← Back to Skills Marketplace
160
Downloads
0
Stars
1
Active Installs
3
Versions
Install in OpenClaw
/install nm-abstract-hooks-eval
Description
Evaluate hook security, performance, and SDK compliance. Use for audits
Usage Guidance
This skill is an instruction-only audit framework and appears internally consistent. Before installing or using it: 1) Confirm your agent environment actually provides the referenced tooling (e.g., /hooks-eval or install the Claude Code plugin) because the SKILL.md assumes those commands exist. 2) When following checks that validate or run shell commands from hooks.json, review those commands first—the evaluator may instruct you to test executables referenced by a plugin, which requires filesystem and command execution access. 3) The skill will scan for hardcoded secrets and other vulnerabilities in plugin files—ensure you permit it only to access plugin folders you trust. 4) There are no requested credentials, but still inspect any plugin code you evaluate for secrets before running automated checks. If you need higher assurance, request a sample run or a minimal-scope dry-run on non-production data to confirm behavior.
Capability Analysis
Type: OpenClaw Skill
Name: nm-abstract-hooks-eval
Version: 1.8.3
The skill bundle is a comprehensive documentation and evaluation framework for auditing Claude Agent SDK hooks. It provides a structured rubric for identifying security vulnerabilities (e.g., command injection, dynamic code evaluation) and performance bottlenecks in other plugins. The files (SKILL.md, evaluation-criteria.md, and sdk-hook-types.md) contain educational content, technical references, and scoring systems designed to improve hook quality and security, with no evidence of malicious intent, data exfiltration, or harmful instructions.
Capability Assessment
Purpose & Capability
Name, description, and included modules are consistent: the skill provides guidance and rubrics for auditing hooks, references SDK types and evaluation criteria, and only declares a related config path (night-market.hook-scope-guide). There are no unrelated env vars, binaries, or install steps requested.
Instruction Scope
SKILL.md is detailed and stays within the audit/evaluation domain (checking hooks.json, validating matchers, benchmarking, scanning for secrets). It instructs running helper commands (e.g., /hooks-eval, /analyze-hook, /validate-plugin) but supplies no binaries — so the runtime assumes those tools or the Claude Code plugin exist in the agent environment. The instructions also direct verifying shell commands referenced in hooks.json are executable, which legitimately requires inspecting plugin files and possibly executing or testing commands locally; this is within scope but means the agent will need filesystem and command-execution capability to fully follow the guidance.
Install Mechanism
No install spec is provided (instruction-only). This is the lowest-risk install model: nothing is downloaded or written to disk by the skill itself.
Credentials
The skill requests no credentials or environment variables; the single required config path (night-market.hook-scope-guide) is relevant to hook placement guidance. The included evaluation rules explicitly search for hardcoded secrets as part of audits, which is appropriate for an auditing tool and not an unexplained request for secrets.
Persistence & Privilege
always:false and default invocation settings are used. The skill does not request persistent system presence or claim to modify other skills' configurations. Nothing indicates elevated or unusual privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install nm-abstract-hooks-eval - After installation, invoke the skill by name or use
/nm-abstract-hooks-eval - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.8.3
Release v1.8.3
v1.8.2
Release v1.8.2
v1.0.0
Initial release for hooks-eval auditing skill:
- Provides a framework to evaluate hook security, performance, and SDK compliance in Claude Code plugins and projects.
- Supports security analysis (vulnerability scanning, pattern detection), performance benchmarking, and structure/compliance checks.
- Offers detailed references for hook event types, callback signatures, return values, and quality scoring.
- Includes guidance for integrating with plugin-level `hooks.json` and the Python SDK.
- Supplies command-line workflows for running evaluations, security-focused scans, and compliance reports.
Metadata
Frequently Asked Questions
What is Nm Abstract Hooks Eval?
Evaluate hook security, performance, and SDK compliance. Use for audits. It is an AI Agent Skill for Claude Code / OpenClaw, with 160 downloads so far.
How do I install Nm Abstract Hooks Eval?
Run "/install nm-abstract-hooks-eval" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Nm Abstract Hooks Eval free?
Yes, Nm Abstract Hooks Eval is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Nm Abstract Hooks Eval support?
Nm Abstract Hooks Eval is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Nm Abstract Hooks Eval?
It is built and maintained by athola (@athola); the current version is v1.8.3.
More Skills