Every AI agent. Protected.

One install blocks malicious packages across all your coding tools.

C
Claude Code Recommended 
# Install and enable the PreToolUse hook (blocks dangerous installs):
pip install stillrunning
stillrunning --hook-claude-code

# Now every pip/npm install is checked before execution.
# Dangerous packages are BLOCKED. Suspicious packages show warnings.
# To remove: stillrunning --uninstall-hook-claude-code

Guaranteed blocking. Unlike skills or MCP tools, this hook runs BEFORE the command executes. Claude Code cannot bypass it.

Cu
Cursor Suggestion-only 
# Add to .cursorrules in your project root:

Before installing any Python or npm package, check it first:
curl "https://stillrunning.io/api/check-package?name={package}"

Only proceed if verdict is CLEAN.
Block if DANGEROUS. Ask user if SUSPICIOUS.

Cursor may choose to follow this — it's not enforced. For guaranteed blocking on the machine running Cursor, also run stillrunning --install-hook to enable the Python import hook.

MCP
Any MCP Agent Optional tool 
# Add to ~/.claude/settings.json or equivalent:

{
  "mcpServers": {
    "stillrunning": {
      "type": "url",
      "url": "https://stillrunning.io/mcp",
      "name": "stillrunning"
    }
  }
}

MCP provides a tool the agent can choose to call. For guaranteed blocking, use the PreToolUse hook above instead. MCP is best for agents that don't support hooks.

GH
GitHub Actions / CI 
# Add to .github/workflows/stillrunning.yml:

name: stillrunning Security
on: [push, pull_request]
jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: johhnyg/stillrunning-action@v2
        with:
          token: ${{ secrets.STILLRUNNING_TOKEN }}
          block_dangerous: true
          scan_imports: true
Ai
Aider 
# Doc-only: requires user to configure intercept
pip install stillrunning && stillrunning --setup --autonomous
export STILLRUNNING_TOKEN=your_token
aider

# Intercept now active for all Aider installs
W
Windsurf Doc-only

Suggestion-only — Windsurf may not follow these rules consistently.

# Add to .windsurfrules in project root:

Security: Before installing any package with pip or npm, verify at
https://stillrunning.io/api/check-package?name={package}

Block if DANGEROUS. Warn if SUSPICIOUS.
Token: stored in ~/stillrunning.yaml
Get your API token GitHub Full docs