[Bug] PreToolUse:Write hook generates false positives for security warnings
Resolved 💬 2 comments Opened Apr 8, 2026 by goroderickgo Closed May 21, 2026
Bug Description
Error: PreToolUse:Write hook error: [python3 ${CLAUDE_PLUGIN_ROOT}/hooks/security_reminder_hook.py]: ⚠️ Security Warning: Using child_process.exec() can lead to command injection vulnerabilities.
This codebase provides a safer alternative: src/utils/execFileNoThrow.ts
Instead of:
exec(command ${userInput})
Use:
import { execFileNoThrow } from '../utils/execFileNoThrow.js'
await execFileNoThrow('command', [userInput])
… +8 lines (ctrl+o to see all)
Hook false-positive WAY too often.
Environment Info
- Platform: darwin
- Terminal: ghostty
- Version: 2.1.94
- Feedback ID: 646c4fcd-fe76-451b-ba2b-edf9e64faa9f
Errors
[]This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