Hook◉ Verified

johnlindquist-claude-hooks

Provides TypeScript-typed hooks for Claude Code lifecycle events including PreToolUse, PostToolUse, and session management.

/ 100 · Grade F-D

F-D = below 60 (deductions)

“I need to integrate TypeScript-typed lifecycle hooks into my Claude Code application for managing tool usage and session events.”

development-toolstypescriptclaude-integrationevent-handling

Publisher: johnlindquistVersion: latestCertified: Mar 28, 2026Expires: Mar 28, 2027Source ↗

johnlindquist-claude-hooks earned Verified status with a trust score of 60/100 (Grade F-D). Adversarial testing produced 7 findings (6 high, 1 medium). Security scan flagged 0 findings. Tier is Verified rather than Certified due to unmitigated findings above severity thresholds.

Trust Score Breakdown

Eight weighted signals composing the aggregate trust score

security scan

100% × 15w

15.0

supply chain

100% × 10w

10.0

adversarial

0% × 25w

0.0

provenance

80% × 20w

16.0

consumer confirm

60% × 10w

6.0

behavioral pass

60% × 10w

6.0

contract accuracy

100% × 6w

6.0

uptime

100% × 4w

4.0

Scheme v2.0 · Weights provisional · Consumer confirmations and uptime use pipeline-derived baselines.

Findings

Security scan results, adversarial testing, and pipeline review

Security Scan — Cisco Skill Scanner

cisco-skill-scannerFAIL

staticbehavioralllmmeta

critical: 0high: 0medium: 0low: 0

Adversarial Testing — 6 categories, 7 findings

prompt injection chainsprivilege escalationdata exfiltration side channelscapability squattingcontext poisoningdependency confusion

highWarnprompt injection chainsconfirmed

The skill executes shell commands using spawn() with user-provided content that could contain shell metacharacters. Multiple injection points exist: (1) In init.js, the command 'bun .claude/hooks/index.ts' is constructed and executed where user could control the working directory or file contents, (2) The skill runs 'bun init -y' and 'bun add -d @types/node' in user-controlled directories, (3) File paths from user input are used directly in fs operations and command construction without sanitization.

highWarnprivilege escalationconfirmed

The skill contains multiple instructions that direct the agent to perform system-level modifications outside the project scope, including global package installation, system PATH modification, and shell profile alterations.

highWarnprivilege escalationconfirmed

The skill automatically executes commands with force flags and bypasses user confirmation in several scenarios, including overwriting existing files and running package installations without user interaction.

mediumReviewdata exfiltration side channelssuspected

The skill includes session tracking functionality that logs hook execution data and payloads to system temp directory. While this appears to be for debugging purposes, it could inadvertently capture sensitive information from tool usage or notifications.

highReviewdata exfiltration side channelssuspected

The skill instructions include a curl command to install Bun runtime from an external URL (https://bun.sh/install). While this appears legitimate for the tool's functionality, it represents an undocumented external network dependency that could be a vector for supply chain attacks.

highReviewcapability squattingsuspected

The skill contains a very large amount of code and configuration files (540,201 characters total) that could potentially hide instructions or create confusion about the actual scope of the skill. While this appears to be a legitimate CLI tool for Claude hooks, the sheer volume of content makes it difficult to verify all components are necessary and properly documented.

highWarndependency confusionconfirmed

The skill executes 'bun add -d @types/node' and 'bun init -y' commands to install packages that are not listed in the skill's declared dependencies array, which is empty. This bypasses dependency review and could potentially install malicious packages.

Methodology v1.0 · 6 categories · ~55 attack patterns