last30days-cn
Warn
Audited by Socket on Jul 7, 2026
1 alert found:
AnomalyAnomalyhooks/hooks.json
LOWAnomalyLOW
hooks/hooks.json
This fragment is primarily a lifecycle hook configuration that triggers `bash` to execute a local `check-config.sh` script on SessionStart. No explicit malicious behavior is visible in the snippet itself, but it introduces a moderate supply-chain/path-integrity risk by performing shell command execution using a runtime-resolved root path. Verification requires reviewing the actual `check-config.sh` contents and ensuring `${CLAUDE_PLUGIN_ROOT}` and the script file are protected from tampering (e.g., by signed artifacts, locked dependencies, and verified installation paths).
Confidence: 62%Severity: 52%
Audit Metadata