Skip to main content
Local-first · mcp · 18 picks

Local-first AI workflow resources

Claude resources for local files, privacy-aware workflows, repository automation, offline-friendly setup, and reviewable local execution.

Curated by @heyclaude-editors Updated 2026-07-18

Claude resources for local files, privacy-aware workflows, repository automation, offline-friendly setup, and reviewable local execution.

Compared at a glance

The top 5 picks side by side on trust, install, platform support, and disclosed notes — full rationale for each below.

3 trust signals differ across this comparison (Package trust, Source provenance, Submitter).

Next steps differ across picks — use the actions in the table below to copy install commands and source links per resource.

Field

Local MCP server that gives AI assistants terminal control, process management, filesystem operations, search, diff editing, and document handling for desktop automation and development workflows.

Open dossier

Official MCP server providing secure file system operations for Claude Desktop and Claude Code

Open dossier

Access any application, workflows, or data via Workato's integration platform

Open dossier

Connect to nearly 8,000 apps through Zapier's automation platform

Open dossier

Expert code-review capability pack for deterministic PR audits, risk-ranked findings, and low-noise fix planning without SaaS lock-in.

Open dossier
Next stepsDiffers
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustDiffersPackage not verifiedPackage verifiedPackage verifiedPackage verifiedPackage verified2026-04-11
Source provenanceDiffersSource-backedNo submission linkNo submission linkNo submission linkNo submission link
SubmitterDiffersoktofeesh1
Install riskReview firstLow riskLow riskLow riskLow risk
Notes Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓
BrandDesktop Commander logoDesktop CommanderAnthropic logoAnthropicWorkato logoWorkatoZapier logoZapier
Categorymcpmcpmcpmcpskills
SourceSource-backedFirst-partyFirst-partyFirst-partyFirst-party
Authorwonderwhy-erAnthropicWorkatoZapierJSONbored
Added2026-06-052025-09-152025-09-182025-09-182026-04-11
Platforms
Harness
Source repo
Safety notesDesktop Commander can run shell commands, stream process output, start and stop processes, read and write files, edit documents, search directories, and change local configuration. The project's security policy describes built-in restrictions as guardrails rather than hardened security boundaries. Directory restrictions and command blocklists may be bypassed through terminal access, symlinks, absolute paths, or command substitution. Use Docker with selective folder mounts when stronger isolation is required. Review file edits, command execution, process termination, and document rewrites before letting an agent act on important systems.Limit allowed roots to the specific folders Claude needs because file operations can read, write, overwrite, or delete local data.Restrict recipe and connection access because automations can trigger reads or writes across many connected business systems.Restrict the generated Zapier MCP URL and enabled actions because automations can write across many connected apps.Installs from a downloaded package and may run local commands or scaffold files as part of the workflow; review the package and any generated changes before applying.
Privacy notesLocal files, terminal output, environment-derived paths, process listings, command arguments, audit logs, spreadsheets, PDFs, DOCX files, and source code may be exposed to the MCP client and model. Tool logs can contain secrets, customer data, credentials, private repository paths, database output, and internal documents. If using remote AI clients or the project's remote MCP option, review where prompts, tool calls, and file content are transmitted and retained.Local file contents, filenames, directory structure, and system paths may be sent through the MCP client and model context.Connected app data, workflow payloads, account metadata, and integration connection details may be sent through tool calls.Connected app data, workflow payloads, account metadata, and action inputs or outputs may be sent through model context.Operates on your local project files and any context you share in the session; review what you expose before sharing — nothing is sent beyond the model unless a step calls an external service.
Prerequisites
  • Node.js for the npx installation path, or Docker for the isolated installation path.
  • Claude Desktop or another MCP client that can launch local stdio servers.
  • Clear list of directories, commands, and long-running processes an assistant may access.
  • Backups or version control for files the agent may edit.
  • Node.js 14 or higher installed (verify with: node --version)
  • npx available (comes with Node.js, verify with: npx --version)
  • File system read/write permissions for directories you want to access
  • Understanding of absolute vs relative paths (must use absolute paths in configuration for security)
  • Workato account (workspace access required)
  • Bearer token authentication (created in Workato Dashboard)
  • Network access to your Workato workspace MCP endpoint (HTTPS required, HTTP transport)
  • Understanding of Workato recipes/workflows (automation concepts)
  • Zapier account (free or paid plan)
  • Personal authentication token (generated at mcp.zapier.com)
  • Network access to mcp.zapier.com (HTTPS required, HTTP transport)
  • Understanding of Zapier Zaps/workflows (automation concepts)
  • Repository access and PR diff
  • Security severity policy
  • Test/lint/typecheck commands
Install
npx @wonderwhy-er/desktop-commander@latest setup
claude mcp list && claude mcp status filesystem
claude mcp add --transport http workato YOUR_WORKATO_MCP_URL && claude mcp list
claude mcp add --transport http zapier YOUR_GENERATED_URL && claude mcp list
curl -L https://heyclau.de/downloads/skills/coderabbit-lite-pr-review-capability-pack.zip -o coderabbit-lite-pr-review-capability-pack.zip && unzip -o coderabbit-lite-pr-review-capability-pack.zip -d ./coderabbit-lite-pr-review-capability-pack
Config
{
  "mcpServers": {
    "desktop-commander": {
      "command": "npx",
      "args": ["-y", "@wonderwhy-er/desktop-commander@latest"]
    }
  }
}
Manual-only setup:
{
  "filesystem": {
    "args": [
      "-y",
      "@modelcontextprotocol/server-filesystem",
      "/path/to/allowed/directory"
    ],
    "command": "npx"
  }
}
Manual-only setup:
{
  "workato": {
    "url": "https://your-workspace.workato.com/mcp",
    "transport": "http"
  }
}
Manual-only setup:
{
  "zapier": {
    "url": "https://mcp.zapier.com/YOUR_GENERATED_URL",
    "transport": "http"
  }
}
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimedUnclaimed
Open 4 picks in the interactive comparison tool
  1. 01
    Why it made the cut

    Desktop Commander MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  2. 02
    Why it made the cut

    Filesystem MCP Server - MCP Servers is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  3. 03
    Why it made the cut

    Workato MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  4. 04
    Why it made the cut

    Zapier MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  5. 05
    Why it made the cut

    Code Review Automation Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  6. 06
    Why it made the cut

    Codex Automations Orchestrator Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  7. 07
    Why it made the cut

    GitHub Actions AI-Powered CI/CD Automation Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  8. 08
    Why it made the cut

    Google Workspace Gemini Automation Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  9. 09
    Why it made the cut

    n8n Production Security Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  10. 10
    Why it made the cut

    Asana MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  11. 11
    Why it made the cut

    Monday MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  12. 12
  13. 13
    Why it made the cut

    Unraid API Automation Operator Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  14. 14
    Why it made the cut

    Unraid API v2 Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  15. 15
    Why it made the cut

    Windsurf AI-Native Collaborative Development Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  16. 16
    Why it made the cut

    BrowserMCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  17. 17
    Why it made the cut

    Chrome MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  18. 18
    Why it made the cut

    Code Index MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

Missing a pick? Propose an edit to this list — every change goes through the same review queue as new entries.

Suggest a pick
Weekly · Sundays

Get the weekly brief

One calm read on Claude workflows. Sundays. No tracking pixels.

Unsubscribe any time. No tracking pixels. No partner blasts.