140K+ stars Skills, agents, and security For Claude Code, Codex, Cursor, and OpenCode

Skills, agents, and security for your coding agent.

Pick a profile. Install the skills and agents your team needs. AgentShield scans every session. The GitHub App turns repo history into reusable defaults. 140K+ stars on GitHub. Start free, scale to enterprise.

Install GitHub App Free See Free / Pro / Enterprise

Prefer a local install? Pick a profile (core, developer, security, or full) and copy the install command. Want the fastest repo-level setup? Jump to GitHub App setup. Need private repo coverage or rollout support? Compare GitHub App plans.

159 skills, 38 agents, and 72 commands in the OSS layer 102 security rules scan every agent session Works across Claude Code, Codex, Cursor, and OpenCode

Security

AgentShield scanning

102 rules catch prompt injection, config drift, and guardrail gaps before they reach production. Open-source scanner with enterprise reporting path.

102 rules • 1282 tests • enterprise path

Automation

GitHub App workflow

Install on any repo. Comment /ecc-tools analyze. Review the PR that turns commit history into team-specific skills, standards, and checks.

Free → $19/active seat → Contact

Ecosystem

Skill catalog

159 skills, 38 agents, 72 commands. Pick a profile or build a custom install. Works across all supported harnesses.

Browse the selective install builder

GitHub App first

Turn repo history into reusable skills and defaults.

The GitHub App is the fastest path from the OSS ecosystem into a repo-native workflow. Start free on public repos, then add private repo coverage, deeper review, and team controls as the coordination burden grows.

Free $0 Pro $19 / seat Enterprise Contact

Install the app on your repo or org Connect ECC to the repository patterns your team already ships with every day.

Comment /ecc-tools analyze ECC inspects workflow patterns, repo conventions, and risky config surfaces without changing your merge process.

Review the generated pull request Approve only what you want, then layer on Pro or Enterprise features when private repos or governance become the bottleneck.

Install GitHub App

Need private-seat planning, rollout help, or policy packs first? See Free, Pro, and Enterprise plans or talk to enterprise.

Watch the demo · 1:45

Watch ECC analyze a repository, extract workflow patterns, and turn them into reusable skills and defaults

GitHub Stars

Security Rules

Contributors

npm Downloads/mo

Works across Claude Code, Codex, Cursor, and OpenCode

Claude Code

Codex

Cursor

OpenCode

[ THREE LAYERS ]

ECC is not one repo. It is a system with three layers.

The repo drives distribution, AgentShield provides protection, and ECC 2.0 is the operator layer that sits above individual harnesses.

Distribution layer

Open-source harness toolkit

The repo stays the front door. Skills, commands, hooks, adapters, demos, and install profiles keep ECC useful before anyone pays.

The ECC OSS repo stays MIT-licensed
Cross-harness coverage across Claude Code, Codex, OpenCode, Cursor, and more
Repo gravity and content distribution feed the rest of the system

Explore the OSS front door

Protection layer

AgentShield and policy

Protection lives beside distribution, not behind it. Teams can audit configs locally, then add automation, policy packs, and enterprise reporting only where needed.

Open-source scanner for auditable trust
GitHub App automation for PR scanning and risky-context review
Enterprise path for reporting, governance, and custom rules

Review the protection layer

Control-plane layer

ECC 2.0 operator surface

The next product layer is a local-first control plane for observability, orchestration, session management, and cross-harness operations above the underlying tools.

Session and task visibility across multiple harnesses
Token optimization, operator review, and shared policy context
Preview entry point for the medium-term product roadmap

Open the ECC 2.0 preview

Open source builds trust. The GitHub App turns repo history into team guidance. ECC 2.0 is the operator layer above the harness. The product story gets clearer when those three jobs are visible instead of collapsed into one blob.

[ PRODUCT SURFACES ]

Open source at the center, additive layers around it

Keep the OSS install, docs, demo, and modules at the center. Add GitHub automation, security, and rollout help only where your team actually feels the coordination pain.

GitHub App

ECC Tools GitHub App

The repo-native automation layer. Turn git history into reviewable guidance, keep proposed changes in PRs, and add deeper security or rollout support only when the team needs it.

