hooks-system
Comprehensive lifecycle hook patterns for Claude Code workflows. Use when configuring PreToolUse, PostToolUse, UserPromptSubmit, Stop, or SubagentStop hooks. Covers hook matchers, command hooks, prompt hooks, validation, metrics, auto-formatting, and security patterns. Trigger keywords - "hooks", "PreToolUse", "PostToolUse", "lifecycle", "tool matcher", "hook template", "auto-format", "security hook", "validation hook".
Install
mkdir -p .claude/skills/hooks-system && curl -L -o skill.zip "https://mcp.directory/api/skills/download/6522" && unzip -o skill.zip -d .claude/skills/hooks-system && rm skill.zipInstalls to .claude/skills/hooks-system
About this skill
Hooks System
Version: 1.0.0 Purpose: Lifecycle hook patterns for validation, automation, security, and metrics in Claude Code workflows Status: Production Ready
Overview
Hooks are lifecycle callbacks that execute at specific points in the Claude Code workflow. They enable:
- Validation (block dangerous operations before execution)
- Automation (auto-format code after file changes)
- Security (enforce safety policies on commands and tools)
- Metrics (track tool usage, performance, costs)
- Quality Control (run tests after implementation changes)
- Context Injection (load project-specific context at session start)
Hooks transform Claude Code from a reactive assistant into a proactive, policy-enforced development environment.
Hook Types Reference
Claude Code provides 7 hook types that fire at different lifecycle stages:
| Hook Type | When It Fires | Receives | Can Modify | Use Cases |
|---|---|---|---|---|
| PreToolUse | Before tool execution | Tool name, input | Tool input, can block | Validation, security checks, permission gates |
| PostToolUse | After tool completion | Tool name, input, output | Nothing (read-only) | Auto-format, metrics, notifications |
| UserPromptSubmit | User submits prompt | Prompt text | Nothing (read-only) | Complexity analysis, model routing, context injection |
| SessionStart | Session begins | Session metadata | Nothing (read-only) | Load project context, initialize environment |
| Stop | Main session stops | Session metadata | Nothing (read-only) | Completion validation, cleanup, final reports |
| SubagentStop | Sub-agent (Task) completes | Task metadata, output | Nothing (read-only) | Task metrics, result validation |
| Notification | System notification | Notification data | Nothing (read-only) | Alert logging, external integrations |
| PermissionRequest | Tool needs permission | Tool name, action | Nothing (read-only) | Custom approval workflows |
Key Concepts:
- PreToolUse: Only hook that can block or modify execution
- PostToolUse: Cannot modify output, but can trigger follow-up actions
- Matcher: Regex pattern to filter which tools trigger the hook
- Hooks Array: Commands to execute when hook fires (can run multiple)
Hook Configuration in settings.json
Hooks are configured in .claude/settings.json under the "hooks" key:
Basic Structure
{
"hooks": {
"PreToolUse": [
{
"matcher": "^(Write|Edit)$",
"hooks": ["echo 'File change detected'"]
}
],
"PostToolUse": [
