CC-HK-009: Dangerous Command Pattern - Claude Hooks
Summary
- Rule ID:
CC-HK-009 - Severity:
HIGH - Category:
Claude Hooks - Normative Level:
SHOULD - Auto-Fix:
No - Verified On:
2026-02-09
Applicability
- Tool:
claude-code - Version Range:
unspecified - Spec Revision:
unspecified
Evidence Sources
Test Coverage Metadata
- Unit tests:
true - Fixture tests:
true - E2E tests:
false
Examples
The following examples demonstrate what triggers this rule and how to fix it.
Invalid
{
"hooks": {
"PreToolUse": [
{
"matcher": "Bash",
"hooks": [
{ "type": "command", "command": "rm -rf /", "timeout": 30 }
]
}
]
}
}
Valid
{
"hooks": {
"PreToolUse": [
{
"matcher": "Bash",
"hooks": [
{ "type": "command", "command": "echo $TOOL_INPUT | jq .command", "timeout": 30 }
]
}
]
}
}