Skip to content
Security & Permissions Intermediate

Block Dangerous Commands (Hooks)

Use PreToolUse hooks to block rm -rf, DROP TABLE, and other destructive commands

Command

"color:#9CA3AF;font-style:italic"># ."color:#7C5CFC">claude/settings.json
$ {
    "hooks": {
      "PreToolUse": [{
        "matcher": "Bash",
        "hooks": [{
          "type": "command",
          "command": "./.">claude/hooks/block-rm.sh"
        }]
      }]
    }
  }

Response

#!/bin/bash
# .claude/hooks/block-rm.sh
COMMAND=$(cat | jq -r '.tool_input.command')

if echo "$COMMAND" | grep -q 'rm -rf'; then
  echo "Blocked: rm -rf is not allowed" >&2
  exit 2  # Exit code 2 = BLOCK
fi

exit 0  # Exit code 0 = allow

Parsing Code

059669">">// Hook exit codes:
059669">">// 0 = allow the tool call
059669">">// 2 = BLOCK the tool call (stderr message fed back to Claude)
// other = non-blocking error, tool still runs

Gotchas

! Exit code 2 blocks the tool call; exit code 0 allows it
! stderr message is fed back to Claude as context about why the command was blocked

Related Recipes

Audit Logging with Hooks AI-Powered Command Validation