[BUG] security-guidance plugin hook fails on Windows — uses hardcoded python3
Bug Description
The security-guidance marketplace plugin registers a PreToolUse hook for Edit|Write|MultiEdit that fails on Windows because it hardcodes python3 as the command, which doesn't exist on Windows.
File: plugins/cache/claude-plugins-official/security-guidance/unknown/hooks/hooks.json
"command": "python3 ${CLAUDE_PLUGIN_ROOT}/hooks/security_reminder_hook.py"
This produces a PreToolUse:Edit hook error on every Edit/Write/MultiEdit operation.
Secondary Issue
The Python script also hardcodes a Linux debug log path:
DEBUG_LOG_FILE = "/tmp/security-warnings-log.txt"
This should use os.path.expanduser("~") or tempfile.gettempdir() for cross-platform compatibility.
Steps to Reproduce
- Enable the
security-guidanceplugin on Windows - Ask Claude to edit any file
- Observe
PreToolUse:Edit hook error
Expected Behavior
The hook should use a cross-platform Python invocation (e.g., sys.executable, py, or platform detection) so it works on both Windows and Unix systems.
Workaround
Manually edit the cached hooks.json to change python3 to py (Windows Python Launcher). This fix is lost when the plugin cache updates.
Environment
- OS: Windows 11 Pro
- Claude Code: CLI (latest)
- Python: 3.12 via Windows Python Launcher (
py)
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