athola/writing-rules
plugins/hookify/skills/writing-rules/SKILL.md
Creates behavioral rules in markdown to block dangerous commands or restrict AI behavior. Use when adding safety guardrails or preventing specific commands.
$ install --global
skillsauthnpx skillsauth add athola/claude-night-market writing-rulesInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 27, 2026, 4:42 AM122.1s1 file scanned
SKILL.md
- name:
- writing-rules
- description:
- Creates behavioral rules in markdown to block dangerous commands or restrict AI behavior. Use when adding safety guardrails or preventing specific commands.
- alwaysApply:
- false
- category:
- hook-development
- dependencies:
- []
- estimated_tokens:
- 2500
- complexity:
- beginner
- model_hint:
- fast
Table of Contents
- Overview
- Quick Start
- Rule File Format
- Frontmatter Fields
- Event Types
- Advanced Conditions
- Operators
- Field Reference
- Pattern Writing
- Regex Basics
- Examples
- Test Patterns
- Example Rules
- Block Destructive Commands
- Warn About Debug Code
- Require Tests
- Protect Production Files
- Management
- Related Skills
- Best Practices
Hookify Rule Writing Guide
When To Use
- Creating behavioral rules to prevent unwanted actions
- Defining persistent guardrails for Claude Code sessions
When NOT To Use
- Complex multi-step workflows - use agents instead
- One-time operations that do not need persistent behavioral rules
Overview
Hookify rules are markdown files with YAML frontmatter that define patterns to watch for and messages to show when those patterns match. Rules are stored in .claude/hookify.{rule-name}.local.md files.
Quick Start
Create .claude/hookify.dangerous-rm.local.md:
---
name: dangerous-rm
enabled: true
event: bash
pattern: rm\s+-rf
action: block
---
🛑 **Dangerous rm command detected!**
This command could delete important files.
Verification: Run the command with --help flag to verify availability.
The rule activates immediately - no restart needed!
Rule File Format
Frontmatter Fields
name (required): Unique identifier (kebab-case)
enabled (required): true or false
event (required): bash, file, stop, prompt, or all
action (optional): warn (default) or block
pattern (simple): Regex pattern to match
Event Types
- bash: Bash tool commands
- file: Edit, Write, MultiEdit tools
- stop: When agent wants to stop
- prompt: User prompt submission
- all: All events
Advanced Conditions
For multiple field checks:
---
name: warn-env-edits
enabled: true
event: file
action: warn
conditions:
- field: file_path
operator: regex_match
pattern: \.env$
- field: new_text
operator: contains
pattern: API_KEY
---
🔐 **API key in .env file!**
Ensure file is in .gitignore.
Operators
regex_match: Pattern matchingcontains: Substring checkequals: Exact matchnot_contains: Must NOT containstarts_with: Prefix checkends_with: Suffix check
Field Reference
bash events: command
file events: file_path, new_text, old_text, content
prompt events: user_prompt
stop events: transcript
Pattern Writing
Regex Basics
\s- whitespace\d- digit\w- word character.- any character (use\.for literal dot)+- one or more*- zero or more|- OR
Examples
rm\s+-rf → rm -rf
console\.log\( → console.log(
chmod\s+777 → chmod 777
Test Patterns
python3 -c "import re; print(re.search(r'pattern', 'text'))"
Example Rules
Block Destructive Commands
---
name: block-destructive
enabled: true
event: bash
pattern: rm\s+-rf|dd\s+if=|mkfs
action: block
---
🛑 **Destructive operation blocked!**
Can cause data loss.
Warn About Debug Code
---
name: warn-debug
enabled: true
event: file
pattern: console\.log\(|debugger;
action: warn
---
🐛 **Debug code detected!**
Remove before committing.
Require Tests
---
name: require-tests
enabled: true
event: stop
action: warn
conditions:
- field: transcript
operator: not_contains
pattern: pytest|npm test
---
⚠️ **Tests not run!**
Please verify changes.
Protect Production Files
---
name: protect-prod
enabled: true
event: file
action: block
conditions:
- field: file_path
operator: regex_match
pattern: /production/|\.prod\.
---
🚨 **Production file!**
Requires review.
Management
Enable/Disable:
Edit .local.md file: enabled: false
Delete:
rm .claude/hookify.my-rule.local.md
List:
/hookify:list
Related Skills
- abstract:hook-scope-guide - Hook placement decisions
- abstract:hook-authoring - SDK hook development
- abstract:hooks-eval - Hook evaluation
Best Practices
- Start with simple patterns
- Test regex thoroughly
- Use clear, helpful messages
- Prefer warnings over blocks initially
- Name rules descriptively
- Document intent in messages
Troubleshooting
Common Issues
If a rule doesn't trigger, verify that the event type matches the tool being used (e.g., use bash for command line tools). Check that the regex pattern is valid and matches the target text by testing it with a short Python script. If you encounter permission errors when creating rule files in .claude/, ensure that the directory is writable by your user.
Related Skills
athola/friction-detector
tools
VerifiedTrustedCommunity
Detect friction signals; graduate patterns into rules. Use for session retrospectives.
300SKILL.mdUpdated Apr 23, 2026
athola/validate-mr
testing
VerifiedTrustedCommunity
Use when you need a diff-derived test plan for an MR — reads the diff, groups changes by area, runs targeted verifications, and proves revert-tests are genuine guards, not dead assertions.
294SKILL.mdUpdated May 30, 2026
athola/palace-index-curator
development
VerifiedTrustedCommunity
Curate the web-capture index. Use when the capture backlog grows, captures sit unprocessed at seedling/pending, or to surface stored research during work.
294SKILL.mdUpdated May 30, 2026
athola/memory-clarity-probe
testing
VerifiedTrustedCommunity
Probe memory/summary clarity via dual anchor questions: task progress, info gaps. Use when verifying session state or summary before handoff or compression.
294SKILL.mdUpdated May 30, 2026