When Check Point Research published two CVEs for Claude Code in February 2026, the dev community had a brief moment of discomfort and moved on. CVE-2025-59536 allowed code contained in a project to execute before the user accepted the trust dialog. CVE-2026-21852 allowed an attacker-controlled project to redirect API traffic through a malicious ANTHROPIC_BASE_URL — leaking your API key before trust was confirmed. All it took was cloning a repo and opening the tool.
That’s the new attack surface. Not your application code. Your agent configuration.
Everything Claude Code (ECC) was built exactly for this. It started as a hackathon project at Cerebral Valley × Anthropic in February 2026, and today it has accumulated 187K stars on GitHub. The main product is a performance and workflow harness for Claude Code — skills, memory, slash commands, TDD enforcement — but the functionality generating the current wave of attention is AgentShield: a security scanner that audits your AI agent configuration before anything else does.
What AgentShield Audits
The scanner targets your .claude/ directory and covers five categories around CLAUDE.md, settings.json, MCP server configs, hooks, agent definitions, and skills:
- Secrets Detection — 14 patterns for hardcoded credentials, API keys, and tokens
- Permissions Audit — flags overly broad or misconfigured access controls
- Hook Injection Analysis — reviews hooks for paths that could be weaponized
- MCP Server Risk Profiling — evaluates each connected MCP server for exposure
- Agent Config Review — validates agent definitions against known risk patterns
The project includes 1,282 tests, 98% coverage, and 102 static analysis rules. It’s not typical for a community plugin — it’s closer to what you’d expect from a dedicated security tool.
Installation and Getting Started
You don’t need to install anything for your first scan:
# Quick scan without installation
npx ecc-agentshield scan
# Auto-fix of safe issues
npx ecc-agentshield scan --fix
# Deep analysis with three Opus 4.6 agents
npx ecc-agentshield scan --opus --stream
The --opus flag is the most interesting: it launches three Claude Opus 4.6 agents in a red team / blue team / auditor pipeline. The attacker looks for exploit chains, the defender evaluates protections, and the auditor synthesizes both into a prioritized risk report. It’s adversarial reasoning, not just pattern matching.
For CI/CD, the scanner exports to JSON, Markdown, or HTML:
npx ecc-agentshield scan --format json
npx ecc-agentshield scan --format html > security-report.html
Installing the Full Plugin
ECC is much more than the scanner. For the full harness:
# Via Claude Code marketplace
/plugin marketplace add https://github.com/affaan-m/everything-claude-code
/plugin install ecc@ecc
Important note: if you install via /plugin install, don’t run the manual installer afterward (./install.sh --profile full). The plugin already loads skills, commands, and hooks automatically — running it twice duplicates everything and breaks agent behavior.
For manual installation (when the plugin doesn’t resolve well in your build):
git clone https://github.com/affaan-m/everything-claude-code.git
# User-level rules (applies to all projects)
mkdir -p ~/.claude/rules/ecc
cp -r everything-claude-code/rules/common ~/.claude/rules/ecc/
cp -r everything-claude-code/rules/typescript ~/.claude/rules/ecc/ # or your stack
The Context That Matters
Securing AI agents isn’t a theoretical problem. In March 2026, Unit 42 documented indirect prompt injection on the web in production. In February, Microsoft Security published an analysis of AI Recommendation Poisoning with real cases in 31 companies across 14 industries. Amazon Q Developer had its own supply chain incident in 2025 with a malicious payload in the VS Code extension.
The pattern is consistent: the tools we trust most are the ones being attacked most, because they have access to credentials, filesystems, and production pipelines.
ECC isn’t going to solve all these problems. But it does give you an honest audit of your attack surface in agent configuration — which is exactly the vector the Check Point CVEs demonstrated works.
If you’re using Claude Code against repos you don’t completely control, it’s worth running the scanner before someone else does it for you.
GitHub: github.com/affaan-m/everything-claude-code · 187K stars