HookstoreHookstore

Documentation

Learn about verification, installation, and security best practices

Understanding Verification

Verification ≠ Security Audit

Verification on Hookstore confirms technical checks, but does NOT guarantee security, code quality, or trustworthiness.

Hook Verification

A hook is marked as "Verified" when:

  • We can successfully build the hook from its GitHub source code
  • The built hook's hash matches the on-chain hook definition
  • The source code is publicly accessible and reproducible

What this means

The code you see on GitHub is the code running on-chain.

What this does NOT mean

The code has been audited, reviewed for security, tested, or endorsed. Verification ≠ Audit.

Publisher Verification

A publisher is marked as "Verified Publisher" when:

  • The publisher has write access to the repository
  • The repository has a Hookstore manifest in .hookstore/config.json
  • The manifest links the repository to Hookstore

What this means

The publisher controls the repository and has linked it to Hookstore via the manifest.

What this does NOT mean

The publisher's identity is verified, they are trustworthy, or they are who they claim to be. Publisher verification ≠ Identity verification.

Installation Process

Installing a hook requires signing one or more transactions using your Xaman wallet. Each step in the installation process will:

  • Show you exactly what transaction will be signed
  • Display a QR code for mobile scanning (when available)
  • Allow you to review all details before signing
  • Push the transaction to your Xaman app if you're signed in

Always review transactions carefully

Before signing, review all transaction details. Only install hooks from sources you trust.

Security Best Practices

  • Review the source code on GitHub before installing
  • Understand what the hook does - read the README and documentation
  • Start with testnet - test hooks on testnet before using on mainnet
  • Verify the publisher - check if the publisher is verified and matches expected domains
  • Be cautious with permissions - understand what permissions and roles the hook requires
  • Keep your keys secure - never share your wallet keys or seed phrases

Want to Publish or Build with Hooks?

If you're a developer looking to publish hooks or integrate Hookstore into your application:

Publish Hooks

Use the Console to publish and manage your hooks, verify ownership, and track statistics.

Open Console

Public API

Integrate Hookstore into your application using our REST API. Browse the catalog, verify hooks, and access statistics programmatically.

View API Documentation

Need Help?

For questions, issues, or to report problems:

  • Check the hook's README for specific documentation
  • Review the hook's GitHub repository
  • Contact the publisher through their verified domain