Stats
Actions
Tags
From audiobook-organizer
Blocks Bash tool calls that attempt to run `git worktree add`, preventing accidental worktree creation. Executes a shell script to inspect and reject matching commands.
1 event · 1 hook
Safety signals detected in this hook configuration
Where this hook configuration is defined
Defined in hooks/hooks.json
Event handlers and matchers — expand Raw Configuration for the full JSON
Bashbash -c 'CMD=$(echo "$CLAUDE_TOOL_INPUT" | python3 -c "import sys,json; d=json.load(sys.stdin); print(d.get(\"command\",\"\"))" 2>/dev/null || echo ""); if ! echo "$CMD" | grep -qE "git commit"; then exit 0; fi; ROOT=$(git rev-parse --show-toplevel 2>/dev/null || pwd); ALLOWLIST="$ROOT/.pii-allowlist"; FINDINGS=""; while IFS= read -r f; do [ -f "$ROOT/$f" ] || continue; lineno=0; while IFS= read -r line || [ -n "$line" ]; do lineno=$((lineno+1)); if echo "$line" | grep -qE "172\.16\.|192\.168\.|10\.[0-9]+\.[0-9]+\."; then FINDINGS="$FINDINGS\nPII BLOCKER: $f:$lineno -- private IP address"; fi; if echo "$line" | grep -qE "abk_[A-Za-z0-9]{8,}|sk-[A-Za-z0-9]{20,}|Bearer [A-Za-z0-9]{20,}"; then FINDINGS="$FINDINGS\nPII BLOCKER: $f:$lineno -- credential or token pattern"; fi; done < "$ROOT/$f"; done < <(git diff --cached --name-only 2>/dev/null); if [ -z "$FINDINGS" ]; then exit 0; fi; if [ -f "$ALLOWLIST" ]; then while IFS= read -r allow || [ -n "$allow" ]; do [ -z "$allow" ] && continue; [[ "$allow" == \#* ]] && continue; FINDINGS=$(echo -e "$FINDINGS" | grep -v "$allow"); done < "$ALLOWLIST"; fi; if [ -n "$FINDINGS" ]; then echo "BLOCKED: PII found in staged files. Fix before committing or add to .pii-allowlist."; echo -e "$FINDINGS" | head -20; exit 2; fi; exit 0'10msnpx claudepluginhub falkcorp/audiobook-organizer --plugin audiobook-organizer