When installed as a plugin, /plan triggers Claude Code's built-in plan
mode instead of the plugin's plan skill. Updated all 4 README files
(EN, zh-CN, zh-TW, ja-JP) to show the plugin-namespaced form with a
comment noting the shorter form works for manual installs.
Also fixes markdownlint MD012 violation in chief-of-staff.md (trailing
double blank line from #280 merge).
Fixes#297
New articles:
- the-security-guide.md: "The Shorthand Guide to Securing Your Agent" (595 lines)
Attack vectors, sandboxing, sanitization, OWASP Top 10, observability
- the-openclaw-guide.md: "The Hidden Danger of OpenClaw" (470 lines)
Security analysis of OpenClaw, MiniClaw thesis, industry evidence
External link sanitization (22 files across EN, zh-CN, zh-TW, ja-JP, .cursor):
- Removed third-party GitHub links from skills and guides
- Replaced with inline descriptions to prevent transitive prompt injection
- Kept official org links (Anthropic, Google, Supabase, Mixedbread)
New community skills: content-hash-cache-pattern, cost-aware-llm-pipeline,
regex-vs-llm-structured-text, swift-actor-persistence, swift-protocol-di-testing
Docker Compose for local dev, networking, volume strategies, container
security hardening, debugging commands, and anti-patterns.
Complements the existing deployment-patterns skill which covers CI/CD
and production Dockerfiles.
Closes#121
- New skills: api-design, database-migrations, deployment-patterns
- validate-hooks.js: validate inline JS syntax in node -e hook commands
- utils.test.js: edge case tests for findFiles with null/undefined inputs
- README: update skill count to 35, add new skills to directory tree
- Expand AgentShield ecosystem section with Opus 4.6 three-agent pipeline
details, 5 scan categories, and 4 output formats
- Add hackathon badge to header stats
- Add sponsors section before star history
- Add hooks/README.md: comprehensive hook documentation with input schema,
customization guide, 4 ready-to-use hook recipes, and cross-platform notes
- Expand planner agent with full worked example (Stripe subscriptions plan)
and sizing/phasing guidance (119 → 212 lines)
- Add Django REST API example config (DRF + Celery + pytest + Factory Boy)
- Update README directory tree with new files
New skill: /security-scan wraps ecc-agentshield to audit .claude/ configs
for vulnerabilities, misconfigs, and injection risks.
Covers: CLAUDE.md secrets, settings.json permissions, MCP server risks,
hook injection, agent tool restrictions. Produces A-F security grade.
Also adds AgentShield section to Ecosystem Tools in README with
links to GitHub repo and npm package.
Add complete .cursor/ directory with rules, agents, skills, commands,
and MCP config adapted for Cursor's format. This makes ecc-universal
a truly cross-IDE package supporting Claude Code, Cursor, and OpenCode.
- 27 rule files with YAML frontmatter (description, globs, alwaysApply)
- 13 agent files with full model IDs and readonly flags
- 30 skill directories (identical Agent Skills standard, no translation)
- 31 command files (5 multi-* stubbed for missing codeagent-wrapper)
- MCP config with Cursor env interpolation syntax
- README.md and MIGRATION.md documentation
- install.sh --target cursor flag for project-scoped installation
- package.json updated with .cursor/ in files and cursor keywords
Adding awesome-agent-skills as a related resource.
A curated list of 40+ AI Agent Skills with cross-platform installer (bash/PowerShell), supporting Cursor, Claude Code, Copilot, Windsurf, Codex, and OpenCode.
GitHub: https://github.com/JackyST0/awesome-agent-skills
- Fix PluginContext → PluginInput type rename in @opencode-ai/plugin
- Import tool from @opencode-ai/plugin/tool subpath (fixes broken barrel export)
- Update client.app.log() calls to use new options-object API signature
- Stringify tool execute return values (SDK now requires Promise<string>)
- Add .js extensions to relative imports for NodeNext module resolution
- Update README star count (42K+) and contributor count (24)
