Skip to main content
Install trust · skills · 20 picks

Safer install paths for Agent Skills

Agent Skills and related resources with package verification, first-party source, or trusted copyable setup metadata that can be reviewed before use.

Curated by @heyclaude-editors Updated 2026-07-18

Agent Skills and related resources with package verification, first-party source, or trusted copyable setup metadata that can be reviewed before use.

Compared at a glance

The top 5 picks side by side on trust, install, platform support, and disclosed notes — full rationale for each below.

1 trust signal differ across this comparison (Package trust).

Field

Expert n8n capability skill focused on secure production operation, workflow isolation, secret hygiene, and abuse-resistant automation design.

Open dossier

Expert code-review capability pack for deterministic PR audits, risk-ranked findings, and low-noise fix planning without SaaS lock-in.

Open dossier

Expert GitHub Actions capability skill for secure workflow architecture, token minimization, supply-chain controls, and CI reliability.

Open dossier

Expert automation-orchestration capability pack for designing safe, low-noise recurring Codex workflows with clear runbooks.

Open dossier

Build intelligent CI/CD pipelines with GitHub Actions, AI-assisted workflow generation, automated testing, and deployment orchestration.

Open dossier
Next steps
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustDiffersPackage verified2026-04-10Package verified2026-04-11Package verified2026-04-10Package verified2026-04-11Package verified2025-10-16
Source provenanceNo submission linkNo submission linkNo submission linkNo submission linkNo submission link
Submitter
Install riskLow riskLow riskLow riskLow riskLow risk
Notes Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓
Brandn8n logon8nGitHub logoGitHubGitHub logoGitHub
Categoryskillsskillsskillsskillsskills
SourceFirst-partyFirst-partyFirst-partyFirst-partyFirst-party
AuthorJSONboredJSONboredJSONboredJSONboredJSONbored
Added2026-04-102026-04-112026-04-102026-04-112025-10-16
Platforms
Harness
Source repo
Safety notesCan design automation for live browsers, accounts, workflows, or infrastructure; use staging targets and human approval before destructive or account-write actions. Keep API tokens and service credentials least-privileged, and verify generated runbooks before scheduling or unattended execution.Installs from a downloaded package and may run local commands or scaffold files as part of the workflow; review the package and any generated changes before applying.May produce commands or configuration for live infrastructure, CI, releases, or indexing; test changes in staging or dry-run mode first. Use least-privilege API tokens and review workflow, deploy, DNS, cache, and release changes before applying them to production.Designs and runs automation workflows that can execute commands and trigger external actions; review each automation's permissions and triggers before enabling it.Setup downloads and unzips a package, and generated workflows run build/test/deploy commands in CI with repository permissions; review workflow YAML and least-privilege the GITHUB_TOKEN before merging.
Privacy notesInputs and outputs can include browser state, account metadata, workflow payloads, infrastructure inventory, logs, and operational screenshots. Redact credentials, session data, customer records, internal hostnames, and private workspace details before sharing prompts or artifacts.Operates on your local project files and any context you share in the session; review what you expose before sharing — nothing is sent beyond the model unless a step calls an external service.Inputs can include repository metadata, workflow logs, deployment settings, domain names, analytics exports, and service configuration. Redact tokens, account IDs, private URLs, customer data, and proprietary deployment details before sharing generated reports or prompts.Inputs can include source files, prompts, logs, account metadata, repository details, and operational context that may be sent to the configured AI model. Redact secrets, customer data, private URLs, credentials, and proprietary implementation details before sharing prompts, reports, or generated artifacts.CI workflows read repository code and use secrets (API keys, deploy credentials, model keys); store them in GitHub Actions secrets, never in workflow files or logs, and review what third-party actions can access.
Prerequisites
  • n8n environment inventory (workspaces, credentials, workflows)
  • Security policy baseline
  • Alerting destination for incidents
  • Repository access and PR diff
  • Security severity policy
  • Test/lint/typecheck commands
  • Existing workflows or target CI/CD architecture
  • Branch protection and environment policy context
  • Security/compliance requirements
  • Automation goals and success metrics
  • Notification channel
  • Operational owner
  • GitHub repository with Actions enabled
  • Test suite (Vitest, Jest, Playwright)
  • Deployment target (Vercel, AWS, GCP, etc.)
  • GitHub account with repository access and Actions enabled (free tier includes 2,000 minutes/month)
Install
curl -L https://heyclau.de/downloads/skills/n8n-production-security-capability-pack.zip -o n8n-production-security-capability-pack.zip && unzip -o n8n-production-security-capability-pack.zip -d ./n8n-production-security-capability-pack
curl -L https://heyclau.de/downloads/skills/coderabbit-lite-pr-review-capability-pack.zip -o coderabbit-lite-pr-review-capability-pack.zip && unzip -o coderabbit-lite-pr-review-capability-pack.zip -d ./coderabbit-lite-pr-review-capability-pack
curl -L https://heyclau.de/downloads/skills/github-actions-secure-cicd-capability-pack.zip -o github-actions-secure-cicd-capability-pack.zip && unzip -o github-actions-secure-cicd-capability-pack.zip -d ./github-actions-secure-cicd-capability-pack
curl -L https://heyclau.de/downloads/skills/codex-automations-orchestrator-capability-pack.zip -o codex-automations-orchestrator-capability-pack.zip && unzip -o codex-automations-orchestrator-capability-pack.zip -d ./codex-automations-orchestrator-capability-pack
curl -L https://heyclau.de/downloads/skills/github-actions-ai-cicd.zip -o github-actions-ai-cicd.zip && unzip -o github-actions-ai-cicd.zip -d ./github-actions-ai-cicd
Config
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimedUnclaimed
Open 4 picks in the interactive comparison tool
  1. 01
    Why it made the cut

    n8n Production Security Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  2. 02
    Why it made the cut

    Code Review Automation Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  3. 03
    Why it made the cut

    GitHub Actions Secure CI/CD Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  4. 04
    Why it made the cut

    Codex Automations Orchestrator Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  5. 05
    Why it made the cut

    GitHub Actions AI-Powered CI/CD Automation Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  6. 06
    Why it made the cut

    Google Workspace Gemini Automation Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  7. 07
    Why it made the cut

    Ethereum Base Smart Contract Security Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  8. 08
    Why it made the cut

    Ethereum Solidity Security Foundry Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  9. 09
    Why it made the cut

    MCP Server Authoring Security Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  10. 10
    Why it made the cut

    MCP Server Security Hardening Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  11. 11
    Why it made the cut

    OpenClaw Agent Ops Hardening Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  12. 12
    Why it made the cut

    OpenClaw Operator Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  13. 13
  14. 14
    Why it made the cut

    Prompt Injection Defense Guardrails Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  15. 15
    Why it made the cut

    Unraid API Automation Operator Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  16. 16
    Why it made the cut

    Unraid API v2 Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  17. 17
    Why it made the cut

    Windsurf AI-Native Collaborative Development Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  18. 18
    Why it made the cut

    n8n Operations Resilience Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  19. 19
    Why it made the cut

    Browser Agent Workflow Automation Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  20. 20
    Why it made the cut

    IndexNow Search Indexing Accelerator Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

Missing a pick? Propose an edit to this list — every change goes through the same review queue as new entries.

Suggest a pick
Weekly · Sundays

Get the weekly brief

One calm read on Claude workflows. Sundays. No tracking pixels.

Unsubscribe any time. No tracking pixels. No partner blasts.