The hook scripts interpolate JSON-derived values directly into shell strings, which is fragile and creates a theoretical shell injection path.
Affected files:
- hooks/mempal_save_hook.sh
- hooks/mempal_precompact_hook.sh
The pattern:
python3 -c "
with open('$TRANSCRIPT_PATH') as f:
Suggested fix — pass values as arguments instead:
python3 - "$TRANSCRIPT_PATH" <<'EOF'
import sys
path = sys.argv[1]
with open(path) as f:
EOF
Same applies anywhere $SESSION_ID or other JSON-parsed values are embedded in shell strings. In practice Claude Code's output is safe, but this pattern is fragile and worth hardening against format changes.
The hook scripts interpolate JSON-derived values directly into shell strings, which is fragile and creates a theoretical shell injection path.
Affected files:
The pattern:
python3 -c "
with open('$TRANSCRIPT_PATH') as f:
Suggested fix — pass values as arguments instead:
python3 - "$TRANSCRIPT_PATH" <<'EOF'
import sys
path = sys.argv[1]
with open(path) as f:
EOF
Same applies anywhere $SESSION_ID or other JSON-parsed values are embedded in shell strings. In practice Claude Code's output is safe, but this pattern is fragile and worth hardening against format changes.