[DOCS] Missing Security Warning for SessionStart Hooks in "Claude Code on the Web" Dependency Management
Documentation Type
Missing documentation (feature not documented)
Documentation Location
https://code.claude.com/docs/en/claude-code-on-the-web#dependency-management
Section/Topic
The "Dependency management" section under the "Claude Code on the web" documentation, specifically the instructions regarding SessionStart hooks.
Current Documentation
The documentation provides an example of using a SessionStart hook to automate package installation. It states:
Create the corresponding script atscripts/install_pkgs.sh: ``bash #!/bin/bash npm install pip install -r requirements.txt exit 0`Make it executable:chmod +x scripts/install_pkgs.sh`
What's Wrong or Missing?
The documentation instructs users to create and make a script executable that is then triggered automatically by a SessionStart hook. However, it lacks a prominent security warning about the implications of this pattern.
Because SessionStart hooks execute automatically upon starting or resuming a session (including when teleporting a session), a user who clones a malicious or compromised repository and trusts the folder could have arbitrary code executed under their current shell permissions without further interaction. While the documentation elsewhere mentions "Principle of least privilege," this specific tutorial—which is a high-impact "how-to"—does not explicitly warn that these hooks run with the user's full local permissions and should only be used in trusted repositories.
Suggested Improvement
Add a <Warning> or <Important> callout block immediately following the chmod +x instruction.
Suggested Text:
Warning: Security Implications of Hooks Claude Code hooks execute automatically with your current shell permissions. Only enable SessionStart hooks in repositories you fully trust. A malicious repository could use these hooks to execute arbitrary code on your machine or in your cloud environment immediately upon starting a session or resuming a conversation. Always review hook scripts before granting trust to a project directory.
Impact
High - Prevents users from using a feature
Additional Context
- Related documentation on general security can be found at https://code.claude.com/docs/en/security
- Other developer tools that feature automatic script execution (like
direnvor git hooks) typically include very prominent warnings that users should never "allow" or "trust" directories without inspecting the underlying scripts, as they represent a significant remote code execution (RCE) vector. - This is particularly important for the "Claude Code on the Web" section, as users might perceive the cloud environment as entirely isolated, forgetting that these settings often mirror or apply to local environments as well.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