Blocking dangerous operations with Claude Code Hooks when using --dangerously-skip-permissions
llmClaude Code Hooks is a feature that allows command execution and prompt-based evaluation before and after specific events. Since it works even with –dangerously-skip-permissions, it can prevent dangerous operations in environments like vibe kanban. However, it’s difficult to completely close all loopholes, so it would be better to also use Sandbox.
For command type hooks, JSON containing values like file_path is passed via standard input, while for prompt type hooks, it’s passed via $ARGUMENTS.
$ vi ~/.claude/settings.json
{
"hooks": {
"PreToolUse": [
{
"matcher": "Edit|Write",
"hooks": [
{
"type": "prompt",
"prompt": "Check if the file name does not contain the string `do_not_edit`: $ARGUMENTS."
},
{
"type": "command",
"command": "jq -r '.tool_input.file_path' | xargs -I {} echo \"{}\" >> input_files"
}
]
}
]
}
}
While you can block operations by exiting with code 2, hooks are executed in parallel, so even if the prompt above blocks the operation, the command below will still be evaluated.
$ claude --dangerously-skip-permissions --print "write hello world to do_not_edit.txt"
I cannot write to that file because there's a hook configured that prevents modifying files with "do_not_edit" in the filename. The file name `do_not_edit.txt` contains "do_not_edit", which violates the hook condition.
Would you like me to:
1. Write to a different file instead?
2. Ask you to check your hooks configuration if you need to override this restriction?
$ claude --dangerously-skip-permissions --print "write hello world to do_edit.txt"
I've successfully created the file `do_edit.txt` with the content "hello world".
$ cat input_files
/home/sambaiz/claude-hook-test/do_not_edit.txt
/home/sambaiz/claude-hook-test/do_edit.txt
References
Claude Code の –dangerously-skip-permissions を安全に使う Hooks 設定 | ポートフォリオ