Safer install paths for Agent Skills
Agent Skills and related resources with package verification, first-party source, or trusted copyable setup metadata that can be reviewed before use.
Agent Skills and related resources with package verification, first-party source, or trusted copyable setup metadata that can be reviewed before use.
Compared at a glance
The top 5 picks side by side on trust, install, platform support, and disclosed notes — full rationale for each below.
1 trust signal differ across this comparison (Package trust).
| Field | Expert n8n capability skill focused on secure production operation, workflow isolation, secret hygiene, and abuse-resistant automation design. Open dossier | Expert code-review capability pack for deterministic PR audits, risk-ranked findings, and low-noise fix planning without SaaS lock-in. Open dossier | Expert GitHub Actions capability skill for secure workflow architecture, token minimization, supply-chain controls, and CI reliability. Open dossier | Expert automation-orchestration capability pack for designing safe, low-noise recurring Codex workflows with clear runbooks. Open dossier | Build intelligent CI/CD pipelines with GitHub Actions, AI-assisted workflow generation, automated testing, and deployment orchestration. Open dossier |
|---|---|---|---|---|---|
| Next steps | |||||
| Trust | |||||
| Review status | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed |
| Package trustDiffers | Package verified2026-04-10 | Package verified2026-04-11 | Package verified2026-04-10 | Package verified2026-04-11 | Package verified2025-10-16 |
| Source provenance | No submission link | No submission link | No submission link | No submission link | No submission link |
| Submitter | — | — | — | — | — |
| Install risk | Low risk | Low risk | Low risk | Low risk | Low risk |
| Notes | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ |
| Brand | — | — | |||
| Category | skills | skills | skills | skills | skills |
| Source | First-party | First-party | First-party | First-party | First-party |
| Author | JSONbored | JSONbored | JSONbored | JSONbored | JSONbored |
| Added | 2026-04-10 | 2026-04-11 | 2026-04-10 | 2026-04-11 | 2025-10-16 |
| Platforms | |||||
| Harness | |||||
| Source repo | — | — | — | — | — |
| Safety notes | ✓Can design automation for live browsers, accounts, workflows, or infrastructure; use staging targets and human approval before destructive or account-write actions. Keep API tokens and service credentials least-privileged, and verify generated runbooks before scheduling or unattended execution. | ✓Installs from a downloaded package and may run local commands or scaffold files as part of the workflow; review the package and any generated changes before applying. | ✓May produce commands or configuration for live infrastructure, CI, releases, or indexing; test changes in staging or dry-run mode first. Use least-privilege API tokens and review workflow, deploy, DNS, cache, and release changes before applying them to production. | ✓Designs and runs automation workflows that can execute commands and trigger external actions; review each automation's permissions and triggers before enabling it. | ✓Setup downloads and unzips a package, and generated workflows run build/test/deploy commands in CI with repository permissions; review workflow YAML and least-privilege the GITHUB_TOKEN before merging. |
| Privacy notes | ✓Inputs and outputs can include browser state, account metadata, workflow payloads, infrastructure inventory, logs, and operational screenshots. Redact credentials, session data, customer records, internal hostnames, and private workspace details before sharing prompts or artifacts. | ✓Operates on your local project files and any context you share in the session; review what you expose before sharing — nothing is sent beyond the model unless a step calls an external service. | ✓Inputs can include repository metadata, workflow logs, deployment settings, domain names, analytics exports, and service configuration. Redact tokens, account IDs, private URLs, customer data, and proprietary deployment details before sharing generated reports or prompts. | ✓Inputs can include source files, prompts, logs, account metadata, repository details, and operational context that may be sent to the configured AI model. Redact secrets, customer data, private URLs, credentials, and proprietary implementation details before sharing prompts, reports, or generated artifacts. | ✓CI workflows read repository code and use secrets (API keys, deploy credentials, model keys); store them in GitHub Actions secrets, never in workflow files or logs, and review what third-party actions can access. |
| Prerequisites |
|
|
|
|
|
| Install | | | | | |
| Config | — | — | — | — | — |
| Citations | |||||
| Claim | Unclaimed | Unclaimed | Unclaimed | Unclaimed | Unclaimed |
- 01
n8n Production Security Capability Pack Skill
Deep n8n production security skill for safe AI workflows, credential protection, and incident-ready operations.
Level:expertType:capability-packVerified:validatedAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutn8n Production Security Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 02
Code Review Automation Capability Pack Skill
Run a local, repeatable PR review loop with severity scoring, false-positive control, and fix-ready output.
