Discover and explore top open-source AI tools and projects—updated daily.
lasso-securitySecurity hooks for Claude Code to defend against prompt injection
Top 98.8% on SourcePulse
Summary
This repository, lasso-security/claude-hooks, addresses the critical security vulnerability of indirect prompt injection within Claude Code. It provides a "Prompt Injection Defender" hook designed to scan outputs from various Claude Code tools (like file reads, web fetches, and command executions) for malicious instructions hidden within content. This offers users of Claude Code a proactive defense mechanism, alerting the AI to potentially harmful data before it can be acted upon, thereby enhancing the security and reliability of AI-assisted coding workflows.
How It Works
The core of the project is a PostToolUse hook that intercepts tool outputs. It employs a fast, predictable, and transparent pattern-based detection system, defined in patterns.yaml, to identify five categories of prompt injection attacks: Instruction Override, Role-Playing/DAN, Encoding/Obfuscation, Context Manipulation, and Instruction Smuggling. Upon detecting suspicious content, the hook adds a detailed warning to Claude's context, advising caution without outright blocking execution. This approach avoids costly API calls and ensures consistent behavior.
Quick Start & Requirements
cd claude-hooks, then run ./install.sh /path/to/your-project.INSTALLATION.md.Highlighted Details
Read, WebFetch, Bash, Grep, Task, and MCP tools.patterns.yaml.Maintenance & Community
The project outlines contribution guidelines for adding new patterns, testing, and submitting pull requests. Specific community channels (like Discord/Slack) or notable contributors/sponsors are not detailed in this README.
Licensing & Compatibility
The project is released under the MIT License, which generally permits commercial use and integration into closed-source projects with minimal restrictions.
Limitations & Caveats
The defender's primary function is to warn Claude about potential prompt injection attempts; it does not actively block or prevent the execution of malicious instructions. Its effectiveness relies on the comprehensiveness and accuracy of the defined patterns, which may be subject to false positives or negatives. The focus is specifically on indirect prompt injection vulnerabilities.
6 months ago
Inactive
protectai
protectai