Writing Hookify Rules

Overview

Hookify rules are markdown files with YAML frontmatter that define patterns to watch for and messages to show when those patterns match. Rules are stored in .claude/hookify.{rule-name}.local.md files.

Rule File Format

Basic Structure

---
name: rule-identifier
enabled: true
event: bash|file|stop|prompt|all
pattern: regex-pattern-here
---

Message to show Claude when this rule triggers.
Can include markdown formatting, warnings, suggestions, etc.

Frontmatter Fields

Field	Required	Values	Description
name	Yes	kebab-case string	Unique identifier (verb-first: warn-, block-, require-*)
enabled	Yes	true/false	Toggle without deleting
event	Yes	bash/file/stop/prompt/all	Which hook event triggers this
action	No	warn/block	warn (default) shows message; block prevents operation
pattern	Yes*	regex string	Pattern to match (*or use conditions for complex rules)

Advanced Format (Multiple Conditions)

---
name: warn-env-api-keys
enabled: true
event: file
conditions:
  - field: file_path
    operator: regex_match
    pattern: \.env$
  - field: new_text
    operator: contains
    pattern: API_KEY
---

You're adding an API key to a .env file. Ensure this file is in .gitignore!

Condition fields by event:

bash: command
file: file_path, new_text, old_text, content
prompt: user_prompt

Operators: regex_match, contains, equals, not_contains, starts_with, ends_with

All conditions must match for rule to trigger.

Event Type Guide

bash Events

Match Bash command patterns:

Dangerous commands: rm\s+-rf, dd\s+if=, mkfs
Privilege escalation: sudo\s+, su\s+
Permission issues: chmod\s+777

file Events

Match Edit/Write/MultiEdit operations:

Debug code: console\.log\(, debugger
Security risks: eval\(, innerHTML\s*=
Sensitive files: \.env$, credentials, \.pem$

stop Events

Completion checks and reminders. Pattern .* matches always.

prompt Events

Match user prompt content for workflow enforcement.

Pattern Writing Tips

Regex Basics

Escape special chars: . to \., ( to \(
\s whitespace, \d digit, \w word char
+ one or more, * zero or more, ? optional
| OR operator

Common Pitfalls

Too broad: log matches "login", "dialog" — use console\.log\(
Too specific: rm -rf /tmp — use rm\s+-rf
YAML escaping: Use unquoted patterns; quoted strings need \\s

Testing

python3 -c "import re; print(re.search(r'your_pattern', 'test text'))"

File Organization

Location: .claude/ directory in project root
Naming: .claude/hookify.{descriptive-name}.local.md
Gitignore: Add .claude/*.local.md to .gitignore

Commands

/hookify [description] - Create new rules (auto-analyzes conversation if no args)
/hookify-list - View all rules in table format
/hookify-configure - Toggle rules on/off interactively
/hookify-help - Full documentation

Quick Reference

Minimum viable rule:

---
name: my-rule
enabled: true
event: bash
pattern: dangerous_command
---
Warning message here

Files1

1 files · 1.0 KB

Select a file to preview

Overall Score

82/100

Grade

B

Good

Safety

80

Quality

85

Clarity

88

Completeness

75

Summary

This skill teaches developers how to create and configure Hookify rules — YAML-frontmatter markdown files that define patterns for content monitoring within Claude's editing workflow. The skill provides comprehensive rule syntax, event type guidance, regex pattern writing, and file organization best practices.

Static Analysis Findings

2 findings

Patterns detected by deterministic static analysis before AI scoring. Hover over any finding code for detailed information and remediation guidance.

Credential Exposure

SEC-020Direct .env File Access3x in 1 file

Direct .env file access

SKILL.md.env3x

85% confidenceCWE-538: Sensitive Info in Externally-Accessible File

Destructive Operation

SEC-001Recursive DeletionMax: B

Recursive deletion pattern (rm -rf)

SKILL.mdrm -rf

100% confidenceCWE-379: Unrestricted File Deletion

Detected Capabilities

file write (.claude directory)regex pattern definitionYAML frontmatter authoringpattern testing (python regex)file organization guidance

Trigger Keywords

Phrases that MCP clients use to match this skill to user intent.

create hookify ruleconfigure content warningsadd security guardrailwrite rule patternhookify syntax

Risk Signals

INFO

SEC-001: Recursive deletion pattern (rm -rf) mentioned as example dangerous bash command

SKILL.md | bash Events section, example: rm\s+-rf

INFO

SEC-020: .env file access referenced in multiple contexts (sensitive file patterns, condition examples)

SKILL.md | file Events section (sensitive files: \.env$) and advanced format example (warn-env-api-keys rule)

Use Cases

Security guardrail warnings for dangerous commands
Enforce code quality checks (console.log detection)
Credential protection (.env file safeguards)
Workflow reminders and completion checks
API key and secrets file monitoring
Permission and privilege escalation detection

Quality Notes

Comprehensive and well-structured documentation with clear section hierarchy (Overview, Rule File Format, Event Type Guide, etc.)
Excellent use of tables, code blocks, and examples to explain rule syntax and operators
Practical pattern writing tips section addresses common pitfalls (too broad, too specific, YAML escaping)
Testing guidance provided (python3 regex tester command)
Clear file organization and naming conventions (.claude directory, gitignore guidance)
Quick reference section provides minimal viable rule for fast onboarding
Frontmatter fields table clearly documents required fields, values, and descriptions
Condition-based advanced format well-explained with field/operator reference for each event type

Model: claude-haiku-4-5-20251001Analyzed: May 11, 2026

Reviews

Add this skill to your library to leave a review.

No reviews yet

Be the first to share your experience.

Version History

v1.1

Content updated

2026-04-20

Latest

v1.0

No changelog

2026-04-05

hookify-rules