Install payload
Install payload is broadly covered in current results.
100% (12/12)
Reviewed filter active — add entries to compare trust side by side.
Trust signals across 40 of 87 results
2 trust signals differ in this sample: Source provenance, Submitter
Signals differ on Source provenance, Submitter — add entries to compare before you install.
Rollout signal scan
Biggest gaps: package integrity. 0 entries have 2+ required gaps.
Install payload
Install payload is broadly covered in current results.
100% (12/12)
Most at-risk entries in this view
Package Lock Risk Detector Hook for Claude Code
No required rollout gaps
Destructive SQL Bash Guardrail Hook
No required rollout gaps
Hardcoded Secret Pre-Write Guard Hook
No required rollout gaps
MCP Config Privacy Scanner - Claude Code Hook
No required rollout gaps
MCP Server URL Allowlist - Claude Code Hook
No required rollout gaps
Adoption queue
0/87 visible results are ready for staged adoption under this preset.
No required blockers for this preset.
64/100
Collect package checksum or signed artifact information.
hooks/accessibility-checker · trust review · confidence 83%
No required blockers for this preset.
64/100
Collect package checksum or signed artifact information.
hooks/api-endpoint-documentation-generator · trust review · confidence 83%
No required blockers for this preset.
64/100
Collect package checksum or signed artifact information.
hooks/api-schema-drift-detector · trust review · confidence 83%
No required blockers for this preset.
64/100
Collect package checksum or signed artifact information.
hooks/auto-code-formatter-hook · trust review · confidence 83%
No required blockers for this preset.
64/100
Collect package checksum or signed artifact information.
hooks/auto-save-backup · trust review · confidence 83%
No required blockers for this preset.
64/100
Collect package checksum or signed artifact information.
hooks/aws-cloudformation-validator · trust review · confidence 83%
No required blockers for this preset.
64/100
Collect package checksum or signed artifact information.
hooks/biome-check-hook · trust review · confidence 83%
No required blockers for this preset.
64/100
Collect package checksum or signed artifact information.
hooks/cloud-backup-on-session-stop · trust review · confidence 83%
Decision confidence
0/87 results are high-confidence for the selected preset.
Address Package integrity before broader rollout.
68/100
hooks/accessibility-checker · trust review
Address Package integrity before broader rollout.
68/100
hooks/api-endpoint-documentation-generator · trust review
Address Package integrity before broader rollout.
68/100
hooks/api-schema-drift-detector · trust review
Address Package integrity before broader rollout.
68/100
hooks/auto-code-formatter-hook · trust review
Address Package integrity before broader rollout.
68/100
hooks/auto-save-backup · trust review
Address Package integrity before broader rollout.
68/100
hooks/aws-cloudformation-validator · trust review
Address Package integrity before broader rollout.
68/100
hooks/biome-check-hook · trust review
Address Package integrity before broader rollout.
68/100
hooks/cloud-backup-on-session-stop · trust review
Freshness distribution
Median age 44 days; all 12 scanned entries are within 90 days.
Theme distribution
58% of this view shares the top theme. Leading themes: hooks, claude-code, security.
78 distinct themes across 24 scanned
PostToolUse hook that flags risky package-lock.json, yarn.lock, and pnpm-lock.yaml edits: missing lockfile updates, unexpected registry hosts, and dependency count spikes before merge.
PreToolUse Bash guardrail implementing the Claude Code hooks guide drop-table example: exit 2 with stderr feedback when Bash command text contains a case-insensitive DROP TABLE pattern.
PreToolUse Write and Edit guardrail combining the hooks guide protected-file pattern with a local scan for common hardcoded credential shapes called out by GitHub secret scanning guidance before content is written.
PreToolUse hook that reviews proposed writes to MCP configuration files and blocks inline credential values, credential-bearing URLs, and broad filesystem roots before they are saved.
PreToolUse hook that blocks edits adding remote MCP server URLs unless their host appears in an explicit allowlist, reducing accidental connection to unreviewed OAuth, SSE, or Streamable HTTP MCP endpoints.
PreToolUse hook that reviews proposed Bash commands for package, installer, and archive downloads, then blocks curl or wget download commands that do not include an adjacent checksum or signature verification step.
Read-only Claude Code Stop hook that checks the current GitHub pull request title against a Conventional Commits style pattern before the session ends, then falls back to the latest commit subject when no PR title is available.
PreToolUse hook that scans proposed writes to prompt, agent, rule, markdown, and context files for common prompt-injection phrases before the content is saved into an AI-readable surface.
