pre_tool_use.py hook falsely blocks safe rm due to pathname matching -...r... #28
Description
The PreToolUse hook in ~/.claude/hooks/pre_tool_use.py sometimes blocks safe rm commands (no -r/-f) as “Dangerous rm command detected”.
Repro
Any plain rm with absolute paths where a directory name contains -...r... (e.g. soft-hold-enrollment):
rm /Users/me/project/soft-hold-enrollment/db/migrate/20251212031504_add_payment_account_to_enrollment_invoices.rb \
/Users/me/project/soft-hold-enrollment/db/migrate/foobar.rbActual
Blocked with:
BLOCKED: Dangerous rm command detected and prevented
Expected
Allowed (not recursive, not force). Only truly dangerous cases should be blocked (e.g. rm -rf /, rm -r ., etc.).
Root cause
is_dangerous_rm_command() uses:
re.search(r'\brm\s+.*-[a-z]*r', normalized)
This matches -enrollment inside the pathname, incorrectly treating it like an rm -r flag. It then checks for dangerous paths including /, which matches any absolute path, causing a false positive.
Suggested fix
Tokenize/parse the command (e.g. shlex.split) and only interpret -r/-R/--recursive and -f/--force when they’re actual option tokens, not substrings inside operands.