[DOCS] Missing Security Warning for SessionStart Hooks in "Claude Code on the Web" Dependency Management

Resolved 💬 3 comments Opened Jan 19, 2026 by coygeek Closed Feb 27, 2026

Documentation Type

Missing documentation (feature not documented)

Documentation Location

https://code.claude.com/docs/en/claude-code-on-the-web#dependency-management

Section/Topic

The "Dependency management" section under the "Claude Code on the web" documentation, specifically the instructions regarding SessionStart hooks.

Current Documentation

The documentation provides an example of using a SessionStart hook to automate package installation. It states:

Create the corresponding script at scripts/install_pkgs.sh: ``bash #!/bin/bash npm install pip install -r requirements.txt exit 0 ` Make it executable: chmod +x scripts/install_pkgs.sh`

What's Wrong or Missing?

The documentation instructs users to create and make a script executable that is then triggered automatically by a SessionStart hook. However, it lacks a prominent security warning about the implications of this pattern.

Because SessionStart hooks execute automatically upon starting or resuming a session (including when teleporting a session), a user who clones a malicious or compromised repository and trusts the folder could have arbitrary code executed under their current shell permissions without further interaction. While the documentation elsewhere mentions "Principle of least privilege," this specific tutorial—which is a high-impact "how-to"—does not explicitly warn that these hooks run with the user's full local permissions and should only be used in trusted repositories.

Suggested Improvement

Add a <Warning> or <Important> callout block immediately following the chmod +x instruction.

Suggested Text:

Warning: Security Implications of Hooks Claude Code hooks execute automatically with your current shell permissions. Only enable SessionStart hooks in repositories you fully trust. A malicious repository could use these hooks to execute arbitrary code on your machine or in your cloud environment immediately upon starting a session or resuming a conversation. Always review hook scripts before granting trust to a project directory.

Impact

High - Prevents users from using a feature

Additional Context

  • Related documentation on general security can be found at https://code.claude.com/docs/en/security
  • Other developer tools that feature automatic script execution (like direnv or git hooks) typically include very prominent warnings that users should never "allow" or "trust" directories without inspecting the underlying scripts, as they represent a significant remote code execution (RCE) vector.
  • This is particularly important for the "Claude Code on the Web" section, as users might perceive the cloud environment as entirely isolated, forgetting that these settings often mirror or apply to local environments as well.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