original instruction file with a certification footer appended. Replace the source file in your project so AI agents see the trust score, verification link, and SOP.

.cert.jsondownload →

ES256-signed JWS artifact for programmatic verification. Use with the Fidensa MCP server or GitHub Action to validate integrity.