← 返回 Skills 市场

Hook System

Name: Hook System
Author: xhmqq616

作者 xhmqq616 · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install hook-system

功能描述

工具钩子系统。在工具执行前后注入自定义逻辑，支持： - PreToolUse: 工具执行前调用，可修改输入或阻止执行 - PostToolUse: 工具执行后调用，可修改输出或记录日志当用户说"添加钩子"、"hook"、"拦截工具"、"工具前后处理"时触发。依赖：Node.js 18+

使用说明 (SKILL.md)

Hook System - 工具钩子框架

核心概念

工具调用流程（带Hook）:
User Message → [PreToolUse Hook] → Tool Executor → [PostToolUse Hook] → Response
                       ↓                        ↓
                  可以阻止执行             可以修改输出

Hook 类型

类型	时机	用途
PreToolUse	工具执行前	验证输入、日志记录、阻止执行
PostToolUse	工具执行后	修改输出、错误处理、通知

快速使用

const { HookRunner } = require('./scripts/hook-runner.mjs');

const runner = new HookRunner({
  preToolUse: ['echo "Calling $HOOK_TOOL_NAME"'],
  postToolUse: ['echo "Done: $HOOK_TOOL_NAME"']
});

// 执行前钩子
const preResult = runner.runPreToolUse('read_file', '{"path":"README.md"}');
console.log(preResult.allow); // true/false
console.log(preResult.messages); // 钩子输出

// 执行后钩子
const postResult = runner.runPostToolUse('read_file', '{"path":"README.md"}', 'file content...', false);

Hook 命令格式

# 标准输出 = 钩子消息（会被注入到结果）
# 退出码 = 结果
#   0 = 允许/成功
#   2 = 拒绝（仅PreToolUse）
#   其他 = 警告（不阻止执行）

环境变量

钩子运行时自动注入：

变量	说明
`HOOK_EVENT`	事件类型：`PreToolUse` 或 `PostToolUse`
`HOOK_TOOL_NAME`	工具名称
`HOOK_TOOL_INPUT`	工具输入（原始JSON字符串）
`HOOK_TOOL_INPUT_PARSED`	解析后的JSON（美化格式）
`HOOK_TOOL_OUTPUT`	工具输出（PostToolUse才有）
`HOOK_TOOL_IS_ERROR`	是否错误：`0` 或 `1`

权限模式

退出码	结果	说明
0	Allow	工具正常执行/继续
2	Deny	阻止工具执行
其他	Warn	显示警告但继续执行

配置文件格式

{
  "hooks": {
    "preToolUse": [
      "node ./hooks/validate-input.mjs",
      "echo 'PreHook: $HOOK_TOOL_NAME'"
    ],
    "postToolUse": [
      "node ./hooks/log-output.mjs"
    ]
  }
}

内置钩子示例

1. 日志钩子

# pre-log.sh
echo "[$(date)] Calling $HOOK_TOOL_NAME with $HOOK_TOOL_INPUT" >> hooks.log

2. 输入验证钩子

// validate-input.mjs
const input = JSON.parse(process.env.HOOK_TOOL_INPUT || '{}');
if (input.path?.includes('..')) {
  console.error('Path traversal detected');
  process.exit(2); // Deny
}
console.log('Input valid');
process.exit(0);

3. 敏感信息过滤钩子

// filter-secrets.mjs
const output = process.env.HOOK_TOOL_OUTPUT || '';
const filtered = output.replace(/sk-\w{32,}/g, '[REDACTED_API_KEY]');
console.log(filtered);
process.exit(0);

文件结构

hook-system/
├── SKILL.md              # 本文件
├── scripts/
│   ├── hook-runner.mjs   # 核心钩子运行器
│   └── hooks/
│       ├── pre-log.mjs   # 日志示例
│       ├── validate-path.mjs  # 路径验证
│       └── filter-secrets.mjs # 敏感信息过滤
└── references/
    └── hook-examples.md  # 更多示例

