GitHub Action

AgentShield

**Security auditor for AI agent configurations**

Scans Claude Code setups for hardcoded secrets, permission misconfigs,

hook injection, MCP server risks, and agent prompt injection vectors.

Available as CLI, GitHub Action, and [GitHub App](https://github.com/apps/ecc-tools) integration.

[](https://www.npmjs.com/package/ecc-agentshield) [](https://www.npmjs.com/package/ecc-agentshield) []() []() [](LICENSE)

[Quick Start](#quick-start) · [What It Catches](#what-it-catches) · [API Reference](#api-reference) · [Opus Pipeline](#opus-46-deep-analysis---opus) · [GitHub Action](#github-action) · [Distribution](#distribution) · [MiniClaw](#miniclaw) · [Changelog](./CHANGELOG.md)

---

Why

The AI agent ecosystem is growing faster than its security tooling. In January 2026 alone:

undefined

Developers install community skills, connect MCP servers, and configure hooks without any automated way to audit the security of their setup. AgentShield scans your `.claude/` directory and flags vulnerabilities before they become exploits.

Built at the [Claude Code Hackathon](https://cerebralvalley.ai/e/claude-code-hackathon) (Cerebral Valley x Anthropic, Feb 2026). Part of the [Everything Claude Code](https://github.com/affaan-m/everything-claude-code) ecosystem (42K+ stars).

Quick Start

# Scan your Claude Code config (no install required)
npx ecc-agentshield scan

# Or install globally
npm install -g ecc-agentshield
agentshield scan

That's it. AgentShield auto-discovers your `~/.claude/` directory, scans all config files, and prints a graded security report.

...