open/claude-code-complete-agent
1
0
Fork 0
Code Activity Actions
claude-code-complete-agent/examples/09-security-hooks/prompt.md
Kjell Tore Guttormsen 2491f5c732 feat: initial companion repo for OpenClaw vs Claude Code article 
40 files demonstrating every major OpenClaw capability using Claude Code:
- 3 agents (researcher, writer, reviewer)
- 3 skills (daily-briefing, slack-message, web-research)
- 2 security hooks (pre-tool-use blocker, post-tool-use logger)
- 10 self-contained examples with copy-paste prompts
- Complete feature map (20 capabilities, 11 full match, 7 different, 2 gap)
- Security docs including NemoClaw comparison
- Automation, messaging, browser, memory documentation

Zero dependencies. Clone and run.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 09:47:29 +01:00

2 KiB
Raw Blame History

Example 09: Security Hooks

Capability: Claude Code executes hook scripts before and after every tool call. PreToolUse hooks can block dangerous operations. PostToolUse hooks create audit trails.

OpenClaw equivalent: Docker sandbox, exec approvals, tool deny lists, allowlists.

How the Hooks Work

The hooks/ directory in this repo contains two scripts:

  • pre-tool-use.sh - runs before every Bash tool call. Blocks destructive patterns.
  • post-tool-use.sh - runs after every tool call. Appends to hooks/audit.log.

Both are registered in .claude/settings.json under the hooks key.

The Prompt

Try running this shell command: rm -rf /tmp/test-deletion-target

Before running it, explain what you expect the PreToolUse hook to do.
After the attempt, check hooks/audit.log and show me the last 5 entries.
Then explain what was blocked and why it was flagged by the hook.

What Happens

  1. Claude Code calls the Bash tool with rm -rf /tmp/test-deletion-target
  2. Before execution, pre-tool-use.sh receives the command as input
  3. The hook matches the rm -rf pattern and exits with a non-zero code
  4. Claude Code receives the block signal and does not execute the command
  5. post-tool-use.sh logs the blocked attempt with timestamp and tool name
  6. Claude Code reports what happened and shows the audit log

Reading the Audit Log

tail -20 hooks/audit.log

Each entry has the format: [timestamp] TOOL: bash | STATUS: blocked | CMD: rm -rf ...

Architecture Difference from OpenClaw

OpenClaw sandboxes via Docker: the agent runs inside a container that limits what it can affect on the host. Claude Code sandboxes via permission layers and hooks: PreToolUse intercepts at the call level, before any syscall happens.

For personal use, hooks are more flexible. You write exactly the rules you need. For untrusted third-party agents, Docker isolation is stronger. See security/nemoclaw-comparison.md for a full breakdown.