Does the Promptbook replace a pentest?

No. It helps identify signals and organize review. Impact validation, exploitation chain, and fix confirmation stay in the Manual Pentest.

Why is the Manual Pentest not sold through public checkout?

Because scope, authorization, environment, and operational risk need to be evaluated before a proposal.

Claude Code hooks, permissions and MCP security: where to draw the boundary

A good hook is a rail, not a blind shortcut

Claude Code hooks can run commands during agent workflow events. That helps with formatting, tests, sensitive-file blocks and repeatable checks. The same mechanism deserves care: a hook executes commands with the local user's power.

Permissions and MCP security need to be designed together. The agent can ask to edit files, run tests, call tools and use MCP servers. Each step needs a boundary: what can be read, what can be written, what never touches production and what requires human confirmation.

Minimum review

Version hooks only when they are simple, reviewable and necessary.
Use project-based or absolute script paths instead of surprising working directories.
Explicitly block .env files, keys, dumps, private artifacts and sensitive directories.
Configure MCP only from trusted servers and only with necessary tools.
Separate permissions for reading, writing, terminal access and state-changing actions.
Require human approval before deploys, migrations, auth changes, billing changes or data changes.
Keep logs free from secrets, tokens, customer data and private payloads.

When to request review

If a hook only runs local lint, the risk is operational. If it validates MCP, changes permission files, calls the network, alters a database or gates deploys, it is a security boundary.

Use the Promptbook for the first review of login, billing, data and tool flows. Use Risk Review when Claude Code permissions, MCP security or hooks touch production, real customers or revenue.

Sources

Claude Code hooks are useful when they reduce ambiguity. Without least privilege, they become automation with too much access.

A good hook is a rail, not a blind shortcut

Minimum review

Version hooks only when they are simple, reviewable and necessary.
Use project-based or absolute script paths instead of surprising working directories.
Explicitly block .env files, keys, dumps, private artifacts and sensitive directories.
Configure MCP only from trusted servers and only with necessary tools.
Separate permissions for reading, writing, terminal access and state-changing actions.
Require human approval before deploys, migrations, auth changes, billing changes or data changes.
Keep logs free from secrets, tokens, customer data and private payloads.

When to request review

If a hook only runs local lint, the risk is operational. If it validates MCP, changes permission files, calls the network, alters a database or gates deploys, it is a security boundary.

Use the Promptbook for the first review of login, billing, data and tool flows. Use Risk Review when Claude Code permissions, MCP security or hooks touch production, real customers or revenue.

Sources

Claude Code hooks are useful when they reduce ambiguity. Without least privilege, they become automation with too much access.