nm-abstract-hooks-evalEvaluate hook security, performance, and SDK compliance. Use for audits
Install via ClawdBot CLI:
clawdbot install athola/nm-abstract-hooks-evalGrade Limited — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Potentially destructive shell commands in tool definitions
rm -rf /Calls external URL not in known-safe list
https://github.com/athola/claude-night-market/tree/master/plugins/abstractAI Analysis
The skill appears to be a legitimate hook evaluation framework for Claude Code, with no evidence of credential harvesting, data exfiltration, or hidden malicious instructions. The external GitHub reference is consistent with its stated purpose as a ported plugin, and the unsafe shell command example appears to be illustrative rather than executable code.
Audited Apr 16, 2026 · audit v1.0
Generated May 5, 2026
A security team evaluates all hooks in a Claude Code plugin for vulnerabilities like injection attacks, improper permission denials, or exposure of sensitive data. The framework scores each hook on security criteria and generates a SARIF report for remediation.
An engineering team measures execution time, memory usage, and I/O of hooks to identify bottlenecks before deploying to production. The analysis provides baseline metrics and optimization suggestions.
A compliance officer validates that all hooks in a plugin adhere to internal documentation standards, proper error handling, and structured return values. The evaluation ensures hooks meet company policies before release.
A development lead uses the skill to train new team members on proper hook patterns, callback signatures, and quality scoring. New developers run evaluations on sample hooks to learn best practices.
A marketplace for Claude Code plugins requires all submissions to pass a standardized hooks evaluation using this skill. Publishers pay a small fee per evaluation, ensuring quality and security across the ecosystem.
A consultancy offers comprehensive hook audits for enterprises using Claude Code agents. The service includes security analysis, performance tuning, and compliance reporting as a recurring subscription.
Integrate the evaluation framework into a CI/CD pipeline as a SaaS offering. Developers run automated hook checks on pull requests, with freemium tier for basic scans and paid tiers for advanced security and performance benchmarks.
💬 Integration Tip
To integrate, include the hooks-eval command in your CI pipeline with flags like --security-only for quick checks, or --detailed for full reports. Combine with related skills like hook-scope-guide to validate hook placement.
Scored Apr 19, 2026
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...
Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.
Analyze and classify agent skills for safety using local evaluation. Optionally produce a signed attestation of the vetting result.
Detect 500+ types of hardcoded secrets (API keys, credentials, tokens) before they leak into git. Wraps GitGuardian's ggshield CLI.
Audit codebases and infrastructure for security issues. Use when scanning dependencies for vulnerabilities, detecting hardcoded secrets, checking OWASP top 10 issues, verifying SSL/TLS, auditing file permissions, or reviewing code for injection and auth flaws.
Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.