open/claude-code-complete-agent
1
0
Fork 0
Code Activity Actions
claude-code-complete-agent/examples/09-security-hooks/prompt.md
Kjell Tore Guttormsen 2491f5c732 feat: initial companion repo for OpenClaw vs Claude Code article 
40 files demonstrating every major OpenClaw capability using Claude Code:
- 3 agents (researcher, writer, reviewer)
- 3 skills (daily-briefing, slack-message, web-research)
- 2 security hooks (pre-tool-use blocker, post-tool-use logger)
- 10 self-contained examples with copy-paste prompts
- Complete feature map (20 capabilities, 11 full match, 7 different, 2 gap)
- Security docs including NemoClaw comparison
- Automation, messaging, browser, memory documentation

Zero dependencies. Clone and run.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 09:47:29 +01:00

62 lines
2 KiB
Markdown
Raw Blame History

# Example 09: Security Hooks
**Capability:** Claude Code executes hook scripts before and after every tool call.
PreToolUse hooks can block dangerous operations. PostToolUse hooks create audit trails.
**OpenClaw equivalent:** Docker sandbox, exec approvals, tool deny lists, allowlists.
---
## How the Hooks Work
The `hooks/` directory in this repo contains two scripts:
- `pre-tool-use.sh` - runs before every Bash tool call. Blocks destructive patterns.
- `post-tool-use.sh` - runs after every tool call. Appends to `hooks/audit.log`.
Both are registered in `.claude/settings.json` under the `hooks` key.
---
## The Prompt
```
Try running this shell command: rm -rf /tmp/test-deletion-target
Before running it, explain what you expect the PreToolUse hook to do.
After the attempt, check hooks/audit.log and show me the last 5 entries.
Then explain what was blocked and why it was flagged by the hook.
```
---
## What Happens
1. Claude Code calls the Bash tool with `rm -rf /tmp/test-deletion-target`
2. Before execution, `pre-tool-use.sh` receives the command as input
3. The hook matches the `rm -rf` pattern and exits with a non-zero code
4. Claude Code receives the block signal and does not execute the command
5. `post-tool-use.sh` logs the blocked attempt with timestamp and tool name
6. Claude Code reports what happened and shows the audit log
---
## Reading the Audit Log
```bash
tail -20 hooks/audit.log
```
Each entry has the format: `[timestamp] TOOL: bash | STATUS: blocked | CMD: rm -rf ...`
---
## Architecture Difference from OpenClaw
OpenClaw sandboxes via Docker: the agent runs inside a container that limits
what it can affect on the host. Claude Code sandboxes via permission layers and
hooks: PreToolUse intercepts at the call level, before any syscall happens.
For personal use, hooks are more flexible. You write exactly the rules you need.
For untrusted third-party agents, Docker isolation is stronger. See
`security/nemoclaw-comparison.md` for a full breakdown.
View git blame Copy permalink