security: remove supply chain risks, external promotions, and unauthorized credits

- Remove zenith.chat references and @DRodriguezFX shoutout from README - Remove Inspiration Credits section (already in CHANGELOG.md) - Remove awesome-agent-skills reference from Links - Remove Plankton H3 section by @alxfazio (skill stays in skills/) - Remove brand names (InsAIts, VideoDB, Evos) from v1.9.0 notes - Remove @ericcai0814 individual credit from README (kept in CHANGELOG) - Add Security Guide to Links section - Replace curl-pipe-to-bash in autonomous-loops with review warning - Replace git clone in plankton-code-quality with review warning - Replace pip install git+ in agent-eval with review warning - Replace npm install -g in dmux-workflows with review warning - Add commercial API notice to nutrient-document-processing - Remove VideoDB maintainer credit from videodb skill - Replace skill-creator.app link with ECC-Tools GitHub App reference
2026-03-30 13:43:26 +08:00 · 2026-03-21 18:09:52 -07:00
parent 0d2828cc00
commit 6b2de1baff
8 changed files with 12 additions and 30 deletions
--- a/README.md
+++ b/README.md
@@ -90,7 +90,7 @@ This repo is the raw code only. The guides explain everything.
 - **Orchestration overhaul** — Harness audit scoring made deterministic, orchestration status and launcher compatibility hardened, observer loop prevention with 5-layer guard.
 - **Observer reliability** — Memory explosion fix with throttling and tail sampling, sandbox access fix, lazy-start logic, and re-entrancy guard.
 - **12 language ecosystems** — New rules for Java, PHP, Perl, Kotlin/Android/KMP, C++, and Rust join existing TypeScript, Python, Go, and common rules.
- **Community contributions** — Korean and Chinese translations, InsAIts security hook, biome hook optimization, VideoDB skills, Evos operational skills, PowerShell installer, Antigravity IDE support.
+- **Community contributions** — Korean and Chinese translations, security hook, biome hook optimization, video processing skills, operational skills, PowerShell installer, Antigravity IDE support.
 - **CI hardening** — 19 test failure fixes, catalog count enforcement, install manifest validation, and full test suite green.
 ### v1.8.0 — Harness Performance System (Mar 2026)
@@ -122,7 +122,7 @@ This repo is the raw code only. The guides explain everything.
 ### v1.4.1 — Bug Fix (Feb 2026)
- **Fixed instinct import content loss** — `parse_instinct_file()` was silently dropping all content after frontmatter (Action, Evidence, Examples sections) during `/instinct-import`. Fixed by community contributor @ericcai0814 ([#148](https://github.com/affaan-m/everything-claude-code/issues/148), [#161](https://github.com/affaan-m/everything-claude-code/pull/161))
+- **Fixed instinct import content loss** — `parse_instinct_file()` was silently dropping all content after frontmatter (Action, Evidence, Examples sections) during `/instinct-import`. ([#148](https://github.com/affaan-m/everything-claude-code/issues/148), [#161](https://github.com/affaan-m/everything-claude-code/pull/161))
 ### v1.4.0 — Multi-Language Rules, Installation Wizard & PM2 (Feb 2026)
@@ -526,10 +526,6 @@ Use `/security-scan` in Claude Code to run it, or add to CI with the [GitHub Act
 [GitHub](https://github.com/affaan-m/agentshield) | [npm](https://www.npmjs.com/package/ecc-agentshield)
 ### 🔬 Plankton — Write-Time Code Quality Enforcement
 Plankton (credit: @alxfazio) is a recommended companion for write-time code quality enforcement. It runs formatters and 20+ linters on every file edit via PostToolUse hooks, then spawns Claude subprocesses (routed to Haiku/Sonnet/Opus by violation complexity) to fix issues the main agent missed. Three-phase architecture: auto-format silently (40-50% of issues), collect remaining violations as structured JSON, delegate fixes to a subprocess. Includes config protection hooks that prevent agents from modifying linter configs to pass instead of fixing code. Supports Python, TypeScript, Shell, YAML, JSON, TOML, Markdown, and Dockerfile. Use alongside AgentShield for security + quality coverage. See `skills/plankton-code-quality/` for full integration guide.
 ### 🧠 Continuous Learning v2
 The instinct-based learning system automatically learns your patterns:
@@ -1207,15 +1203,10 @@ ECC is the **first plugin to maximize every major AI coding tool**. Here's how e
 ## 📖 Background
-I've been using Claude Code since the experimental rollout. Won the Anthropic x Forum Ventures hackathon in Sep 2025 building [zenith.chat](https://zenith.chat) with [@DRodriguezFX](https://x.com/DRodriguezFX) - entirely using Claude Code.
+I've been using Claude Code since the experimental rollout. Won the Anthropic x Forum Ventures hackathon in Sep 2025 - entirely using Claude Code.
 These configs are battle-tested across multiple production applications.
