Add claude-code-hooks to Hooks and Guardrails

[karanb192]

Resource

• Title: claude-code-hooks
• URL: https://github.com/karanb192/claude-code-hooks
• Category: 🪝 Hooks and Guardrails

Why this meets the inclusion criteria

claude-code-hooks is a production-ready, MIT-licensed collection of PreToolUse and PostToolUse hooks for Claude Code, explicitly mapped to the OWASP LLM Top 10. It addresses the same runtime-enforcement problem space as existing entries (claude-code-safety-net, Lasso claude-hooks, claudekit), with a few differentiators:

• OWASP LLM Top 10 framework — each hook is tied to a specific risk (LLM01 Prompt Injection, LLM02 Sensitive Info Disclosure, LLM05 Improper Output Handling, LLM06 Excessive Agency, LLM07 System Prompt Leakage, LLM10 Unbounded Consumption).
• Severity threshold model — block-dangerous-commands uses three configurable levels (critical / high / strict), letting teams pick the policy bar for their repo.
• Secrets exfiltration coverage — protect-secrets matches dangerous patterns across Read, Edit, Write, AND Bash (curl uploading .env, scp, source, find -exec cat, base64 encoding, etc.).
• Sub-100ms synchronous performance, JSONL audit log, 262 tests, MIT license, ~417 GitHub stars.

Entry

Inserted alphabetically at the top of the Hooks and Guardrails section (since claude-code-hooks sorts before claude-code-hooks-mastery and claude-code-safety-net):

```

• claude-code-hooks - Production-ready hooks mapped to OWASP LLM Top 10. Blocks dangerous commands (rm -rf, force push, dd), detects secrets exfiltration, with severity thresholds and audit logs.
  ```

Format compliance check

• Hyphen list marker
• Description is 25 words (within 15-30 range)
• Capital start, period end
• No trailing slash on URL
• Link text is resource title
• One resource per line
• Searched the list to confirm not already included

Disclosure

I am the maintainer of claude-code-hooks. Happy to revise the description or placement if needed.