Starts free for public repositories
Review every generated pull request before merge
Add AgentShield-backed checks and private repo coverage on paid plans

Install GitHub App See Free, Pro, and Enterprise

Open Source

ECC OSS Repository

The front door most people start with. Skills, agents, commands, demos, and workflow docs you can copy, customize, and ship today. The repo is listed on GitHub as Everything Claude Code.

Browse Repository

Need team rollout help? Explore consulting Security layer: AgentShield Cross-harness coverage

[ GITHUB APP PRICING ]

Choose the GitHub App tier that matches the team surface

One install path. Start free on public repos, move to Pro for private repositories and active seats, then scope Enterprise when rollout and governance become the real job.

Free Public repos

/ month

Best for OSS maintainers and evaluation on public repos.

Install on public repositories
Generate reviewable PRs from git history
Keep the OSS install surface fully available

Install Free

Pro Most teams start here

$19

/ seat

For teams that need private repo coverage and active-seat billing without changing the review flow.

Private repo GitHub App coverage
Pooled usage with metered overage
Deeper AgentShield-backed review checks

Start Pro Compare Pro Details

Enterprise Contact only

Contact

sales

For organizations that need procurement, governance, and rollout support on the same install path.

SSO-ready governance and audit log surfaces
Policy packs and custom rules
Dedicated rollout support and procurement help

Enterprise rollout Review Full Pricing

Free proves fit, Pro supports real teams, and Enterprise handles rollout.

[ THE DIFFERENCE ]

AI coding with ECC

See how ECC upgrades the same workflow without forcing a tool reset or hiding the open-source layer.

Without ECC

Your coding agent does not know your team's patterns
Manual test writing with inconsistent coverage
Security vulnerabilities slip through reviews
No shared coding standards across the team
Every session starts from scratch

With ECC

ECC teaches Claude Code, Codex, OpenCode, and Cursor your exact conventions
TDD and verification workflows move testing earlier and make review expectations explicit
AgentShield catches config vulnerabilities
Shared skills and agents across the whole team
Continuous learning evolves with your codebase

[ SKILLS & TOOLS ]

Start with the skills and tools teams actually reuse

The GitHub App is the conversion surface, but these are the workflows that make the ECC ecosystem sticky: battle-tested skills, agents, security tools, and automation helpers you can adopt in minutes.

Security layer

AgentShield

Opus 4.6-powered security auditor for AI agent configs. Use it locally, in pull request review, or as the foundation for policy packs and enterprise reporting.

Explore Security Skill

/tdd-workflow

Test-driven development enforcer. Keep tests first, coverage visible, and implementation reviewable instead of relying on ad hoc prompts.

Most Used

Agent

code-reviewer

Automated review for quality, security, and maintainability. A strong default when teams want consistent standards across generated changes.

Team Favorite

Skill

/security-review

OWASP Top 10 checklist, secret detection, and secure coding patterns for teams that want security review built into the same harness.

Security

Plugin

hookify

Create hooks conversationally. Describe the guardrail you want and generate the enforcement config without hand-authoring every rule.

Official Plugin

Skill

/continuous-learning-v2

Instinct-based system that observes sessions and creates atomic behaviors with confidence scoring, so the harness improves with repeated work.

Advanced

Agent

planner

Feature implementation planning that breaks down complex work into phases, dependencies, and execution order for both humans and agents.

Essential

Explore Skills, Agents, and Tools

[ RESOURCES ]

Learn More

Consulting

Rollout, training, and security workshops

See how ECC consulting packages workshops, implementation, and retainers for engineering teams adopting AI coding tools.

Explore consulting

GitHub

ECC OSS Documentation

Complete documentation for skills, agents, hooks, and the continuous learning system.

15 min read

Platforms

Claude Code, Codex, OpenCode, and Cursor

Understand how ECC keeps workflows portable as the harness layer shifts under your team.

View platform coverage

terminal ~ zsh

$ npm install -g ecc-universal

Installing ecc-universal (Claude Code + Codex + OpenCode + Cursor)

Fetching packages...

