Alpha Preview: Fidensa is currently in early testing. Scores are for demonstration purposes and are not considered final or reliable.

Hook✓ Certified

liatrio-hooks

Provides cross-platform development workflow automation and code quality enforcement through Claude Code hooks integrated with Liatrio's AI prompts configuration.

/ 100 · Grade B

B = 80–89

“I need to automate development workflows and enforce code quality standards across different platforms using AI-powered hooks.”

developmentautomationcode qualityworkflowai tools

Publisher: liatrio-labsVersion: latestCertified: Apr 1, 2026Expires: Apr 1, 2027Source ↗

liatrio-hooks earned Certified status with a trust score of 87/100 (Grade B). Adversarial testing produced 2 findings (2 high). Security scan flagged 0 findings.

Trust Score Breakdown

Eight weighted signals composing the aggregate trust score

security scan

100% × 15w

15.0

supply chain

100% × 10w

10.0

adversarial

65% × 25w

16.2

provenance

80% × 20w

16.0

consumer confirm

100% × 10w

10.0

behavioral pass

100% × 10w

10.0

contract accuracy

100% × 6w

6.0

uptime

100% × 4w

4.0

Scheme v2.0 · Weights provisional · Consumer confirmations and uptime use pipeline-derived baselines.

Findings

Security scan results, adversarial testing, and pipeline review

Security Scan — Cisco Skill Scanner

cisco-skill-scannerFAIL

staticbehavioralllmmeta

critical: 0high: 0medium: 0low: 0

Adversarial Testing — 6 categories, 2 findings

prompt injection chainsprivilege escalationdata exfiltration side channelscapability squattingcontext poisoningdependency confusion

highReviewcapability squattingsuspected

The skill defines multiple executable command hooks (SessionStart, SessionEnd, PreToolUse, PostToolUse, etc.) that will run external commands, but there are no visible skill instructions or documentation explaining what these hooks do. The hooks execute 'entire hooks claude-code' commands with various parameters, but the behavior and purpose of these commands is not documented in the skill content.

highWarndependency confusionconfirmed

The skill defines multiple hooks that execute 'entire hooks claude-code' commands with various parameters (post-task, pre-task, session-start, etc.). These commands are not declared in the skill's dependencies list, which is empty. The 'entire' command appears to be an external binary or script that gets executed at various lifecycle events, creating an undeclared dependency that bypasses user review.

Methodology v1.0 · 6 categories · ~55 attack patterns

Interface

Skill triggers and instruction summary

Activation

Binds to lifecycle events: PostToolUse, PreToolUse, SessionEnd, SessionStart, Stop, UserPromptSubmit

Hook configuration with 7 handler(s)

Instructions: 7Files: 1Format: hook_json

Scope & Permissions

What this capability can and cannot access — derived from pipeline analysis

✓creates files

✓deletes files

✓modifies files

✓accesses env variables

⚠invokes external tools

yes

✓makes network requests

Badge & Integration

Embed certification status in your README, docs, or CI pipeline

badge SVG →attestation API →integration guide →

Certification Notes

Provenance observations from the pipeline

publisher

Publisher "liatrio-labs" is not verified — first certification from this publisher

provenance

Single contributor — no peer review evidence in commit history

provenance

Package description appears to be boilerplate or template text

Signed Artifact

Certification provenance and verification metadata

Content hash

sha256:2f75eb67229f3ec8230c2f540fe593730969638ba6bae2bd8daea6f68c5ec498

Key ID

kms-9db4ed3b9f53

Certified

Apr 1, 2026

Expires

Apr 1, 2027

Pipeline version

1.0

Status

valid

Annotated Filedownload →

The original instruction file with a certification footer appended. Replace the source file in your project so AI agents see the trust score, verification link, and SOP.

.cert.jsondownload →

ES256-signed JWS artifact for programmatic verification. Use with the Fidensa MCP server or GitHub Action to validate integrity.