Level:expertType:capability-packVerified:validatedAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutCode Review Automation Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 03
GitHub Actions Secure CI/CD Capability Pack Skill
Deep CI/CD security and reliability skill for GitHub Actions with reusable workflows, policy checks, and hardened automation patterns.
Level:expertType:capability-packVerified:validatedAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutGitHub Actions Secure CI/CD Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 04
Codex Automations Orchestrator Capability Pack Skill
Plan and operate recurring agent automations with deterministic prompts, guardrails, and output contracts.
Level:expertType:capability-packVerified:validatedAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutCodex Automations Orchestrator Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 05
GitHub Actions AI-Powered CI/CD Automation Skill
Build intelligent CI/CD pipelines with GitHub Actions, AI-assisted workflow generation, automated testing, and deployment orchestration.
Level:advancedType:generalVerified:draftAdded 9mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutGitHub Actions AI-Powered CI/CD Automation Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 06
Google Workspace Gemini Automation Skill
Build practical Gemini + Workspace automations with safeguards, auditability, and business-ready output quality.
Level:advancedType:generalVerified:draftAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutGoogle Workspace Gemini Automation Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 07
Ethereum Base Smart Contract Security Capability Pack Skill
Deep smart contract security skill covering Solidity design, test rigor, deployment hygiene, and post-launch risk controls.
Level:expertType:capability-packVerified:validatedAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutEthereum Base Smart Contract Security Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 08
Ethereum Solidity Security Foundry Skill
Smart contract development skill focused on secure Solidity architecture, testing rigor, and safer deployment practices.
Level:advancedType:generalVerified:draftAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutEthereum Solidity Security Foundry Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 09
MCP Server Authoring Security Capability Pack Skill
MCP server skill for secure tool design, authorization boundaries, contract stability, and production safety controls.
Level:expertType:capability-packVerified:validatedAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutMCP Server Authoring Security Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 10
MCP Server Security Hardening Skill
Harden Model Context Protocol servers with practical controls for auth, tool scope, input validation, and supply-chain risk.
Level:advancedType:generalVerified:draftAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutMCP Server Security Hardening Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 11
OpenClaw Agent Ops Hardening Skill
Production hardening for OpenClaw deployments, including permissions, network segmentation, and abuse-resistant agent controls.
Level:advancedType:generalVerified:draftAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutOpenClaw Agent Ops Hardening Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 12
OpenClaw Operator Capability Pack Skill
Deep operational OpenClaw skill for maintaining secure, reliable, and cost-aware multi-agent systems.
Level:expertType:capability-packVerified:validatedAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutOpenClaw Operator Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 13
Playwright E2E Testing Automation Skill
Playwright auto-waits for elements before acting, isolates every test context, and targets Chromium, Firefox, and WebKit from a single cross-platform API...
Level:advancedType:generalVerified:draftAdded 9mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutPlaywright E2E Testing Automation Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 14
Prompt Injection Defense Guardrails Skill
Implement practical prompt injection defenses with policy gates, tool constraints, and adversarial test cases.
Level:advancedType:generalVerified:draftAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutPrompt Injection Defense Guardrails Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 15
Unraid API Automation Operator Skill
Unraid-focused automation skill for agent-driven maintenance, observability, and repeatable operations.
Level:advancedType:generalVerified:draftAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutUnraid API Automation Operator Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 16
Unraid API v2 Capability Pack Skill
Expert Unraid API skill with endpoint behavior, auth flows, error patterns, and production-safe automation guardrails.
Level:expertType:capability-packVerified:validatedAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutUnraid API v2 Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 17
Windsurf AI-Native Collaborative Development Skill
Master collaborative AI-assisted development with Windsurf IDE's Cascade AI, multi-file context awareness, and Flow patterns for team wor...
Level:advancedType:generalVerified:draftAdded 9mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutWindsurf AI-Native Collaborative Development Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 18
n8n Operations Resilience Capability Pack Skill
Run n8n in production with retry strategy, failure isolation, and secure credential governance.
Level:expertType:capability-packVerified:validatedAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutn8n Operations Resilience Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 19
Browser Agent Workflow Automation Skill
Design production-ready browser agent workflows with reliable selectors, guardrails, and replayable runbooks.
Level:advancedType:generalVerified:draftAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutBrowser Agent Workflow Automation Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 20
IndexNow Search Indexing Accelerator Skill
SEO operations skill for faster indexing updates using structured publishing, sitemap hygiene, and IndexNow submission patterns.
Level:advancedType:generalVerified:draftAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutIndexNow Search Indexing Accelerator Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
Missing a pick? Propose an edit to this list — every change goes through the same review queue as new entries.
Suggest a pickGet the weekly brief
One calm read on Claude workflows. Sundays. No tracking pixels.
Unsubscribe any time. No tracking pixels. No partner blasts.