[Bug] PreToolUse:Write hook generates false positives for security warnings

Resolved 💬 2 comments Opened Apr 8, 2026 by goroderickgo Closed May 21, 2026

Bug Description
Error: PreToolUse:Write hook error: [python3 ${CLAUDE_PLUGIN_ROOT}/hooks/security_reminder_hook.py]: ⚠️ Security Warning: Using child_process.exec() can lead to command injection vulnerabilities.

This codebase provides a safer alternative: src/utils/execFileNoThrow.ts

Instead of:
exec(command ${userInput})

Use:
import { execFileNoThrow } from '../utils/execFileNoThrow.js'
await execFileNoThrow('command', [userInput])
… +8 lines (ctrl+o to see all)

Hook false-positive WAY too often.

Environment Info

  • Platform: darwin
  • Terminal: ghostty
  • Version: 2.1.94
  • Feedback ID: 646c4fcd-fe76-451b-ba2b-edf9e64faa9f

Errors

[]

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