龙虾王子自我进化的成果 🦞

安全使用建议

This hook system does what it says: it runs configured shell commands before and after tool calls. However, those hook commands are executed via a shell and inherit the agent's entire environment — so any secrets or API keys in environment variables can be read and exfiltrated by hooks, and hooks can run network or filesystem operations. Before installing: (1) only allow vetted hook scripts from trusted sources; (2) prefer running this skill in an isolated environment or container; (3) avoid placing credentials in the agent environment or patch the script to pass a minimal sanitized env to hooks (replace env: { ...process.env, ...env } with a curated env object); (4) review any HOOK_PRE/HOOK_POST values you set and the contents of hook scripts (especially anything that writes logs, reads files, or performs HTTP requests); (5) if you require stronger safety, refuse autonomous invocation or restrict the agent's ability to attach hooks. Because the source is unknown and the code exposes full environment to hooks, treat this skill as high-risk unless you control and inspect all hook commands.

功能分析

Type: OpenClaw Skill Name: hook-system Version: 1.0.0 The skill implements a framework for executing arbitrary shell commands as 'hooks' before and after tool calls via `scripts/hook-runner.mjs`. While the `SKILL.md` documentation suggests benign use cases like logging and secret filtering, the core logic uses `child_process.spawn` to run commands defined in environment variables (`HOOK_PRE`, `HOOK_POST`), which facilitates arbitrary code execution. There is no evidence of intentional malice, but the lack of command sanitization or sandboxing makes it a high-risk utility.

能力评估

✓ Purpose & Capability

Name/description match implementation: the script implements PreToolUse/PostToolUse hooks and runs configured commands before/after tool execution. The included examples (validation, logging, filtering) are consistent with the stated purpose.

⚠ Instruction Scope

SKILL.md and the script instruct running arbitrary shell commands as hooks. The documentation does not warn that hooks will inherit the process environment or can execute arbitrary network/file operations; the code spawns a shell for each hook, so hooks can read/write files, make network requests, or execute any command available to the runtime.

✓ Install Mechanism

No install spec (instruction-only) and a single supporting script file are provided; nothing is downloaded from external URLs or written by an installer, which reduces supply-chain risk. The code is included in the package so there is no hidden remote install step.

⚠ Credentials

The skill declares no required env vars, but runHookCommand invokes child processes with env: { ...process.env, ...env }, meaning hooks receive the entire parent environment (all secrets/keys). This gives hooks access to any credentials present in the agent environment despite no declared need — a disproportionate and under-documented privilege.

✓ Persistence & Privilege

always is false and the skill does not request persistent system-wide modifications. The agent can invoke the skill autonomously (default behavior) but that alone is normal and not flagged here. The skill does allow arbitrary hooks which increases risk if the agent auto-invokes it, but there is no evidence it modifies other skills or system configs.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install hook-system
安装完成后，直接呼叫该 Skill 的名称或使用 /hook-system 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of hook-system — a tool hook framework for injecting custom logic before and after tool execution. - Supports PreToolUse and PostToolUse hooks for input validation, logging, output modification, and more. - Allows hooks to modify inputs, block execution, or process outputs with exit codes. - Provides environment variables and configuration file examples for flexible customization. - Includes built-in example hooks for logging, input validation, and sensitive info filtering. - Requires Node.js 18 or newer.

元数据

Slug hook-system

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Hook System 是什么？

工具钩子系统。在工具执行前后注入自定义逻辑，支持： - PreToolUse: 工具执行前调用，可修改输入或阻止执行 - PostToolUse: 工具执行后调用，可修改输出或记录日志当用户说"添加钩子"、"hook"、"拦截工具"、"工具前后处理"时触发。依赖：Node.js 18+. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 85 次。

如何安装 Hook System？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install hook-system」即可一键安装，无需额外配置。

Hook System 是免费的吗？

是的，Hook System 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Hook System 支持哪些平台？

Hook System 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Hook System？

由 xhmqq616（@xhmqq616）开发并维护，当前版本 v1.0.0。