HN Showcase
Back to browse
GitHub Repository

Security scanner for AI coding agent configs — detects RCE hooks, invisible Unicode, credential exfiltration, and prompt injection in CLAUDE.md, settings.json, and .cursor/rules

2 starsGo

HookGuard – scanner for malicious Claude.md and agent config files

by MerriBan·May 13, 2026·3 points·0 comments
Visit ProjectView on HN

AI Analysis

●●SolidSolve My Problem

Catches invisible Unicode tricks and RCE hooks in CLAUDE.md files.

Strengths
  • Detects bidirectional override characters that hide malicious instructions visually.
  • Scans for credential exfiltration patterns in postToolUse hooks specifically.
  • Zero-config CI integration exits with code 1 to block builds on findings.
Weaknesses
  • Only scans config files; misses malicious code injected into actual source.
  • AGPL license may limit adoption in commercial enterprise security pipelines.
Category
Security
Target Audience

DevSecOps engineers and teams using Claude Code or Cursor

Similar To

Gitleaks · TruffleHog · Semgrep

Similar Projects

Developer Tools●●Solid

Agnix – lint your AI agent configs (Claude.md, skills, MCP, hooks)

Makes agent configs first-class with 229 domain-specific rules, autofix, and LSP support — so a tiny syntax mistake stops being a silent failure. The cross-editor plugins and GitHub Action are the standout moves: lint in your IDE and enforce checks in CI. I want a clearer map of which rules target which toolchains, but the breadth of integrations is impressive.

Niche GemSolve My ProblemSlick
anotherCodder
113mo ago
Security●●●Banger

SkillFortify, Formal verification for AI agents (auto-discovers)

Formal verification guarantees for agent skills replace heuristic scanning's 'no findings ≠ no risk' caveat.

Big BrainZero to OneSolve My Problem
varunpratap369
213mo ago