by im4codes
The IM for agents. Shared Agent Context & Memory, supervised execution, and cross-agent audit across AI providers.
# Add to your Claude Code skills
git clone https://github.com/im4codes/imcodesLast scanned: 5/30/2026
{
"issues": [
{
"type": "npm-audit",
"message": "@anthropic-ai/claude-agent-sdk: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@anthropic-ai/sdk: Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@github/copilot: GitHub Copilot CLI: Nested Bare Repository Can Execute Arbitrary Commands via core.fsmonitor",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@protobufjs/utf8: protobufjs has overlong UTF-8 decoding",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@vitest/coverage-v8: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@vitest/mocker: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "brace-expansion: brace-expansion: Large numeric range defeats documented `max` DoS protection",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "esbuild: esbuild enables any website to send any requests to the development server and read the response",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "express-rate-limit: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "fast-uri: fast-uri vulnerable to path traversal via percent-encoded dot segments",
"severity": "high"
},
{
"type": "npm-audit",
"message": "glob: glob CLI: Command injection via -c/--cmd executes matches with shell:true",
"severity": "high"
},
{
"type": "npm-audit",
"message": "hono: Hono has CSS Declaration Injection via Style Object Values in JSX SSR",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "ip-address: ip-address has XSS in Address6 HTML-emitting methods",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "protobufjs: protobuf.js: Code injection through bytes field defaults in generated toObject code",
"severity": "high"
},
{
"type": "npm-audit",
"message": "qs: qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "vite: Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "vite-node: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "vitest: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "ws: ws: Uninitialized memory disclosure",
"severity": "medium"
}
],
"status": "WARNING",
"scannedAt": "2026-05-30T16:21:37.175Z",
"npmAuditRan": true,
"pipAuditRan": true
}imcodes is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by im4codes. The IM for agents. Shared Agent Context & Memory, supervised execution, and cross-agent audit across AI providers. It has 845 GitHub stars.
imcodes returned warnings in SkillsLLM's automated security scan. It has no critical vulnerabilities, but review the flagged issues in the Security Report section before adding it to your workflow.
Clone the repository with "git clone https://github.com/im4codes/imcodes" and add it to your Claude Code skills directory (see the Installation section above).
imcodes is primarily written in TypeScript. It is open-source under im4codes on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh imcodes against similar tools.
No comments yet. Be the first to share your thoughts!
Requires a passing catalog security scan. Resolve the flagged issues and resubmit to enable featuring.
English | 简体中文 | 繁體中文 | Español | Русский | 日本語 | 한국어
The IM for agents. Shared memory, OpenSpec Auto Deliver, managed MCP tools, supervised execution, and cross-agent audit across AI providers.
Two heads are better than one. But minds in concert don't answer fate, they author it. — IM.codes
IM.codes gives coding agents one shared memory layer and one managed MCP tool surface across providers. It turns completed work into reusable context, then injects or recalls the right history in future sessions across Claude Code, Codex, Gemini CLI, GitHub Copilot, Cursor, OpenCode, OpenClaw, Qwen, and more — with terminal access, file browsing, git views, localhost preview, notifications, multi-agent workflows, and native streaming output for transport-backed agents. For spec-driven work, OpenSpec Auto Deliver can take a change from proposal/spec audit through implementation, validation hints, Team audit/rework, automatic module scoring, and final quality gates. Session sharing also supports pair or multi-person collaborative coding around live agent sessions. Built-in Auto supervision can judge completed turns, continue work autonomously, and optionally run an audit/rework loop before handing control back. Team discussion lets multiple models review and audit each other's plans and implementations — an effective way to reduce single-model misses, blind spots, and biases.
Disclaimer: This is an actively developed personal open-source project. There are no warranties, no SLA, and no guarantees of stability, security, or backward compatibility. Use at your own risk.
Watch support covers quick session monitoring, unread counts, push notifications, and quick replies directly from the wrist.
Supports iPhone, iPad, and Apple Watch. Also available as a web app.
When you leave your desk, most coding-agent workflows fall apart. The agent is still running in a terminal, but continuing the work usually means SSH, tmux attach, remote desktop hacks, or waiting until you're back at your laptop.
That reach problem is only one half of it. Complex coding-agent work also needs steadier judgment: a single model can fall into familiar patterns, miss issues, or produce unstable answers on hard tasks. Switching providers can help, but without shared context it can also lose the thread.
IM.codes is built around both needs. It keeps sessions within reach from mobile or web: open the terminal, inspect files and git changes, preview localhost from another device, get notified when work finishes, invite another person into the same session or server, and keep multiple agents moving on your own infrastructure. It also pairs Shared Agent Context & Memory with Multi-Agent Discussions & Cross-Provider Audit: durable recall comes from summarized completed work, while Team discussion is structured cross-model review before code lands. It does not make output perfect, but it reduces single-model blind spots and helps complex work converge with more review.
It is not another AI IDE or a generic remote terminal. It is the messaging, memory, and review layer around terminal-based coding agents.
For OpenSpec-based changes, Auto Deliver turns a change folder into an end-to-end supervised delivery run: proposal/spec review, implementation, validation, Team audit, automatic module scoring, rework gates, and a visible final handoff.
tasks.md, and keeps a live run projection in the UI.audit>review>plan) and reads an authoritative JSON result instead of trusting chat summaries.spec, tasks, implementation, tests, and risk, with evidence and summaries visible in the run details instead of buried in chat text.PASS, REWORK, or BLOCKED — decides whether the run can pass, should repair while limits allow, or needs a human decision.fast, standard, strict, and deep tune spec-audit rounds, implementation-audit rounds, max implementation prompts, and elapsed-time limits.Share a tab, sub-session, or whole source server with another user. Use viewer for read-only review or participant when a teammate should send prompts into the covered sessions. Shared messages carry actor labels, and access can be downgraded or revoked from the UI.
IM.codes continuously turns completed agent work into reusable memory and feeds that context back into future sessions.
assistant.text outputs are materialized. Streaming deltas, tool calls, and intermediate noise are excluded.