159 skills loaded

38 agents configured

Universal compatibility enabled

ecc-universal v1.10.0 installed successfully!

[ QUICK START ]

Get Started in 30 Seconds

Start with the GitHub App for the fastest repo-level setup, or use the OSS install builder for local harnesses.

GitHub App setup OSS install Cursor install

Install the ECC Tools GitHub App

Grant read access to git history and write access for PRs. Public repos can start free.

github.com/apps/ecc-tools →

Comment on any issue

Type /ecc-tools analyze on an issue in your repo. The app audits the repo harness and turns repeatable patterns into guidance.

Review the pull request

Merge the generated SKILL.md and instincts.yaml only after review. Compatible harnesses pick them up automatically.

Install GitHub App See Plans for Private Repos

What you get after the first run Enough proof to decide whether to stay free on public repos, expand into private repos, or keep the OSS path local-first.

Reviewable PR Suggested skills and defaults arrive as normal code review instead of silent automation.

Repo-specific guidance Your git history becomes reusable harness instructions your team can keep and refine.

Clear next step Stay free, move to private repo coverage, or send teammates to the OSS onboarding path.

Prefer local-only first? Jump to OSS install, pick a profile, and add the GitHub App later when repo automation matters.

Pick a profile from the selective install builder

Choose core, developer, security, or full based on what your team needs. Each profile installs a curated set of skills, agents, and hooks.

Run the generated install command

The builder generates a copy-paste command. Skills auto-load from .claude/ and related config paths. Try /tdd, /plan, or /security-review.

Enable continuous learning (optional)

Run /continuous-learning-v2 to let ECC observe your workflow and surface reusable patterns across sessions.

Open OSS Repo Explore Skill Catalog

Pick a profile from the selective install builder

The installer detects Cursor and creates .cursorrules with equivalent configurations for your chosen profile.

Open Cursor in your project

Rules from .cursorrules are automatically loaded. Apply coding standards, patterns, and constraints.

Audit with AgentShield (optional)

Run npx ecc-agentshield scan .cursorrules to verify your configs are secure.

Open OSS Repo Review AgentShield

[ AGENTSHIELD ]

AgentShield

Reviewable security for agent configs, hooks, MCP servers, and prompt surfaces before they become team defaults.

AgentShield

Scan CLAUDE.md, .cursorrules, agents.json, hooks, and MCP surfaces with the same open scanner you can later automate in pull request review. The value is clear scope, high-signal findings, and a credible path into policy packs and enterprise rollout.

Red Team → Blue Team → Auditor

GitHub npm: ecc-agentshield

Config Scanner

Scans CLAUDE.md, .cursorrules, agents.json, and custom configs for security weaknesses and misconfigurations.

Injection Detection

Red-team agent crafts adversarial prompts to test for injection vulnerabilities in your agent instructions.

Guardrail Verification

Blue-team agent validates that safety boundaries, permission scopes, and tool restrictions are properly enforced.

Audit Report

Generates a structured security report with severity ratings, specific findings, and remediation steps.

agentshield audit

$ npx ecc-agentshield scan ./CLAUDE.md

AgentShield CLI — AI Agent Config Security Auditor

Scanning: CLAUDE.md (2,847 tokens)

CRITICAL Unrestricted file system access via Bash tool

WARNING No rate limiting on external API calls

WARNING Missing secret detection guardrail

PASS Tool permissions properly scoped

PASS Destructive action confirmation required

PASS No prompt injection vectors detected

Security Score: 72/100 — 1 critical, 2 warnings, 3 passed

Full report saved to ./agentshield-report.json

View on GitHub

[ COMMUNITY SIGNAL ]

Public feedback from real ECC users

Sourced from public GitHub discussions, not invented avatars. These are short quotes from the actual community using ECC in the wild.

GitHub Discussion #740

This works very well. The model stays on track, checks its work, fixes the code without you having to ask it, so results come back much faster.

@jabbor Using ECC with a local LLM and MCP workflow

GitHub Discussion #849

An incredible resource for understanding agentic workflows in Claude Code.

@imdcyuanzhan Architectural discussion on rules vs skills

GitHub Discussion #982

The token optimization and memory persistence sections address a real problem.

