mirror of
https://github.com/affaan-m/everything-claude-code.git
synced 2026-03-31 06:03:29 +08:00
fc4e5d654b
- Add SECURITY.md with vulnerability reporting policy - Publish "The Shorthand Guide to Everything Agentic Security" with attack vectors, sandboxing, sanitization, CVEs, and AgentShield coverage - Add security guide to README guides section (3-column layout) - Remove unpublished openclaw guide - Copy security article images to assets/images/security/
1.7 KiB
1.7 KiB
Security Policy
Supported Versions
| Version | Supported |
|---|---|
| 1.9.x | ✅ |
| 1.8.x | ✅ |
| < 1.8 | ❌ |
Reporting a Vulnerability
If you discover a security vulnerability in ECC, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Instead, email security@ecc.tools with:
- A description of the vulnerability
- Steps to reproduce
- The affected version(s)
- Any potential impact assessment
You can expect:
- Acknowledgment within 48 hours
- Status update within 7 days
- Fix or mitigation within 30 days for critical issues
If the vulnerability is accepted, we will:
- Credit you in the release notes (unless you prefer anonymity)
- Fix the issue in a timely manner
- Coordinate disclosure timing with you
If the vulnerability is declined, we will explain why and provide guidance on whether it should be reported elsewhere.
Scope
This policy covers:
- The ECC plugin and all scripts in this repository
- Hook scripts that execute on your machine
- Install/uninstall/repair lifecycle scripts
- MCP configurations shipped with ECC
- The AgentShield security scanner (github.com/affaan-m/agentshield)
Security Resources
- AgentShield: Scan your agent config for vulnerabilities —
npx ecc-agentshield scan - Security Guide: The Shorthand Guide to Everything Agentic Security
- OWASP MCP Top 10: owasp.org/www-project-mcp-top-10
- OWASP Agentic Applications Top 10: genai.owasp.org