claude plugins install nardovibecoding/claude-sec-ops-guard27 hooks + 28 MCP tools — security enforcement, opsec scanning, and ops automation for Claude Code.
Claude Code does exactly what you tell it — including force-push to main, commit your .env, or run rm -rf on a production directory. There's no enforcement layer by default. This adds one.
PreToolUse hooks → block dangerous ops before they run
PostToolUse hooks → detect security issues + trigger ops automation
MCP server → persistent state: agent count, VPS status, config diff
| Hook | Event | What it does |
|---|---|---|
guard_safety.py |
PreToolUse: Bash/Edit/Write/Read | Blocks destructive commands, rm -rf, credential reads, force-push, branch tampering |
canary_guard.py |
PreToolUse: Bash/Edit/Write/Read | Security canary — detects injection attempts in tool inputs |
auto_scan_output.py |
PostToolUse: Bash/Read/WebFetch | Scans tool output for leaked secrets, tokens, private data |
tg_security_guard.py |
PostToolUse: Edit/Write | Telegram-specific: prevents leaking chat IDs, tokens, user data |
tg_api_guard.py |
PostToolUse: Edit/Write | Blocks direct Telegram API calls that bypass the bot abstraction |
tg_qr_document.py |
PreToolUse: Edit/Write | Enforces QR codes sent as document not photo |
admin_only_guard.py |
PostToolUse: Edit/Write | Catches missing @admin_only decorators on sensitive handlers |
reasoning_leak_canary.py |
PostToolUse: Edit/Write | Detects when internal reasoning leaks into output or outreach files |
file_lock.py |
PreToolUse: Bash/Edit/Write/Read | Prevents two agents editing the same file simultaneously |
file_unlock.py |
PostToolUse: Edit/Write | Releases file lock after edit completes |
api_key_lookup.py |
PreToolUse: Bash | Forces checking reference doc before searching for API keys |
auto_pre_publish.py |
PreToolUse: Bash | Blocks gh repo visibility public until all checks pass |
reddit_api_block.py |
PostToolUse: Edit/Write | Blocks Reddit OAuth API usage — use scraping instead |
skill_disable_not_delete.py |
PreToolUse: Bash | Enforces renaming SKILL.md to .disabled instead of deleting |
| Hook | Event | What it does |
|---|---|---|
auto_vps_sync.py |
PostToolUse: Bash | git push → VPS auto-pulls |
auto_pip_install.py |
PostToolUse: Edit/Write | requirements.txt edit → auto pip install on VPS |
auto_bot_restart.py |
PostToolUse: Edit/Write | Persona JSON edit → restart bot on VPS |
auto_restart_process.py |
PostToolUse: Edit/Write | Source file edit → restart its process |
auto_skill_sync.py |
PostToolUse: Edit/Write | SKILL.md edit → sync skills directory |
auto_hook_deploy.py |
PostToolUse: Edit/Write | Hook file edit → auto-deploy to hooks dir |
mcp_server_restart.py |
PostToolUse: Edit/Write | MCP server source edit → restart it on VPS |
auto_memory_index.py |
PostToolUse: Write | New memory file → verify it's in MEMORY.md index |
verify_infra.py |
PostToolUse: Bash | crontab/systemctl setup → auto-verify on target |
auto_context_checkpoint.py |
UserPromptSubmit | Every 20% context → auto checkpoint |
auto_content_remind.py |
Stop | Session end → remind to save tweet-worthy moments |
memory_auto_commit.py |
Stop | Session end → auto-commit changed memory files |
cookie_health.py |
SessionStart | Session start → check MCP health + cookie freshness on VPS |
cron_log_monitor.py |
SessionStart | Session start → check VPS cron logs for recent errors |
Persistent process — holds state, connects to VPS, answers real-time queries.
| Category | Tools |
|---|---|
| Security scanning | content_sanitize, url_check, file_scan, secret_leak_scan, exfil_detect, image_metadata, dependency_audit |
| VPS ops | vps_status, config_diff, repo_sync_check, github_readme_sync, github_metadata, github_changelog |
| Session | agent_count, context_budget, session_log, session_checkpoint, session_transfer, session_id, post_task_check |
| Content | content_capture, content_queue |
| Tools | set_reminder, indicator_switch |
claude plugins install nardovibecoding/claude-sec-ops-guardRequires Python 3.10+ and optional VPS config for ops automation hooks.
bash <(curl -fsSL https://raw.githubusercontent.com/nardovibecoding/claude-sec-ops-guard/main/install.sh)- claude-quality-gate — 10 hooks for code quality enforcement
AGPL-3.0 — Copyright (c) 2026 Nardo (nardovibecoding)