Merge pull request #19 from lvzhaobo/feat/add-generate-qoder-hooks

feat: add generate-qoder-hooks skill (en + zh)

Author: cyandata

src/content/skills-zh/generate-qoder-hooks.md

@@ -0,0 +1,68 @@
+---
+name: generate-qoder-hooks
+title: 生成 Qoder Hooks 命令拦截
+description: 交互式生成 Qoder Hooks 命令拦截脚本。支持基础安全、金融合规、Workshop 教学等预设模板和自定义模式，内置审计日志记录。
+source: community
+author: Lv Zhaobo
+githubUrl: https://github.com/lvzhaobo/ai-coding-skills/tree/main/skills/generate-qoder-hooks
+category: security
+tags:
+  - 命令拦截
+  - 安全策略
+  - Hooks
+  - 审计日志
+  - Qoder配置
+  - DevOps
+roles:
+  - developer
+  - architect
+featured: false
+popular: false
+isOfficial: false
+installCommand: |
+  git clone https://github.com/lvzhaobo/ai-coding-skills
+  cp -r ai-coding-skills/skills/generate-qoder-hooks ~/.qoder/skills/
+date: 2026-04-11
+---
+
+## 使用场景
+
+- 新项目初始化命令安全策略
+- 定制命令黑名单（如禁止 `rm -rf`、`DROP TABLE`、`git push --force`）
+- Workshop/培训场景演示 Hooks 拦截机制
+- 添加金融合规命令过滤规则
+- 生成跨平台脚本（Shell + PowerShell）
+
+## 核心能力
+
+- **4 种预设场景**：基础安全、金融合规、Workshop 教学、自定义
+- **交互式问答**：收集拦截模式和脚本类型偏好
+- **双脚本输出**：Shell (.sh) 和 PowerShell (.ps1) 模板
+- **审计日志**：被拦截命令记录时间戳和规则名称
+- **settings.json 集成**：自动更新 `hooks.before_run_command` 配置
+- **安全设计**：脚本仅做模式匹配，绝不执行命令本身
+
+## 示例
+
+```
+用户：帮我配置项目的命令拦截
+
+Agent：选择安全场景？
+       → 基础安全（rm -rf、git push --force、DROP TABLE 等）
+
+       脚本类型？
+       → 跨平台（Shell + PowerShell）
+
+       [生成 .qoder/hooks/block-dangerous.sh + .ps1]
+       [更新 .qoder/settings.json]
+
+       ✅ Hooks 已生成！试试执行被拦截的命令来验证效果。
+```
+
+## 注意事项
+
+- 纯知识型 SKILL，生成脚本和配置文件，不调用外部 API
+- Hook 脚本使用 `exit 0`（通过）或 `exit 2`（阻断），不允许其他退出码
+- 脚本通过 stdin 读取 Qoder JSON 输入，用 `jq` 提取命令
+- 只读安全命令（`ls`、`cat`、`git status`）永远不会被拦截
+- 已有 settings.json 配置会被保留，新 Hook 以追加方式添加

src/content/skills/generate-qoder-hooks.md

@@ -0,0 +1,68 @@
+---
+name: generate-qoder-hooks
+title: Generate Qoder Hooks
+description: Interactively generate Qoder Hooks command interception scripts. Supports preset security templates (basic, financial compliance, workshop) and custom patterns with audit logging.
+source: community
+author: Lv Zhaobo
+githubUrl: https://github.com/lvzhaobo/ai-coding-skills/tree/main/skills/generate-qoder-hooks
+category: security
+tags:
+  - hooks
+  - command-filter
+  - security
+  - audit
+  - qoder-config
+  - devops
+roles:
+  - developer
+  - architect
+featured: false
+popular: false
+isOfficial: false
+installCommand: |
+  git clone https://github.com/lvzhaobo/ai-coding-skills
+  cp -r ai-coding-skills/skills/generate-qoder-hooks ~/.qoder/skills/
+date: 2026-04-11
+---
+
+## Use Cases
+
+- Set up command security policies for new projects
+- Customize command blocklists (e.g., block `rm -rf`, `DROP TABLE`, `git push --force`)
+- Demonstrate Hooks interception in workshops/training
+- Add financial compliance command filtering rules
+- Generate cross-platform scripts (Shell + PowerShell)
+
+## Core Capabilities
+
+- **4 Preset Scenarios**: Basic Security, Financial Compliance, Workshop, Custom
+- **Interactive Q&A**: Collects interception patterns and script type preferences
+- **Dual Script Output**: Shell (.sh) and PowerShell (.ps1) templates
+- **Audit Logging**: Blocked commands logged with timestamp and rule name
+- **settings.json Integration**: Auto-updates `hooks.before_run_command` config
+- **Safe by Design**: Scripts only match patterns — never execute commands themselves
+
+## Example
+
+```
+User: Help me set up command interception for our project
+
+Agent: Which security scenario?
+       → Basic Security (rm -rf, git push --force, DROP TABLE, etc.)
+
+       Script type?
+       → Cross-platform (Shell + PowerShell)
+
+       [Generates .qoder/hooks/block-dangerous.sh + .ps1]
+       [Updates .qoder/settings.json]
+
+       ✅ Hooks generated! Try running a blocked command to verify.
+```
+
+## Notes
+
+- Pure knowledge skill — generates scripts and config, no external API calls
+- Hook scripts use `exit 0` (pass) or `exit 2` (block) — no other exit codes
+- Scripts read Qoder JSON input from stdin via `jq`
+- Read-only commands (`ls`, `cat`, `git status`) are never blocked
+- Existing settings.json entries are preserved — new hooks are appended