claude-hooks  by lasso-security

Security hooks for Claude Code to defend against prompt injection

Created 6 months ago
255 stars

Top 98.8% on SourcePulse

GitHubView on GitHub
Project Summary

Summary

This repository, lasso-security/claude-hooks, addresses the critical security vulnerability of indirect prompt injection within Claude Code. It provides a "Prompt Injection Defender" hook designed to scan outputs from various Claude Code tools (like file reads, web fetches, and command executions) for malicious instructions hidden within content. This offers users of Claude Code a proactive defense mechanism, alerting the AI to potentially harmful data before it can be acted upon, thereby enhancing the security and reliability of AI-assisted coding workflows.

How It Works

The core of the project is a PostToolUse hook that intercepts tool outputs. It employs a fast, predictable, and transparent pattern-based detection system, defined in patterns.yaml, to identify five categories of prompt injection attacks: Instruction Override, Role-Playing/DAN, Encoding/Obfuscation, Context Manipulation, and Instruction Smuggling. Upon detecting suspicious content, the hook adds a detailed warning to Claude's context, advising caution without outright blocking execution. This approach avoids costly API calls and ensures consistent behavior.

Quick Start & Requirements

  • Installation:
    • Interactive (Recommended): If added as a Claude Code skill, instruct Claude: "install the prompt injection defender".
    • Script: Clone the repository, cd claude-hooks, then run ./install.sh /path/to/your-project.
  • Prerequisites: Claude Code, Git.
  • Documentation: Detailed installation and configuration are available in INSTALLATION.md.

Highlighted Details

  • Detects and warns against five key prompt injection attack categories.
  • Pattern-based scanning offers speed, predictability, and transparency without external API calls.
  • Monitors outputs from Read, WebFetch, Bash, Grep, Task, and MCP tools.
  • Provides detailed warnings to Claude, guiding cautious processing of suspicious content.
  • Customizable detection patterns via patterns.yaml.

Maintenance & Community

The project outlines contribution guidelines for adding new patterns, testing, and submitting pull requests. Specific community channels (like Discord/Slack) or notable contributors/sponsors are not detailed in this README.

Licensing & Compatibility

The project is released under the MIT License, which generally permits commercial use and integration into closed-source projects with minimal restrictions.

Limitations & Caveats

The defender's primary function is to warn Claude about potential prompt injection attempts; it does not actively block or prevent the execution of malicious instructions. Its effectiveness relies on the comprehensiveness and accuracy of the defined patterns, which may be subject to false positives or negatives. The focus is specifically on indirect prompt injection vulnerabilities.

Health Check
Last Commit

6 months ago

Responsiveness

Inactive

Pull Requests (30d)
0
Issues (30d)
0
Star History
7 stars in the last 30 days

Explore Similar Projects

Starred by Chip Huyen Chip Huyen(Author of "AI Engineering", "Designing Machine Learning Systems"), Michele Castata Michele Castata(President of Replit), and
3 more.

rebuff by protectai

0.1%
2k
SDK for LLM prompt injection detection
Created 3 years ago
Updated 1 year ago
Starred by Chip Huyen Chip Huyen(Author of "AI Engineering", "Designing Machine Learning Systems"), Elie Bursztein Elie Bursztein(Cybersecurity Lead at Google DeepMind), and
3 more.

llm-guard by protectai

0.6%
3k
Security toolkit for LLM interactions
Created 3 years ago
Updated 3 days ago
Feedback? Help us improve.