PostToolUse hook that compares a just-edited OpenAPI or JSON Schema document against the version committed in git and warns about backward-incompatible drift — removed OpenAPI paths and removed required properties — so breaking API changes are surfaced before they ship. Advisory only; it never blocks the edit.
Read-only Claude Code PostToolUse hook that runs Biome's formatter, linter, and import-sorting checks on edited JavaScript, TypeScript, JSON, CSS, and GraphQL files without auto-writing changes.
Read-only Claude Code PostToolUse hook that checks edited Cloudflare Wrangler config files for required Worker fields, environment inheritance traps, secret-like vars, deprecated Workers Sites usage, and source-of-truth drift before Claude continues.
PreToolUse hook that inspects a database migration before it is written and blocks irreversible or lock-heavy operations — DROP TABLE/COLUMN, TRUNCATE, table/column RENAME, and CREATE INDEX without CONCURRENTLY — following the strong_migrations safe-migration checks.
Read-only Claude Code PostToolUse hook that runs Hadolint diagnostics after Claude writes or edits Dockerfile-like files, surfacing Dockerfile best practice, inline shell, trusted registry, label, and configuration findings without rewriting files.
PostToolUse hook that flags two review hazards as Claude writes files: edits to generated or vendored artifacts (lockfiles, minified bundles, source maps, dist/build output, snapshots, protobuf output) and oversized diffs that change more lines than a configurable threshold versus the committed version.
PostToolUse hook that inspects an edited npm package-lock.json for supply-chain provenance risk rather than known CVEs — dependencies resolved from outside the public npm registry (git, alternate-registry, or insecure transports) and registry tarballs missing an integrity hash.
PostToolUse hook that watches dependency manifest and lockfile edits, then prompts or runs an OSS Review Toolkit dependency license analysis.
PreToolUse hook that scans the exact text Claude Code is about to write or edit for high-confidence secret formats (AWS access keys, GitHub tokens, OpenAI keys, Slack tokens, Google API keys, Stripe keys, and private key blocks) and blocks the write with a non-zero exit before the secret ever reaches disk.
PostToolUse hook that keeps a project's README in sync with the code. When the README or package.json is edited it checks for the standard-readme core sections (Install and Usage) and verifies that the CLI commands exposed via package.json bin are documented. Advisory only; it never edits files.
PostToolUse hook that catches unintended UI changes by pixel-diffing a just-saved screenshot against its baseline with odiff.
Read-only Claude Code PostToolUse hook that runs ShellCheck diagnostics after Claude writes or edits shell scripts, reporting shell portability, quoting, expansion, error-handling, and command-safety issues without modifying files.
Read-only Claude Code PostToolUse hook that runs shfmt diff checks after Claude writes or edits shell scripts, surfacing POSIX shell, Bash, Zsh, and mksh formatting drift without rewriting files or executing scripts.
SessionStart hook that prints a daily Claude Code retro at the top of every session — competency grade (0–100, A–F), 14-day efficiency sparklines, and a year-long contributions heatmap.
A PostToolUse hook that reminds you to enable native query logging for PostgreSQL, Prisma, Sequelize, and TypeORM, and flags possible N+1 patterns when you edit SQL or data-access files.
A Claude Code SessionEnd hook that scans a project for dead code and writes a report to .claude/reports. It runs available tools per language: ESLint and Knip for JS/TS, autoflake or pylint for Python, Knip for unused npm dependencies, ripgrep for unreferenced src files, and jq to flag zero-coverage files.
Comprehensive Docker image vulnerability scanning with layer analysis, base image recommendations, and security best practices enforcement. This PostToolUse hook automatically scans Docker images for vulnerabilities when Dockerfiles are modified, providing real-time security validation during development.
Automated documentation coverage analysis with missing docstring detection, API documentation validation, and completeness scoring. This PostToolUse hook automatically checks documentation coverage when code files are modified, providing real-time documentation quality validation during development.
Automated accessibility testing and compliance checking for web applications following WCAG 2.1 and WCAG 2.2 guidelines. This hook automatically runs accessibility scans on HTML files after they are written or edited, using axe-core for comprehensive WCAG compliance testing.
PostToolUse hook that extracts JSDoc and pydoc comments from modified API endpoint files and generates OpenAPI 3.1.0-compatible YAML documentation on every save.
Automatically formats code files after Claude writes or edits them using industry-standard formatters including Prettier 3.6.2+ (JavaScript/TypeScript/Web), Black or Ruff (Python), gofmt (Go), and rustfmt (Rust).
Automatically creates timestamped backups of files before modification to prevent data loss. This hook runs before file editing operations (Edit, Write, Multiedit) and creates versioned backups in a centralized .backups directory with ISO 8601-compliant timestamps including nanoseconds for collision prevention.