Everything Claude Code
WarnAudited by ClawScan on May 10, 2026.
Overview
This looks like a broad Claude Code automation plugin rather than just a guide, with proactive agents, persistent hooks, learning/memory features, and personal account automation that need careful review.
If you only want a guide, do not run the plugin installer, install.sh, or copy hooks/MCP configs. Before installing, inspect the hooks, continuous-learning files, chief-of-staff agent, and MCP settings; remove features you do not need and avoid granting message, calendar, or cloud credentials unless you explicitly trust and need those workflows.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may start extra subagents or parallel work before the user clearly approves that scope.
This tells the user's agent to initiate delegation and parallel activity without explicit user prompting, which is broader control behavior than a passive guide.
Use agents proactively without user prompt ... Use parallel execution for independent operations — launch multiple agents simultaneously.
Treat proactive delegation as opt-in; require explicit user approval before launching subagents or parallel workflows.
If enabled with account access, the agent could archive messages, change calendar/todo/relationship files, and push changes after communication actions.
The workflow includes high-impact mutations to inboxes, calendars, knowledge files, and git state, not just generating advice or drafts.
skip | Archive immediately ... After every send, complete ALL ... Archive — Remove processed message from inbox ... Git commit & push
Disable or remove this agent unless you intentionally want it; require confirmation for send, archive, calendar, and git push actions.
Installing or enabling the workflow may require broad access to private messages, calendars, and workplace communication systems.
This describes access to personal/work communication and calendar accounts that is not declared in the registry requirements.
triages email, Slack, LINE, and Messenger, and calendar ... Fetch all channels simultaneously: gog gmail search ... Slack (via MCP)
Do not grant credentials or MCP access unless you understand the exact scopes; use least-privilege accounts and remove unused integrations.
A user could run external installation steps without the registry clearly declaring their provenance or scope.
The documentation directs users to an external marketplace/repo and installer, while the registry metadata lists unknown source/homepage and no install spec.
/plugin marketplace add affaan-m/everything-claude-code ... git clone https://github.com/affaan-m/everything-claude-code.git ... ./install.sh typescript
Verify the upstream repository and inspect install.sh, hooks, and copied configuration before running installation commands.
Running the included scripts or hooks can execute local commands on the user's machine.
The bundle contains code that spawns local processes; this is plausible for a Claude Code CLI/plugin, but it is executable behavior rather than pure documentation.
const result = spawnSync('claude', ['-p', fullPrompt], {Review scripts and hook configuration before enabling them, especially in sensitive repositories.
Private code, session details, or sensitive project patterns could be saved and reused in later tasks.
The artifacts describe automatic retention and reuse of session context, but the visible skill metadata does not bound storage paths, retention, exclusions, or approvals.
Memory Persistence | Hooks that save/load context across sessions automatically ... Continuous Learning | Auto-extract patterns from sessions into reusable skills
Disable continuous-learning/session-persistence features unless configured; exclude secrets and private data, and document where retained context is stored.
The agent may continue a multi-step workflow after the user intended only a limited action.
A hook-enforced checklist can keep the agent performing follow-up actions after a send and block task completion until those actions occur.
This checklist is enforced by a `PostToolUse` hook that blocks completion until all steps are done.
Keep post-tool hooks disabled by default and require explicit opt-in for persistent or blocking automation.