{
"matcher": "^(Write|Edit)$",
"hooks": ["bun run format"]
}
]
}
}
Configuration Properties
matcher (required):
- Regex pattern to match tool names
- Uses JavaScript regex syntax
- Examples:
"^Write$"- Matches only Write tool"^(Write|Edit)$"- Matches Write or Edit".*"- Matches all tools (use sparingly)"^Bash$"- Matches Bash tool
hooks (required):
- Array of commands to execute
- Commands run sequentially
- Can be shell commands or custom scripts
- Each command runs in its own shell context
continueOnError (optional, default: true):
true: Continue workflow if hook failsfalse: Stop workflow on hook failure- Use
falsefor critical validation hooks
timeout (optional, default: 30000ms):
- Maximum execution time for hook command
- In milliseconds (30000 = 30 seconds)
- Hook is killed if timeout exceeded
Advanced Configuration Example
{
"hooks": {
"PreToolUse": [
{
"matcher": "^Write$",
"hooks": [
"node scripts/validate-file.js",
"node scripts/check-secrets.js"
],
"continueOnError": false,
"timeout": 10000
}
],
"PostToolUse": [
{
"matcher": "^(Write|Edit)$",
"hooks": ["bun run format", "bun run lint --fix"],
"continueOnError": true,
"timeout": 60000
}
],
"UserPromptSubmit": [
{
"matcher": ".*",
"hooks": ["node scripts/analyze-complexity.js"]
}
]
}
}
Ready-To-Use Hook Templates
Template 1: File Protection Hook
Purpose: Block writes to sensitive files (secrets, credentials, config)
Hook Type: PreToolUse
Matcher: "^(Write|Edit)$"
Configuration:
{
"hooks": {
"PreToolUse": [
{
"matcher": "^(Write|Edit)$",
"hooks": ["node scripts/protect-files.js"],
"continueOnError": false,
"timeout": 5000
}
]
}
}
Script: scripts/protect-files.js
#!/usr/bin/env node
const PROTECTED_PATTERNS = [
/\.env$/,
/\.env\./,
/credentials\.json$/,
/secrets\.yaml$/,
/id_rsa$/,
/\.pem$/,
/\.key$/
];
const args = process.argv.slice(2);
const filePath = args[0] || '';
const isProtected = PROTECTED_PATTERNS.some(pattern => pattern.test(filePath));
if (isProtected) {
console.error(`❌ BLOCKED: Cannot modify protected file: ${filePath}`);
process.exit(1);
}
console.log(`✅ File write allowed: ${filePath}`);
process.exit(0);
When to Use:
- Protecting credentials and secrets
- Preventing accidental config file modifications
- Enforcing file-level permissions in team workflows
Template 2: Auto-Format Hook
Purpose: Automatically format code after file changes
Hook Type: PostToolUse
Matcher: "^(Write|Edit)$"
Configuration:
{
"hooks": {
"PostToolUse": [
{
"matcher": "^(Write|Edit)$",
"hooks": [
"bun run format",
"bun run lint --fix"
],
"continueOnError": true,
"timeout": 60000
}
]
}
}
package.json Scripts:
{
"scripts": {
"format": "prettier --write .",
"lint": "eslint . --ext .ts,.tsx,.js,.jsx"
}
}
When to Use:
- Maintaining consistent code style
- Automatic linting and formatting
- Reducing manual formatting overhead
- Enforcing team style guidelines
Benefits:
- Every file change is auto-formatted
- No manual "run prettier" steps needed
- Consistent style across all changes
- Catches lint errors immediately
Template 3: Security Command Blocker
Purpose: Block dangerous bash commands (rm -rf /, force push, etc.)
