Command Validator
Security validation hook that blocks dangerous bash commands.
Security validation hook that blocks dangerous bash commands before execution.
Features
- Blocks destructive commands (rm -rf /, dd, mkfs)
- Detects privilege escalation (sudo, chmod)
- Protects system paths (/etc, /usr, /bin)
- Validates command chains (&&, ||, ;)
- Logs blocked commands to
data/security.log
Protected Commands
| Category | Commands |
|---|---|
| Critical | del, format, mkfs, shred, dd, fdisk |
| Privilege | sudo, su, passwd, chmod, chown |
| Network | nc, netcat, nmap, telnet, ssh-keygen |
| System | systemctl, service, kill, mount |
Protected Paths
/etc/,/usr/,/sbin/,/boot//sys/,/proc/,/dev/,/root/
Commands
| Command | Description |
|---|---|
validator:cli | Run validator CLI |
validator:test | Run tests |
validator:lint | Lint code |
Setup
Add to ~/.claude/settings.json:
JSON
{
"hooks": {
"PreToolUse": [
{
"matcher": "Bash",
"hooks": [
{
"type": "command",
"command": "bun ~/.claude/scripts/command-validator/src/cli.ts"
}
]
}
]
}
}Programmatic Usage
TYPESCRIPT
import { CommandValidator } from "./src/lib/validator";
const validator = new CommandValidator();
const result = validator.validate("rm -rf /");
if (!result.isValid) {
console.log(`Blocked: ${result.violations.join(", ")}`);
console.log(`Severity: ${result.severity}`);
}