Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.
- Source URLs
- https://code.claude.com/docs/en/hooks, https://github.com/gitleaks/gitleaks
- Safety notes
- Runs before every Write, Edit, and MultiEdit and reads the pending content from the tool input on stdin., Blocks the write with exit code 2 when a high-confidence secret pattern matches; no files are created, deleted, or modified by the hook itself., Uses regex heuristics, so it can produce false positives (block a non-secret) or false negatives (miss an obfuscated secret); treat it as a guardrail, not proof of safety., Makes no network calls and runs entirely locally., Safe for user-level settings only when the command points to a trusted script you installed under your home directory; do not configure global hooks to execute scripts from `$CLAUDE_PROJECT_DIR`.
- Privacy notes
- Reads the text about to be written but never prints the matched secret value; only the detected secret type and the target file path are written to stderr., Writes nothing to disk and retains no logs., The target file path shown in the message may reveal local directory structure in your terminal output.
- Author
- jony376
- Submitted by
- jony376
- Claim status
- unclaimed
- Last verified
- 2026-06-04