zsp/everything-claude-code
1
0
Fork 0
mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-04-02 15:13:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

docs: add SECURITY.md, publish agentic security guide, remove openclaw guide

Browse Source 
- Add SECURITY.md with vulnerability reporting policy
- Publish "The Shorthand Guide to Everything Agentic Security" with attack
  vectors, sandboxing, sanitization, CVEs, and AgentShield coverage
- Add security guide to README guides section (3-column layout)
- Remove unpublished openclaw guide
- Copy security article images to assets/images/security/
This commit is contained in:
Affaan Mustafa
2026-03-20 20:24:56 -07:00
parent 7ccfda9e25
commit fc4e5d654b
7 changed files with 189 additions and 987 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
SECURITY.md Normal file
View File

@@ -0,0 +1,53 @@
# Security Policy
## Supported Versions
| Version | Supported |
| ------- | ------------------ |
| 1.9.x | :white_check_mark: |
| 1.8.x | :white_check_mark: |
| < 1.8 | :x: |
## Reporting a Vulnerability
If you discover a security vulnerability in ECC, please report it responsibly.
**Do not open a public GitHub issue for security vulnerabilities.**
Instead, email **security@ecc.tools** with:
- A description of the vulnerability
- Steps to reproduce
- The affected version(s)
- Any potential impact assessment
You can expect:
- **Acknowledgment** within 48 hours
- **Status update** within 7 days
- **Fix or mitigation** within 30 days for critical issues
If the vulnerability is accepted, we will:
- Credit you in the release notes (unless you prefer anonymity)
- Fix the issue in a timely manner
- Coordinate disclosure timing with you
If the vulnerability is declined, we will explain why and provide guidance on whether it should be reported elsewhere.
## Scope
This policy covers:
- The ECC plugin and all scripts in this repository
- Hook scripts that execute on your machine
- Install/uninstall/repair lifecycle scripts
- MCP configurations shipped with ECC
- The AgentShield security scanner ([github.com/affaan-m/agentshield](https://github.com/affaan-m/agentshield))
## Security Resources
- **AgentShield**: Scan your agent config for vulnerabilities — `npx ecc-agentshield scan`
- **Security Guide**: [The Shorthand Guide to Everything Agentic Security](./the-security-guide.md)
- **OWASP MCP Top 10**: [owasp.org/www-project-mcp-top-10](https://owasp.org/www-project-mcp-top-10/)
- **OWASP Agentic Applications Top 10**: [genai.owasp.org](https://genai.owasp.org/resource/owasp-top-10-for-agentic-applications-for-2026/)