ECC — Bringing AgentShield's 102 security rules inside Claude Code with /security-scan

If you're running multiple MCP servers and routing security checks through an external tool, ECC's /security-scan brings AgentShield's 102 rules directly inside Claude Code. Worth checking the architecture first.

Do you leave Claude Code just to run a security check?

Attach another MCP server, run an external linter, copy the output back in. The overhead of switching contexts often costs more than the check itself. ECC pulls that flow inside the session. Run /security-scan and AgentShield's 102 security rules execute directly within Claude Code — no context switch required.

The problem this solves

In most Claude Code setups, security validation is an external step: a separate CI stage, an external scanner, a manual review pass. As the number of agents grows, tracking each agent's action scope and permissions becomes harder to manage from inside the session.

ECC addresses this with an 'operator system' architecture. It is not a config file bundle — it is a harness-native layer that unifies agents, skills, hooks, rules, and MCP configurations into one coherent system. The README describes it as the result of 10+ months of intensive daily use building real products. It is an Anthropic Hackathon winner.

How it works

The distinguishing feature is /security-scan. This command invokes AgentShield directly from the Claude Code plugin layer, running 1,282 tests across 102 rules against your current project's agent behaviors, MCP configurations, and hook scripts.

# Run inside a Claude Code session
/security-scan

Results stay inside the session context, feeding directly into the next action without a round-trip to an external tool.

Operational status is also session-native:

ecc status --markdown --write status.md

This produces a portable handoff document covering agent readiness, active sessions, skill-run health, install health, pending governance events, and linked work items from Linear and GitHub.

Setup

ECC recommends a single install path. Stacking methods is the most common source of broken setups.

npm run dashboard

As of v2.0.0-rc.1, the dashboard loads 60 agents, 232 skills, and 75 legacy command shims. A Tkinter-based desktop app (ecc_dashboard.py) is also available.

Install path guidance from the README:

• Recommended default: install the Claude Code plugin, then copy only the rule folders you need
• Manual installer: use only if you need finer-grained control or want to avoid the plugin path entirely
• Do not stack install methods — the most common broken setup is running /plugin install followed by npx ecc-install --profile full

Practical examples

Scenario 1: MCP server security audit

You have three MCP servers attached to a project and want to verify their exposure scope:

/security-scan
# AgentShield 102 rules → targets MCP configurations
# Output: surfaced in session context, ready for immediate action

No tab switching. The findings are already in context for the next edit.

Scenario 2: Team handoff before a sprint boundary

ecc status --markdown --write status.md
ecc work-items sync-github --repo owner/repo

Generates a markdown snapshot of current session state synchronized with your GitHub PR and issue queue. Useful for async teams running parallel agent workflows on Slack-coordinated sprints.

When not to use it

ECC is designed around Claude Code as the primary harness. Cursor, Codex, and OpenCode are supported but at different feature levels.

If a single CLAUDE.md file covers your needs, ECC's 60-agent, 232-skill surface is genuine overkill. For security scanning in isolation, AgentShield can be used directly. ECC wraps AgentShield inside a larger operator system — evaluate whether you need the full surface before committing.

If you have already layered multiple installs, the README's Reset / Uninstall section is the right starting point before adding anything else.

Alternatives in the same category

everything-claude-code — A guide-layer focused on a single CLAUDE.md. Lower barrier to entry, simpler structure. No integrated agent or skill system, so security scanning requires manual wiring.

Raw MCP composition — Assembling individual MCP servers by hand gives maximum flexibility, but security auditing, state tracking, and skill management each need separate solutions. ECC integrates that layer out of the box.

Wrap-up

The core question ECC answers is: can security validation happen inside the session rather than outside it? /security-scan is that answer. For teams running multiple MCP servers or multi-agent workflows, having AgentShield's 102 rules execute in-session reduces the cost of each review cycle.

A natural next step is connecting ecc status --exit-code to a CI pipeline so agent readiness is verified automatically before deployment — combining the in-session audit with an automated gate.

---

🐦 Faster updates on X: @baegseungh7061
📚 More in this series: AI Insights
💌 Subscribe: Follow on X or grab the RSS