Claude Hooks

A collection of security and utility hooks for Claude Code. Hooks allow you to extend Claude Code's behavior by running custom scripts at key points during execution.

Research Paper: For detailed analysis of indirect prompt injection vulnerabilities in Claude Code, see: The Hidden Backdoor in Claude Coding Assistant

Available Hooks

🛡️ Prompt Injection Defender

Defense against indirect prompt injection attacks. Scans tool outputs (files, web pages, command results) for injection attempts and warns Claude about suspicious content via PostToolUse hooks.

Quick Start

Option 1: Interactive Installation (Recommended)

If you have this repo added as a Claude Code skill, simply tell Claude:

"install the prompt injection defender"

Claude will handle the entire installation process for you.

Option 2: Install Script

# Clone this repo, then run the installer pointing to your project
git clone https://github.com/lasso-security/claude-hooks.git
cd claude-hooks
./install.sh /path/to/your-project

What gets installed

The installer copies hook files to your project and configures Claude Code:

your-project/
└── .claude/
    ├── hooks/
    │   └── prompt-injection-defender/
    │       ├── post-tool-defender.py
    │       └── patterns.yaml
    └── settings.local.json  ← hook configuration

📖 For manual installation and more options, see