Skip to main content
Codex skills · skills · 18 picks

Codex and agent skills for repeatable work

Skills, commands, and rules that map well to Codex-style repeatable agent workflows across engineering, docs, deployment, and review.

Curated by @heyclaude-editors Updated 2026-07-18

Skills, commands, and rules that map well to Codex-style repeatable agent workflows across engineering, docs, deployment, and review.

Compared at a glance

The top 5 picks side by side on trust, install, platform support, and disclosed notes — full rationale for each below.

2 trust signals differ across this comparison (Package trust, Source provenance).

Next steps differ across picks — use the actions in the table below to copy install commands and source links per resource.

Field

Expert automation-orchestration capability pack for designing safe, low-noise recurring Codex workflows with clear runbooks.

Open dossier

Use the built-in /hooks menu to inspect Claude Code hooks and configure them in settings.json so shell commands run deterministically at lifecycle events like PreToolUse, PostToolUse, and Stop.

Open dossier

Build intelligent CI/CD pipelines with GitHub Actions, AI-assisted workflow generation, automated testing, and deployment orchestration.

Open dossier

Ship smart contracts on Base with secure deployment, verification, environment management, and production-readiness checklists.

Open dossier

Expert code-review capability pack for deterministic PR audits, risk-ranked findings, and low-noise fix planning without SaaS lock-in.

Open dossier
Next stepsDiffers
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustDiffersPackage verified2026-04-11Package not verifiedPackage verified2025-10-16Package verified2026-04-10Package verified2026-04-11
Source provenanceDiffersNo submission linkSource-backedNo submission linkNo submission linkNo submission link
Submitter
Install riskLow riskReview firstLow riskLow riskLow risk
Notes Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓
BrandGitHub logoGitHub
Categoryskillscommandsskillsskillsskills
SourceFirst-partySource-backedFirst-partyFirst-partyFirst-party
AuthorJSONboredJSONboredJSONboredJSONboredJSONbored
Added2026-04-112025-10-252025-10-162026-04-102026-04-11
Platforms
Harness
Source repo
Safety notesDesigns and runs automation workflows that can execute commands and trigger external actions; review each automation's permissions and triggers before enabling it.Hooks execute shell commands automatically with your user permissions whenever their event fires. A misconfigured or malicious hook can run destructive commands (file deletion, network calls, credential access) without further confirmation. PreToolUse hooks can allow or deny tool calls and PostToolUse hooks run after tools succeed; review hook commands before committing them to a shared .claude/settings.json so teammates do not inherit unexpected execution. Prefer `.claude/settings.json` for reviewed, team-shared hooks and `.claude/settings.local.json` for personal, gitignored hooks; use `disableAllHooks` to turn off user/project hooks when running untrusted code.Setup downloads and unzips a package, and generated workflows run build/test/deploy commands in CI with repository permissions; review workflow YAML and least-privilege the GITHUB_TOKEN before merging.Do not deploy or transact from generated contract code without independent review, tests, and a dry run; smart contract mistakes can be irreversible. Use local forks or testnets before mainnet and keep deployment wallets and RPC credentials least-privileged.Installs from a downloaded package and may run local commands or scaffold files as part of the workflow; review the package and any generated changes before applying.
Privacy notesInputs can include source files, prompts, logs, account metadata, repository details, and operational context that may be sent to the configured AI model. Redact secrets, customer data, private URLs, credentials, and proprietary implementation details before sharing prompts, reports, or generated artifacts.Command and HTTP hooks receive event JSON on stdin including `session_id`, `transcript_path`, `cwd`, and tool input (such as file paths and Bash commands); a hook that forwards this data over the network can expose local file contents, paths, or command arguments to third parties. HTTP hooks can include headers with interpolated environment variables (restricted by `allowedEnvVars`); avoid embedding secrets in hook configuration that is committed to a repository.CI workflows read repository code and use secrets (API keys, deploy credentials, model keys); store them in GitHub Actions secrets, never in workflow files or logs, and review what third-party actions can access.Prompts and reports can include contract source, audit findings, addresses, deployment config, and transaction context. Never paste private keys, seed phrases, unreleased exploit details, customer wallet data, or privileged RPC credentials into prompts.Operates on your local project files and any context you share in the session; review what you expose before sharing — nothing is sent beyond the model unless a step calls an external service.
Prerequisites
  • Automation goals and success metrics
  • Notification channel
  • Operational owner
— none listed
  • GitHub repository with Actions enabled
  • Test suite (Vitest, Jest, Playwright)
  • Deployment target (Vercel, AWS, GCP, etc.)
  • GitHub account with repository access and Actions enabled (free tier includes 2,000 minutes/month)
  • Solidity contracts and deployment scripts
  • Base testnet/mainnet environment variables
  • Defined ownership, admin, and upgrade strategy
  • Repository access and PR diff
  • Security severity policy
  • Test/lint/typecheck commands
Install
curl -L https://heyclau.de/downloads/skills/codex-automations-orchestrator-capability-pack.zip -o codex-automations-orchestrator-capability-pack.zip && unzip -o codex-automations-orchestrator-capability-pack.zip -d ./codex-automations-orchestrator-capability-pack
curl -L https://heyclau.de/downloads/skills/github-actions-ai-cicd.zip -o github-actions-ai-cicd.zip && unzip -o github-actions-ai-cicd.zip -d ./github-actions-ai-cicd
curl -L https://heyclau.de/downloads/skills/base-l2-smart-contract-launchpad.zip -o base-l2-smart-contract-launchpad.zip && unzip -o base-l2-smart-contract-launchpad.zip -d ./base-l2-smart-contract-launchpad
curl -L https://heyclau.de/downloads/skills/coderabbit-lite-pr-review-capability-pack.zip -o coderabbit-lite-pr-review-capability-pack.zip && unzip -o coderabbit-lite-pr-review-capability-pack.zip -d ./coderabbit-lite-pr-review-capability-pack
Config
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimedUnclaimed
Open 4 picks in the interactive comparison tool
  1. 01
    Why it made the cut

    Codex Automations Orchestrator Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  2. 02
    Why it made the cut

    Configure Claude Code Hooks with /hooks is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  3. 03
    Why it made the cut

    GitHub Actions AI-Powered CI/CD Automation Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  4. 04
    Why it made the cut

    Base L2 Smart Contract Launchpad Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  5. 05
    Why it made the cut

    Code Review Automation Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  6. 06
    Why it made the cut

    Codex Plugin Creator Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  7. 07
    Why it made the cut

    Google Workspace Gemini Automation Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  8. 08
    Why it made the cut

    n8n Production Security Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  9. 09
    Why it made the cut

    Windsurf AI-Native Collaborative Development Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  10. 10
    Why it made the cut

    Create Claude Code Subagents with /agents is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  11. 11
    Why it made the cut

    TDD Workflow Custom Command for Claude Code is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  12. 12
    Why it made the cut

    Docker Compose Production Blueprints Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  13. 13
  14. 14
    Why it made the cut

    Unraid API Automation Operator Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  15. 15
    Why it made the cut

    Unraid API v2 Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  16. 16
    Why it made the cut

    /review - Code Review Command for Claude Code is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  17. 17
    Why it made the cut

    /test-advanced - Advanced Test Planning Custom Command is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  18. 18
    Why it made the cut

    AutoGen Multi-Agent Workflow for Claude is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

Missing a pick? Propose an edit to this list — every change goes through the same review queue as new entries.

Suggest a pick
Weekly · Sundays

Get the weekly brief

One calm read on Claude workflows. Sundays. No tracking pixels.

Unsubscribe any time. No tracking pixels. No partner blasts.