@nicolalessi Benchmarking context optimization on FastAPI

The OSS layer that makes the GitHub App sticky

ECC Tools is one layer in a broader OSS system. These are the reusable surfaces teams keep after the first install.

Skills

Curated workflow patterns for planning, coding, review, and shipping.

Agents

Specialized subagents for planning, review, testing, and execution-heavy work.

Hooks

Pre and post tool automation for checks, formatting, and fewer repeated mistakes.

Continuous Learning

Captures repeated behavior and turns it into reusable patterns with confidence scoring.

AgentShield

Open scanner for configs, hooks, MCP, and agent surfaces with automation layered on top.

Install App Free

Copied to clipboard!

[ WHAT'S NEW ]

Recent Updates

Product, install, and rollout updates across the GitHub App, OSS layer, AgentShield, and ECC 2.0.

Mar 2026

GitHub App pricing and onboarding cleanup

Active-seat pricing, pooled usage, metered overage, and a cleaner GitHub App-first onboarding path for public repos, private repos, and enterprise rollout.

this month

Mar 2026

Selective install and cross-harness packaging

Selective install profiles, universal package updates, and clearer OSS paths across Claude Code, Codex, Cursor, and OpenCode.

this month

Mar 2026

ECC 2.0 control-plane direction

Operator-surface work across session visibility, control-plane logging, workflow review, and the next layer above individual harness installs.

roadmap in motion

[ FAQ ]

Frequently Asked Questions

Quick answers to common questions about ECC Tools.

What is ECC Tools and how does it relate to the ECC OSS repo?

ECC Tools is the automated GitHub App that analyzes your repository's git history using AI and generates skill files. The ECC OSS repo, published on GitHub as Everything Claude Code, is the open-source repository of pre-built skills, agents, hooks, and the continuous learning system. They're complementary: ECC Tools generates custom skills from your codebase, while the OSS repo provides battle-tested community configs you can use immediately.

Together they form the ECC system: open-source modules at the center, then additive layers for automation, security, and enterprise rollout.

Is it free? What are the usage limits?

The ECC OSS repo is completely free and MIT-licensed—you can copy, modify, and distribute any skills, agents, hooks, and modules without limits. The GitHub App free layer covers basic PR scanning, community skills, and public repos. For private repos and stronger automation, check the pricing page.

Paid plans are for private repos, advanced AgentShield scanning, team configs, and enterprise controls. Pro is $19 per seat for individuals and teams, and Enterprise is contact-only. The OSS install remains free.

What data does the GitHub App access?

How do I install the skills from the open-source repo?

What is AgentShield?

AgentShield is a security auditor for AI agent configurations like CLAUDE.md, .cursorrules, and agents.json. It uses an Opus 4.6-powered pipeline with three stages: a red team that crafts adversarial prompts, a blue team that validates guardrails, and an auditor that produces a scored security report. Run it with npx ecc-agentshield scan ./CLAUDE.md.

It is open source on purpose: teams can audit the scanner locally, then add automation and reporting on top through the broader ECC stack.

Can I contribute my own skills or agents?

[ START WITH ECC ]

Turn the 140K+ stars ecosystem into a team workflow.

Start with the GitHub App for the fastest repo-level path, keep the OSS install where you want local control, and move into Pro or Enterprise only when private repos, policy, or rollout pressure become the blocker.

140K+ stars The OSS front door keeps discovery, installs, and community trust flowing.

Free → $19/active seat → Contact One GitHub App path from public-repo evaluation to rollout support.

102 AgentShield rules Security and policy stay additive instead of forcing a workflow reset.

Install GitHub App Free Compare Pricing

Talk to Enterprise Review Security Model Browse OSS Docs

Need the local OSS path? Open the selective install builder, copy the installer below, and layer the GitHub App in later.

$ npm i -g ecc-universal

Open Source MIT Licensed No vendor lock-in

Built by Affaan Mustafa · Open source under MIT license

Website @affaanmustafa GitHub

Open source · MIT License · Built for modern agent harnesses

TypeScript Hono Cloudflare Workers Claude Code Codex OpenCode