Source-backed agent workflow resources
Agent resources with source metadata that makes review, attribution, and reuse easier before a team adopts them.
Agent resources with source metadata that makes review, attribution, and reuse easier before a team adopts them.
Compared at a glance
The top 5 picks side by side on trust, install, platform support, and disclosed notes — full rationale for each below.
2 trust signals differ across this comparison (Package trust, Source provenance).
Next steps differ across picks — use the actions in the table below to copy install commands and source links per resource.
| Field | Access any application, workflows, or data via Workato's integration platform Open dossier | Connect to nearly 8,000 apps through Zapier's automation platform Open dossier | Use the built-in /hooks menu to inspect Claude Code hooks and configure them in settings.json so shell commands run deterministically at lifecycle events like PreToolUse, PostToolUse, and Stop. Open dossier | Expert automation-orchestration capability pack for designing safe, low-noise recurring Codex workflows with clear runbooks. Open dossier | Configure and optimize Cursor and Windsurf AI code editors for maximum productivity. Set up agent mode, composer features, keybindings, and AI-powered refactoring workflows. Customize with .cursorrules and .windsurfrules for project-specific guidance. Open dossier |
|---|---|---|---|---|---|
| Next stepsDiffers | |||||
| Trust | |||||
| Review status | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed |
| Package trustDiffers | Package verified | Package verified | Package not verified | Package verified2026-04-11 | Package verified2025-10-23 |
| Source provenanceDiffers | No submission link | No submission link | Source-backed | No submission link | No submission link |
| Submitter | — | — | — | — | — |
| Install risk | Low risk | Low risk | Review first | Low risk | Low risk |
| Notes | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ |
| Brand | — | — | |||
| Category | mcp | mcp | commands | skills | skills |
| Source | First-party | First-party | Source-backed | First-party | First-party |
| Author | Workato | Zapier | JSONbored | JSONbored | JSONbored |
| Added | 2025-09-18 | 2025-09-18 | 2025-10-25 | 2026-04-11 | 2025-10-23 |
| Platforms | |||||
| Harness | |||||
| Source repo | — | — | — | — | — |
| Safety notes | ✓Restrict recipe and connection access because automations can trigger reads or writes across many connected business systems. | ✓Restrict the generated Zapier MCP URL and enabled actions because automations can write across many connected apps. | ✓Hooks execute shell commands automatically with your user permissions whenever their event fires. A misconfigured or malicious hook can run destructive commands (file deletion, network calls, credential access) without further confirmation. PreToolUse hooks can allow or deny tool calls and PostToolUse hooks run after tools succeed; review hook commands before committing them to a shared .claude/settings.json so teammates do not inherit unexpected execution. Prefer `.claude/settings.json` for reviewed, team-shared hooks and `.claude/settings.local.json` for personal, gitignored hooks; use `disableAllHooks` to turn off user/project hooks when running untrusted code. | ✓Designs and runs automation workflows that can execute commands and trigger external actions; review each automation's permissions and triggers before enabling it. | ✓Setup downloads and unzips a package and changes IDE configuration files; review what it writes and run it in a trusted workspace. |
| Privacy notes | ✓Connected app data, workflow payloads, account metadata, and integration connection details may be sent through tool calls. | ✓Connected app data, workflow payloads, account metadata, and action inputs or outputs may be sent through model context. | ✓Command and HTTP hooks receive event JSON on stdin including `session_id`, `transcript_path`, `cwd`, and tool input (such as file paths and Bash commands); a hook that forwards this data over the network can expose local file contents, paths, or command arguments to third parties. HTTP hooks can include headers with interpolated environment variables (restricted by `allowedEnvVars`); avoid embedding secrets in hook configuration that is committed to a repository. | ✓Inputs can include source files, prompts, logs, account metadata, repository details, and operational context that may be sent to the configured AI model. Redact secrets, customer data, private URLs, credentials, and proprietary implementation details before sharing prompts, reports, or generated artifacts. | ✓Cursor and Windsurf send your code and prompts to their AI backends to power completion and chat; review each editor's data-handling settings and keep API keys out of committed config. |
| Prerequisites |
|
| — none listed |
|
|
| Install | | | — | | |
| Config | | | — | — | — |
| Citations | |||||
| Claim | Unclaimed | Unclaimed | Unclaimed | Unclaimed | Unclaimed |
- 01
Workato MCP Server for Claude
Access any application, workflows, or data via Workato's integration platform
Added 10mo agoSafety ✓ Privacy ✓by WorkatoWhy it made the cutWorkato MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 02
Zapier MCP Server for Claude
Connect to nearly 8,000 apps through Zapier's automation platform
Added 10mo agoSafety ✓ Privacy ✓by ZapierWhy it made the cutZapier MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 03
Configure Claude Code Hooks with /hooks
Wire shell commands to PreToolUse, PostToolUse, Stop, and other events via the /hooks menu or settings.json.
