Audit Hooks Command
Audit Claude Code hooks for quality, compliance, and maintainability.
Initialization
Before auditing, initialize the environment:
Get the current UTC date, capture the project root path, ensure the temp directory exists, and clean up any stale audit files if the user confirms. The hook-management skill provides authoritative validation guidance (auto-loaded when this command runs).
What Gets Audited
- hooks.json configuration structure and validity
- Hook script existence and structure
- Matcher configuration appropriateness
- Environment variable naming conventions
- Decision control usage
- Test existence and coverage
Command Arguments
| Argument | Description |
|---|---|
| (none) | Smart mode: audit only modified, never-audited, or stale (>90 days) hooks |
--force |
Audit ALL hooks regardless of status |
--skip-validation |
Skip finding validation (faster, but may include false positives) |
--plugin-only |
Only audit local plugin hooks |
--project-only |
Only audit project hooks (.claude/hooks/) |
--global-only |
Only audit globally installed plugin hooks |
hook-name |
Audit specific hook(s) by name |
plugin:name |
Explicitly target plugin hook |
Step 1: Discover Hook Sources
Detect all hook sources in local repo and globally installed plugins.
For local discovery, check marketplace repos, single plugin repos, and .claude/hooks/. Track plugin names for deduplication.
For global discovery, check ~/.claude/plugins/ (Unix) or %USERPROFILE%\.claude\plugins\ (Windows). Skip globals that have local dev versions.
Step 2: Parse Arguments
Parse flags and hook names. Read audit logs for each source.
Step 3: Present Audit Plan
Display mode, sources discovered, deduplication status, and audit queue.
Step 4: Execute Audits
For each hook, spawn the hook-auditor subagent with source, path, and last audit date. Run in parallel batches of 3-5.
Subagents write findings to .claude/temp/. The main conversation thread collects results and updates audit logs using its Write/Edit tools.
Step 4.5: Validate Findings
Unless --skip-validation flag is present:
- Spawn the
audit-finding-validatoragent with:project_root: The captured project root pathaudit_type: "hook"audit_files: List of.claude/temp/audit-*-hook-*.jsonfile paths
- Wait for validation to complete
- Read updated JSON files with validation results
- Filter out FALSE_POSITIVE findings completely before aggregation
- Note: Filtered findings are logged to
.claude/temp/audit-filtered-findings.json
If --skip-validation flag is present:
- Skip validation phase entirely (current speed preserved)
- Present all findings without filtering
- Note in summary: "Validation: Skipped"
Step 5: Final Summary
Report total audited by source, results, and details table. Note that global hook fixes must be applied manually.
Include validation statistics (if validation was performed):
- Validation performed: Yes/No
- Findings validated: X
- False positives filtered: Y
- Verified findings: Z
- Unverified findings: W
Important Notes
Deduplication
Local dev repo plugins take precedence over globally installed versions. Global hooks are read-only - report findings but recommend manual fixes.
Cross-Platform Paths
| Platform | Global Plugins |
|---|---|
| Unix | ~/.claude/plugins/ |
| Windows | %USERPROFILE%\.claude\plugins\ |
Audit Log Location
All audit results are written to .claude/audit/hooks.md.
Use /audit-log hooks to view current audit status.
Example Usage
Example 1: Audit All Hooks
User: /audit-hooks
Claude: Discovering hook sources...
## Audit Plan
**Mode**: SMART
- Plugin: claude-ecosystem (4 hooks)
- Local: .claude/hooks/ (2 hooks)
- Deduplicated: claude-ecosystem (global skipped)
**Will audit**: 3 hooks
[Spawns hook-auditor subagents]
## Audit Complete
| Source | Hook | Result | Score |
| --- | --- | --- | --- |
| plugin | prevent-backup-files | PASS | 100/100 |
Example 2: Audit Specific Hook
User: /audit-hooks plugin:prevent-backup-files
Claude: PASS (Score: 100/100)