An AI-powered pre-tool-call safety evaluation plugin for Claude Code that uses the Claude CLI with Haiku to analyze tool calls before execution.
This plugin installs a script-style hook that intercepts all tool calls before they execute. The hook:
- Receives the tool call details (tool name and input parameters)
- Skips evaluation for safe read-only tools (read, glob, grep, websearch)
- Calls the Claude CLI with the Haiku model to evaluate potentially risky operations
- Returns
alloworblockbased on the AI's safety assessment
- AI-Powered Evaluation: Uses Claude Haiku for fast, intelligent safety analysis
- Configurable Model: Override the model via
SAFETY_EVAL_MODELenvironment variable - Timeout Protection: Configurable timeout prevents hanging (default: 30s)
- Optional Logging: Enable audit logs via
SAFETY_EVAL_LOGenvironment variable - Performance Optimized: Automatically skips evaluation for known-safe read-only tools
See Installation Guide for all installation methods.
# Via marketplace (recommended)
# Follow marketplace setup: ../../docs/manual-installation.md
# Or via GitHub
claude plugins install github:nsheaps/ai-mktpl/plugins/safety-evaluation-script
# Or locally for testing
cc --plugin-dir /path/to/plugins/safety-evaluation-script- Claude CLI must be installed and authenticated
- Hook script is automatically made executable during installation
| Variable | Default | Description |
|---|---|---|
SAFETY_EVAL_MODEL |
claude-3-5-haiku-latest |
Model to use for safety evaluation |
SAFETY_EVAL_TIMEOUT |
30 |
Timeout in seconds for evaluation |
SAFETY_EVAL_LOG |
(none) | Path to log file for audit trail |
export SAFETY_EVAL_LOG=~/.claude/safety-audit.logThe AI evaluates tool calls against these security criteria:
- Destructive Operations: File/system deletion or modification
- Data Exfiltration: Credential or sensitive data leakage
- Network Security: Suspicious network calls or service exposure
- Privilege Escalation: Attempts to gain elevated permissions
- Code Injection: Arbitrary or malicious code execution
- Resource Abuse: Fork bombs, infinite loops, excessive resource use
The evaluator assigns one of four risk levels:
- low: Normal development operations
- medium: Operations that warrant attention but are likely safe
- high: Potentially dangerous operations requiring scrutiny
- critical: Operations that should be blocked
The hook returns JSON in this format:
// Allow the operation
{"decision": "allow"}
// Block the operation
{
"decision": "block",
"reason": "Safety evaluation blocked this operation: [reason] (Risk level: [level])"
}| Aspect | Script Style (This Plugin) | Prompt Style |
|---|---|---|
| Execution | External script process | Inline Claude evaluation |
| Latency | Higher (separate CLI call) | Lower (inline processing) |
| Flexibility | Full programming capabilities | Natural language only |
| Customization | Environment variables, logging | Prompt text only |
| Determinism | More deterministic | Context-dependent |
- Requires Claude CLI to be installed and authenticated
- Adds latency to tool calls (especially for the first call)
- May occasionally block legitimate operations (false positives)
- Network connectivity required for AI evaluation
Increase the timeout:
export SAFETY_EVAL_TIMEOUT=60Consider using the prompt-style variant which has more context about the conversation, or adjust the system prompt in the script.
Check that:
- Claude CLI is installed:
which claude - CLI is authenticated:
claude --version - Network connectivity is available
MIT License - See the main repository for details.