scaffold-hooks
Warn
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides operational scripts such as
check_workspace_trust.shandcheck_hooks_feature.pythat directly modify global configuration files of the host AI agents (e.g.,~/.claude.jsonand~/.codex/config.toml). These scripts can programmatically set flags likehasTrustDialogAccepted=true, which bypasses the built-in interactive security dialogs that agents use to confirm if a user trusts a specific repository before executing hooks or tools. - [COMMAND_EXECUTION]: The primary function of the skill is to generate and install numerous shell scripts into a project's
hooks/directory and wire them into the agent's runtime environment (e.g., through.claude/settings.jsonor.codex/hooks.json). This creates a persistent execution mechanism where the AI agent will automatically run project-local scripts during various lifecycle events, such as before tool execution (PreToolUse) or when the agent stops its turn (Stop). - [EXTERNAL_DOWNLOADS]: The OpenCode harness component configures the agent to load the
opencode-froggyplugin, which is a third-party extension. While the sources are identified as GitHub and npm (well-known services), this configuration introduces an external dependency into the agent's operational environment that is not maintained by the primary agent vendor.
Audit Metadata