Hook Type: PreToolUse
Matcher: "^Bash$"
Configuration:
{
"hooks": {
"PreToolUse": [
{
"matcher": "^Bash$",
"hooks": ["node scripts/security-check.js"],
"continueOnError": false,
"timeout": 5000
}
]
}
}
Script: scripts/security-check.js
#!/usr/bin/env node
const DANGEROUS_COMMANDS = [
/rm\s+-rf\s+\//, // rm -rf /
/rm\s+-rf\s+~\//, // rm -rf ~/
/git\s+push\s+.*--force/, // git push --force
/git\s+reset\s+--hard/, // git reset --hard (main/master)
/chmod\s+777/, // chmod 777
/sudo\s+rm/, // sudo rm
/:\(\)\{\s*:\|:&\s*\};:/, // fork bomb
/dd\s+if=.*of=\/dev\//, // dd to device
/mkfs/, // format filesystem
/>\s*\/dev\/sd/ // redirect to disk
];
const args = process.argv.slice(2);
const command = args.join(' ');
const isDangerous = DANGEROUS_COMMANDS.some(pattern => pattern.test(command));
if (isDangerous) {
console.error(`❌ BLOCKED: Dangerous command detected: ${command}`);
console.error('This command could cause data loss or system damage.');
process.exit(1);
}
console.log(`✅ Command allowed: ${command}`);
process.exit(0);
When to Use:
- Production environments
- Shared development machines
- Preventing accidental destructive commands
- Enforcing security policies
Protected Against:
- Recursive deletion of root or home directories
- Force pushing to protected branches
- Destructive git operations
- System-level permission changes
- Fork bombs and other malicious commands
Template 4: Task Complexity Analyzer
Purpose: Analyze prompt complexity and suggest appropriate model tier
Hook Type: UserPromptSubmit
Matcher: ".*" (all prompts)
Configuration:
{
"hooks": {
"UserPromptSubmit": [
{
"matcher": ".*",
"hooks": ["node scripts/analyze-complexity.js"]
}
]
}
}
Script: scripts/analyze-complexity.js
#!/usr/bin/env node
const fs = require('fs');
const args = process.argv.slice(2);
const prompt = args.join(' ');
// Complexity scoring
let score = 0;
// Length-based scoring
if (prompt.length > 500) score += 2;
if (prompt.length > 1000) score += 3;
// Keyword-based scoring
const complexKeywords = [
'implement', 'refactor', 'architect', 'design',
'optimize', 'performance', 'security', 'scale'
];
const simpleKeywords = ['fix', 'update', 'change', 'modify'];
complexKeywords.forEach(keyword => {
if (prompt.toLowerCase().includes(keyword)) score += 2;
});
simpleKeywords.forEach(keyword => {
if (prompt.toLowerCase().includes(keyword)) score -= 1;
});
// Determine recommended model
let recommendation;
if (score >= 5) {
recommendation = 'Claude Opus 4.5 (complex task)';
} else if (score >= 2) {
recommendation = 'Claude Sonnet 4.5 (medium task)';
} else {
recommendation = 'Claude Haiku 3.5 (simple task)';
}
// Log recommendation
const logEntry = {
timestamp: new Date().toISOString(),
prompt: prompt.substring(0, 100),
score,
recommendation
};
fs.appendFileSync('.claude/complexity-log.json', JSON.stringify(logEntry) + '\n');
console.log(`Complexity Score: ${score} - Recommended: ${recommendation}`);
process.exit(0);
When to Use:
- Cost optimization (use cheaper models for simple tasks)
- Automatic model routing based on task complexity
- Performance tracking (are prompts getting more complex?)
- Budget management (track usage patterns)
Template 5: Metrics
Content truncated.
More by MadAppGang
View all skills by MadAppGang →You might also like
flutter-development
aj-geddes
Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.
drawio-diagrams-enhanced
jgtolentino
Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.
ui-ux-pro-max
nextlevelbuilder
"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."
godot
bfollington
This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.
nano-banana-pro
garg-aayush
Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.
fastapi-templates
wshobson
Create production-ready FastAPI projects with async patterns, dependency injection, and comprehensive error handling. Use when building new FastAPI applications or setting up backend API projects.
Related MCP Servers
Browse all servers
Desktop CommanderDesktop Commander MCP unifies code management with advanced source control, git, and svn support—streamlining developmen
Exa SearchEmpower AI with the Exa MCP Server—an AI research tool for real-time web search, academic data, and smarter, up-to-date
Context PortalContext Portal: Manage project memory with a database-backed system for decisions, tracking, and semantic search via a k
Claude HistorianClaude Historian is a free AI search engine offering advanced search, file context, and solution discovery in Claude Cod
Claude HistorianClaude Historian: AI-powered search for Claude Code conversations—find files, errors, context, and sessions via JSONL pa
Voice HooksVoice Hooks — real-time voice for Claude Code: browser speech recognition, natural TTS replies, and conversation state m
Stay ahead of the MCP ecosystem
Get weekly updates on new skills and servers.