 ## Inspiration Credits
 - inspired by [zarazhangrui](https://github.com/zarazhangrui)
 - homunculus-inspired by [humanplane](https://github.com/humanplane)
 ---
 ## Token Optimization
@@ -1334,9 +1325,8 @@ This project is free and open source. Sponsors help keep it maintained and growi
 - **Shorthand Guide (Start Here):** [The Shorthand Guide to Everything Claude Code](https://x.com/affaanmustafa/status/2012378465664745795)
 - **Longform Guide (Advanced):** [The Longform Guide to Everything Claude Code](https://x.com/affaanmustafa/status/2014040193557471352)
 - **Security Guide:** [Security Guide](./the-security-guide.md) | [Thread](https://x.com/affaanmustafa/status/2033263813387223421)
 - **Follow:** [@affaanmustafa](https://x.com/affaanmustafa)
 - **zenith.chat:** [zenith.chat](https://zenith.chat)
 - **Skills Directory:** awesome-agent-skills (community-maintained directory of agent skills)
 ---
--- a/skills/agent-eval/SKILL.md
+++ b/skills/agent-eval/SKILL.md
@@ -18,10 +18,7 @@ A lightweight CLI tool for comparing coding agents head-to-head on reproducible
 ## Installation
-```bash
+> **Note:** Install agent-eval from its repository after reviewing the source.
 # pinned to v0.1.0 — latest stable commit
 pip install git+https://github.com/joaquinhuigomez/agent-eval.git@6d062a2f5cda6ea443bf5d458d361892c04e749b
 ```
 ## Core Concepts
--- a/skills/autonomous-loops/SKILL.md
+++ b/skills/autonomous-loops/SKILL.md
@@ -235,9 +235,7 @@ Don't rely on agents to self-differentiate. The orchestrator **assigns** each ag
 ### Installation
-```bash
+> **Warning:** Install continuous-claude from its repository after reviewing the code. Do not pipe external scripts directly to bash.
 curl -fsSL https://raw.githubusercontent.com/AnandChowdhary/continuous-claude/HEAD/install.sh | bash
 ```
 ### Usage
--- a/skills/continuous-learning-v2/SKILL.md
+++ b/skills/continuous-learning-v2/SKILL.md
@@ -356,7 +356,7 @@ v2.1 is fully compatible with v2.0 and v1:
 ## Related
- [Skill Creator](https://skill-creator.app) - Generate instincts from repo history
+- [ECC-Tools GitHub App](https://github.com/apps/ecc-tools) - Generate instincts from repo history
 - Homunculus - Community project that inspired the v2 instinct-based architecture (atomic observations, confidence scoring, instinct evolution pipeline)
 - [The Longform Guide](https://x.com/affaanmustafa/status/2014040193557471352) - Continuous learning section
--- a/skills/dmux-workflows/SKILL.md
+++ b/skills/dmux-workflows/SKILL.md
@@ -22,7 +22,7 @@ dmux is a tmux-based orchestration tool that manages AI agent panes:
 - Press `m` to merge pane output back to the main session
 - Supports: Claude Code, Codex, OpenCode, Cline, Gemini, Qwen
-**Install:** `npm install -g dmux` or see [github.com/standardagents/dmux](https://github.com/standardagents/dmux)
+**Install:** Install dmux from its repository after reviewing the package. See [github.com/standardagents/dmux](https://github.com/standardagents/dmux)
 ## Quick Start
--- a/skills/nutrient-document-processing/SKILL.md
+++ b/skills/nutrient-document-processing/SKILL.md
@@ -6,6 +6,8 @@ origin: ECC
 # Nutrient Document Processing
 > **Note:** This skill integrates with the Nutrient commercial API. Review their terms before use.
 Process documents with the [Nutrient DWS Processor API](https://www.nutrient.io/api/). Convert formats, extract text and tables, OCR scanned documents, redact PII, add watermarks, digitally sign, and fill PDF forms.
 ## Setup
--- a/skills/plankton-code-quality/SKILL.md
+++ b/skills/plankton-code-quality/SKILL.md
@@ -72,12 +72,9 @@ A PreToolUse hook on Bash blocks legacy package managers:
 ### Quick Start
-```bash
+> **Note:** Plankton requires manual installation from its repository. Review the code before installing.
 # Clone Plankton into your project (or a shared location)
 # Note: Plankton is by @alxfazio
 git clone https://github.com/alexfazio/plankton.git
 cd plankton
 ```bash
 # Install core dependencies
 brew install jaq ruff uv
--- a/skills/videodb/SKILL.md
+++ b/skills/videodb/SKILL.md
@@ -372,5 +372,3 @@ Reference documentation is in the `reference/` directory adjacent to this SKILL.
 Reference material for this skill is vendored locally under `skills/videodb/reference/`.
 Use the local copies above instead of following external repository links at runtime.
 **Maintained By:** [VideoDB](https://www.videodb.io/)