Skip to main content
Source-backed · agents · 20 picks

Source-backed agent workflow resources

Agent resources with source metadata that makes review, attribution, and reuse easier before a team adopts them.

Curated by @heyclaude-editors Updated 2026-07-18

Agent resources with source metadata that makes review, attribution, and reuse easier before a team adopts them.

Compared at a glance

The top 5 picks side by side on trust, install, platform support, and disclosed notes — full rationale for each below.

2 trust signals differ across this comparison (Package trust, Source provenance).

Next steps differ across picks — use the actions in the table below to copy install commands and source links per resource.

Field

Access any application, workflows, or data via Workato's integration platform

Open dossier

Connect to nearly 8,000 apps through Zapier's automation platform

Open dossier

Use the built-in /hooks menu to inspect Claude Code hooks and configure them in settings.json so shell commands run deterministically at lifecycle events like PreToolUse, PostToolUse, and Stop.

Open dossier

Expert automation-orchestration capability pack for designing safe, low-noise recurring Codex workflows with clear runbooks.

Open dossier

Configure and optimize Cursor and Windsurf AI code editors for maximum productivity. Set up agent mode, composer features, keybindings, and AI-powered refactoring workflows. Customize with .cursorrules and .windsurfrules for project-specific guidance.

Open dossier
Next stepsDiffers
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustDiffersPackage verifiedPackage verifiedPackage not verifiedPackage verified2026-04-11Package verified2025-10-23
Source provenanceDiffersNo submission linkNo submission linkSource-backedNo submission linkNo submission link
Submitter
Install riskLow riskLow riskReview firstLow riskLow risk
Notes Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓
BrandWorkato logoWorkatoZapier logoZapierWindsurf logoWindsurf
Categorymcpmcpcommandsskillsskills
SourceFirst-partyFirst-partySource-backedFirst-partyFirst-party
AuthorWorkatoZapierJSONboredJSONboredJSONbored
Added2025-09-182025-09-182025-10-252026-04-112025-10-23
Platforms
Harness
Source repo
Safety notesRestrict recipe and connection access because automations can trigger reads or writes across many connected business systems.Restrict the generated Zapier MCP URL and enabled actions because automations can write across many connected apps.Hooks execute shell commands automatically with your user permissions whenever their event fires. A misconfigured or malicious hook can run destructive commands (file deletion, network calls, credential access) without further confirmation. PreToolUse hooks can allow or deny tool calls and PostToolUse hooks run after tools succeed; review hook commands before committing them to a shared .claude/settings.json so teammates do not inherit unexpected execution. Prefer `.claude/settings.json` for reviewed, team-shared hooks and `.claude/settings.local.json` for personal, gitignored hooks; use `disableAllHooks` to turn off user/project hooks when running untrusted code.Designs and runs automation workflows that can execute commands and trigger external actions; review each automation's permissions and triggers before enabling it.Setup downloads and unzips a package and changes IDE configuration files; review what it writes and run it in a trusted workspace.
Privacy notesConnected app data, workflow payloads, account metadata, and integration connection details may be sent through tool calls.Connected app data, workflow payloads, account metadata, and action inputs or outputs may be sent through model context.Command and HTTP hooks receive event JSON on stdin including `session_id`, `transcript_path`, `cwd`, and tool input (such as file paths and Bash commands); a hook that forwards this data over the network can expose local file contents, paths, or command arguments to third parties. HTTP hooks can include headers with interpolated environment variables (restricted by `allowedEnvVars`); avoid embedding secrets in hook configuration that is committed to a repository.Inputs can include source files, prompts, logs, account metadata, repository details, and operational context that may be sent to the configured AI model. Redact secrets, customer data, private URLs, credentials, and proprietary implementation details before sharing prompts, reports, or generated artifacts.Cursor and Windsurf send your code and prompts to their AI backends to power completion and chat; review each editor's data-handling settings and keep API keys out of committed config.
Prerequisites
  • Workato account (workspace access required)
  • Bearer token authentication (created in Workato Dashboard)
  • Network access to your Workato workspace MCP endpoint (HTTPS required, HTTP transport)
  • Understanding of Workato recipes/workflows (automation concepts)
  • Zapier account (free or paid plan)
  • Personal authentication token (generated at mcp.zapier.com)
  • Network access to mcp.zapier.com (HTTPS required, HTTP transport)
  • Understanding of Zapier Zaps/workflows (automation concepts)
— none listed
  • Automation goals and success metrics
  • Notification channel
  • Operational owner
  • Cursor IDE or Windsurf IDE
  • OpenAI API key or Anthropic API key
  • macOS/Windows/Linux
  • Cursor or Windsurf IDE installed (latest version recommended for best AI features)
Install
claude mcp add --transport http workato YOUR_WORKATO_MCP_URL && claude mcp list
claude mcp add --transport http zapier YOUR_GENERATED_URL && claude mcp list
curl -L https://heyclau.de/downloads/skills/codex-automations-orchestrator-capability-pack.zip -o codex-automations-orchestrator-capability-pack.zip && unzip -o codex-automations-orchestrator-capability-pack.zip -d ./codex-automations-orchestrator-capability-pack
curl -L https://heyclau.de/downloads/skills/cursor-windsurf-ai-ide-setup.zip -o cursor-windsurf-ai-ide-setup.zip && unzip -o cursor-windsurf-ai-ide-setup.zip -d ./cursor-windsurf-ai-ide-setup
Config
Manual-only setup:
{
  "workato": {
    "url": "https://your-workspace.workato.com/mcp",
    "transport": "http"
  }
}
Manual-only setup:
{
  "zapier": {
    "url": "https://mcp.zapier.com/YOUR_GENERATED_URL",
    "transport": "http"
  }
}
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimedUnclaimed
Open 4 picks in the interactive comparison tool
  1. 01
    Why it made the cut

    Workato MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  2. 02
    Why it made the cut

    Zapier MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  3. 03
    Why it made the cut

    Configure Claude Code Hooks with /hooks is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  4. 04
    Why it made the cut

    Codex Automations Orchestrator Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  5. 05
    Why it made the cut

    Cursor Windsurf AI Code Editor Skill - Claude Code Skills is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  6. 06
    Why it made the cut

    GitHub Actions AI-Powered CI/CD Automation Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  7. 07
    Why it made the cut

    Google Workspace Gemini Automation Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  8. 08
    Why it made the cut

    n8n Production Security Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  9. 09
    Why it made the cut

    Windsurf AI-Native Collaborative Development Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  10. 10
    Why it made the cut

    Create Claude Code Subagents with /agents is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  11. 11
    Why it made the cut

    DevOps Engineer Agent - CI/CD, Terraform, Kubernetes is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  12. 12
    Why it made the cut

    TDD Workflow Custom Command for Claude Code is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  13. 13
    Why it made the cut

    Asana MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  14. 14
    Why it made the cut

    Code Review Automation Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  15. 15
    Why it made the cut

    Figma MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  16. 16
    Why it made the cut

    Monday MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  17. 17
  18. 18
    Why it made the cut

    Stytch MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  19. 19
    Why it made the cut

    Unraid API Automation Operator Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  20. 20
    Why it made the cut

    Unraid API v2 Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

Missing a pick? Propose an edit to this list — every change goes through the same review queue as new entries.

Suggest a pick
Weekly · Sundays

Get the weekly brief

One calm read on Claude workflows. Sundays. No tracking pixels.

Unsubscribe any time. No tracking pixels. No partner blasts.