[BUG] security-guidance plugin hook fails on Windows — uses hardcoded python3

Resolved 💬 2 comments Opened Mar 28, 2026 by KingMalivore Closed Mar 28, 2026

Bug Description

The security-guidance marketplace plugin registers a PreToolUse hook for Edit|Write|MultiEdit that fails on Windows because it hardcodes python3 as the command, which doesn't exist on Windows.

File: plugins/cache/claude-plugins-official/security-guidance/unknown/hooks/hooks.json

"command": "python3 ${CLAUDE_PLUGIN_ROOT}/hooks/security_reminder_hook.py"

This produces a PreToolUse:Edit hook error on every Edit/Write/MultiEdit operation.

Secondary Issue

The Python script also hardcodes a Linux debug log path:

DEBUG_LOG_FILE = "/tmp/security-warnings-log.txt"

This should use os.path.expanduser("~") or tempfile.gettempdir() for cross-platform compatibility.

Steps to Reproduce

  1. Enable the security-guidance plugin on Windows
  2. Ask Claude to edit any file
  3. Observe PreToolUse:Edit hook error

Expected Behavior

The hook should use a cross-platform Python invocation (e.g., sys.executable, py, or platform detection) so it works on both Windows and Unix systems.

Workaround

Manually edit the cached hooks.json to change python3 to py (Windows Python Launcher). This fix is lost when the plugin cache updates.

Environment

  • OS: Windows 11 Pro
  • Claude Code: CLI (latest)
  • Python: 3.12 via Windows Python Launcher (py)

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