Open-source Claude workflow resources
Source-backed agents, MCP servers, skills, hooks, commands, and guides that teams can inspect before adopting in Claude workflows.
Source-backed agents, MCP servers, skills, hooks, commands, and guides that teams can inspect before adopting in Claude workflows.
Compared at a glance
The top 5 picks side by side on trust, install, platform support, and disclosed notes — full rationale for each below.
3 trust signals differ across this comparison (Package trust, Source provenance, Submitter).
Next steps differ across picks — use the actions in the table below to copy install commands and source links per resource.
| Field | Source-backed agent for cleaning up open-source GitHub issue queues with reproducibility checks, labels, issue types, milestones, assignees, project views, duplicate links, and maintainer-safe response drafts. Open dossier | Official GitHub MCP server providing comprehensive GitHub API access for repository management, file operations, and search functionality Open dossier | Master collaborative AI-assisted development with Windsurf IDE's Cascade AI, multi-file context awareness, and Flow patterns for team workflows. Open dossier | Production codebase auditor specialized in Zod schema validation coverage, security vulnerability detection, and dead code elimination Open dossier | Use the built-in /hooks menu to inspect Claude Code hooks and configure them in settings.json so shell commands run deterministically at lifecycle events like PreToolUse, PostToolUse, and Stop. Open dossier |
|---|---|---|---|---|---|
| Next stepsDiffers | |||||
| Trust | |||||
| Review status | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed |
| Package trustDiffers | Package not verified | Package verified | Package verified2025-10-16 | Package not verified | Package not verified |
| Source provenanceDiffers | Source-backed | No submission link | No submission link | Source-backed | Source-backed |
| SubmitterDiffers | MkDev11 | — | — | — | — |
| Install risk | Review first | Low risk | Low risk | Review first | Review first |
| Notes | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ |
| Brand | — | — | |||
| Category | agents | mcp | skills | commands | commands |
| Source | Source-backed | First-party | First-party | Source-backed | Source-backed |
| Author | MkDev11 | GitHub | JSONbored | JSONbored | JSONbored |
| Added | 2026-06-05 | 2025-09-18 | 2025-10-16 | 2025-09-26 | 2025-10-25 |
| Platforms | |||||
| Harness | |||||
| Source repo | — | — | — | — | — |
| Safety notes | ✓Treat label changes, assignments, milestone moves, project edits, issue closures, discussion conversions, and maintainer mentions as repository governance actions. Draft them first unless the maintainer explicitly authorizes mutation. Do not close issues only because they are old, vague, unpopular, or difficult to reproduce. Apply the repository's documented stale, support, duplicate, or not-planned policy and preserve appeal paths. Avoid making security, severity, ownership, roadmap, or legal claims from model inference alone. Escalate suspected vulnerabilities or abuse to the repository's private security and moderation process. When recommending automation, keep rate limits, notification volume, contributor trust, and maintainer review capacity in view. | ✓Use a least-privilege GitHub token because repository, issue, pull request, and file operations can modify public or private projects. | ✓Setup downloads and unzips a package and changes Windsurf IDE configuration; review what it writes and run it in a trusted workspace. | ✓Review generated changes and commands before applying them; slash commands can ask the agent to read, write, edit, or run tools in the current project. Limit scope to the intended files and run in a trusted checkout when the command analyzes code, tests, security findings, or generated output. | ✓Hooks execute shell commands automatically with your user permissions whenever their event fires. A misconfigured or malicious hook can run destructive commands (file deletion, network calls, credential access) without further confirmation. PreToolUse hooks can allow or deny tool calls and PostToolUse hooks run after tools succeed; review hook commands before committing them to a shared .claude/settings.json so teammates do not inherit unexpected execution. Prefer `.claude/settings.json` for reviewed, team-shared hooks and `.claude/settings.local.json` for personal, gitignored hooks; use `disableAllHooks` to turn off user/project hooks when running untrusted code. |
| Privacy notes | ✓Issue queues can contain private logs, stack traces, screenshots, crash dumps, tokens, email addresses, customer names, hostnames, reproduction links, and unpublished roadmap details. Draft public comments with minimal necessary detail. Ask reporters to move secrets, credentials, vulnerability reports, or private customer data to an approved private channel instead of quoting it back into the issue. Saved replies, duplicate summaries, and project fields can reveal internal routing rules or maintainer availability. Keep internal notes separate from public-facing triage comments. Search queries, exported issue lists, and triage reports should be treated as contributor data and retained only as long as the repository policy allows. | ✓Repository contents, issues, pull requests, comments, org metadata, and user details may be sent through model context. | ✓Windsurf (Cascade) sends your code and prompts to its AI backend to power multi-file operations; review Windsurf's data-handling settings and keep API keys and secrets out of committed config. | ✓Reads the source files it audits, which may include schema definitions and sample data, and sends them to the model as part of the request; it does not transmit them anywhere else. | ✓Command and HTTP hooks receive event JSON on stdin including `session_id`, `transcript_path`, `cwd`, and tool input (such as file paths and Bash commands); a hook that forwards this data over the network can expose local file contents, paths, or command arguments to third parties. HTTP hooks can include headers with interpolated environment variables (restricted by `allowedEnvVars`); avoid embedding secrets in hook configuration that is committed to a repository. |
| Prerequisites |
|
|
| — none listed | — none listed |
| Install | — | | | | — |
| Config | — | | — | — | — |
| Citations | |||||
| Claim | Unclaimed | Unclaimed | Unclaimed | Unclaimed | Unclaimed |
- 01
GitHub Community Issue Triage Agent
Triage GitHub issue queues with labels, issue types, milestones, duplicates, reproducibility checks, maintainer routing, and community-safe replies.