Invocation:/hooksAdded 8mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutConfigure Claude Code Hooks with /hooks is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 04
Codex Automations Orchestrator Capability Pack Skill
Plan and operate recurring agent automations with deterministic prompts, guardrails, and output contracts.
Level:expertType:capability-packVerified:validatedAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutCodex Automations Orchestrator Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 05
Cursor Windsurf AI Code Editor Skill - Claude Code Skills
Configure and optimize Cursor and Windsurf AI code editors for maximum productivity.
Level:advancedType:generalVerified:draftAdded 8mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutCursor Windsurf AI Code Editor Skill - Claude Code Skills is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 06
GitHub Actions AI-Powered CI/CD Automation Skill
Build intelligent CI/CD pipelines with GitHub Actions, AI-assisted workflow generation, automated testing, and deployment orchestration.
Level:advancedType:generalVerified:draftAdded 9mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutGitHub Actions AI-Powered CI/CD Automation Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 07
Google Workspace Gemini Automation Skill
Build practical Gemini + Workspace automations with safeguards, auditability, and business-ready output quality.
Level:advancedType:generalVerified:draftAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutGoogle Workspace Gemini Automation Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 08
n8n Production Security Capability Pack Skill
Deep n8n production security skill for safe AI workflows, credential protection, and incident-ready operations.
Level:expertType:capability-packVerified:validatedAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutn8n Production Security Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 09
Windsurf AI-Native Collaborative Development Skill
Master collaborative AI-assisted development with Windsurf IDE's Cascade AI, multi-file context awareness, and Flow patterns for team wor...
Level:advancedType:generalVerified:draftAdded 9mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutWindsurf AI-Native Collaborative Development Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 10
Create Claude Code Subagents with /agents
Use the built-in /agents command (or a .claude/agents Markdown file) to define specialized subagents with their own system prompt, tool restrictions, and model.
Invocation:/agentsAdded 8mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutCreate Claude Code Subagents with /agents is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 11
DevOps Engineer Agent - CI/CD, Terraform, Kubernetes
DevOps subagent persona for GitHub Actions CI/CD, Terraform IaC, Docker, and Kubernetes. Real workflows and manifests, no predictive or self-healing claims.
Added 9mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutDevOps Engineer Agent - CI/CD, Terraform, Kubernetes is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 12
TDD Workflow Custom Command for Claude Code
A custom .claude/commands/tdd-workflow.md recipe that drives a red-green-refactor loop in Claude Code. Not a built-in command.
Invocation:Create .claude/commands/tdd-workflow.md, then run: /tdd-workflow add a slugify() helperAdded 8mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutTDD Workflow Custom Command for Claude Code is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 13
Asana MCP Server for Claude
Interact with Asana workspaces to manage projects and tasks
Added 10mo agoSafety ✓ Privacy ✓by AsanaWhy it made the cutAsana MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 14
Code Review Automation Capability Pack Skill
Run a local, repeatable PR review loop with severity scoring, false-positive control, and fix-ready output.
Level:expertType:capability-packVerified:validatedAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutCode Review Automation Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 15
Figma MCP Server for Claude
Access designs, export assets, and interact with Figma files through Claude
Added 10mo agoSafety ✓ Privacy ✓by FigmaWhy it made the cutFigma MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 16
Monday MCP Server for Claude
Manage monday.com boards, items, and CRM activities
Added 10mo agoSafety ✓ Privacy ✓by Monday.comWhy it made the cutMonday MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 17
Playwright E2E Testing Automation Skill
Playwright auto-waits for elements before acting, isolates every test context, and targets Chromium, Firefox, and WebKit from a single cross-platform API...
Level:advancedType:generalVerified:draftAdded 9mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutPlaywright E2E Testing Automation Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 18
Stytch MCP Server for Claude
Configure and manage Stytch authentication services and workspace settings
Added 10mo agoSafety ✓ Privacy ✓by StytchWhy it made the cutStytch MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 19
Unraid API Automation Operator Skill
Unraid-focused automation skill for agent-driven maintenance, observability, and repeatable operations.
Level:advancedType:generalVerified:draftAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutUnraid API Automation Operator Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 20
Unraid API v2 Capability Pack Skill
Expert Unraid API skill with endpoint behavior, auth flows, error patterns, and production-safe automation guardrails.
Level:expertType:capability-packVerified:validatedAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutUnraid API v2 Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
Missing a pick? Propose an edit to this list — every change goes through the same review queue as new entries.
Suggest a pickGet the weekly brief
One calm read on Claude workflows. Sundays. No tracking pixels.
Unsubscribe any time. No tracking pixels. No partner blasts.