Added 1mo agoSafety ✓ Privacy ✓by MkDev11Why it made the cutGitHub Community Issue Triage Agent is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 02
GitHub MCP Server for Claude
Official GitHub MCP server providing comprehensive GitHub API access for repository management, file operations, and search functionality
Added 10mo agoSafety ✓ Privacy ✓by GitHubWhy it made the cutGitHub MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 03
Windsurf AI-Native Collaborative Development Skill
Master collaborative AI-assisted development with Windsurf IDE's Cascade AI, multi-file context awareness, and Flow patterns for team wor...
Level:advancedType:generalVerified:draftAdded 9mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutWindsurf AI-Native Collaborative Development Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 04
/zod-audit - Zod Auditor Command for Claude Code
Audit a codebase for Zod coverage, security gaps, dead code, and duplication.
Invocation:/zod-audit [audit-type=full|security|duplication|validation|zod] [path]Added 9mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cut/zod-audit - Zod Auditor Command for Claude Code is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 05
Configure Claude Code Hooks with /hooks
Wire shell commands to PreToolUse, PostToolUse, Stop, and other events via the /hooks menu or settings.json.
Invocation:/hooksAdded 8mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutConfigure Claude Code Hooks with /hooks is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 06
Asana MCP Server for Claude
Interact with Asana workspaces to manage projects and tasks
Added 10mo agoSafety ✓ Privacy ✓by AsanaWhy it made the cutAsana MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 07
Figma MCP Server for Claude
Access designs, export assets, and interact with Figma files through Claude
Added 10mo agoSafety ✓ Privacy ✓by FigmaWhy it made the cutFigma MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 08
Monday MCP Server for Claude
Manage monday.com boards, items, and CRM activities
Added 10mo agoSafety ✓ Privacy ✓by Monday.comWhy it made the cutMonday MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 09
Stytch MCP Server for Claude
Configure and manage Stytch authentication services and workspace settings
Added 10mo agoSafety ✓ Privacy ✓by StytchWhy it made the cutStytch MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 10
Workato MCP Server for Claude
Access any application, workflows, or data via Workato's integration platform
Added 10mo agoSafety ✓ Privacy ✓by WorkatoWhy it made the cutWorkato MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 11
Zapier MCP Server for Claude
Connect to nearly 8,000 apps through Zapier's automation platform
Added 10mo agoSafety ✓ Privacy ✓by ZapierWhy it made the cutZapier MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 12
AutoGen Multi-Agent Workflow for Claude
Orchestrate multi-agent workflows using Microsoft AutoGen v0.4 with role-based task delegation, conversation patterns, and collaborative...
Invocation:/autogen-workflow [options] <workflow_description>Added 9mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutAutoGen Multi-Agent Workflow for Claude is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 13
Claude Code On The Web For Repository Planning
Plan repository work with Claude Code on the web before local implementation.
Added 1mo agoSafety ✓ Privacy ✓by kiannidevWhy it made the cutClaude Code On The Web For Repository Planning is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 14
Claude Models in GitHub Copilot Advisor
Advises which Anthropic model to choose in Copilot Chat, and when a task is better handled directly in Claude Code.
Added 8mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutClaude Models in GitHub Copilot Advisor is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 15
TDD Workflow Custom Command for Claude Code
A custom .claude/commands/tdd-workflow.md recipe that drives a red-green-refactor loop in Claude Code. Not a built-in command.
Invocation:Create .claude/commands/tdd-workflow.md, then run: /tdd-workflow add a slugify() helperAdded 8mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutTDD Workflow Custom Command for Claude Code is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 16
HeyClaude Content Submission Factory
Create validated HeyClaude submission drafts with MCP-assisted schema checks, brand metadata, source URLs, SEO fields, and PR-first review notes.
Level:advancedType:generalVerified:validatedAdded 2mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutHeyClaude Content Submission Factory is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 17
Pull Request Triage Capability Pack Skill
Triage maintainer PR queues with source-backed labels, reviewer routing, merge readiness checks, and privacy-safe queue summaries.
Level:expertType:capability-packVerified:validatedAdded 1mo agoSafety ✓ Privacy ✓by kiannidevWhy it made the cutPull Request Triage Capability Pack Skill is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 18
Securing Agentic Coding Workflows In Open Source Repos
Secure open-source repos for Claude Code agentic workflows with MCP policy, permissions, review gates, and contributor safety practices.
Added 1mo agoSafety ✓ Privacy ✓by kiannidevWhy it made the cutSecuring Agentic Coding Workflows In Open Source Repos is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 19
GitHub Actions AI-Powered CI/CD Automation Skill
Build intelligent CI/CD pipelines with GitHub Actions, AI-assisted workflow generation, automated testing, and deployment orchestration.
Level:advancedType:generalVerified:draftAdded 9mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutGitHub Actions AI-Powered CI/CD Automation Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 20
GitHub Actions Secure CI/CD Capability Pack Skill
Deep CI/CD security and reliability skill for GitHub Actions with reusable workflows, policy checks, and hardened automation patterns.
Level:expertType:capability-packVerified:validatedAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutGitHub Actions Secure CI/CD Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
Missing a pick? Propose an edit to this list — every change goes through the same review queue as new entries.
Suggest a pickGet the weekly brief
One calm read on Claude workflows. Sundays. No tracking pixels.
Unsubscribe any time. No tracking pixels. No partner blasts.