Skip to main content
Review automation · hooks · 18 picks

Team review automation for agent workflows

Claude resources for teams adding repeatable checks, code review flows, repository hygiene, and operational guardrails.

Curated by @heyclaude-editors Updated 2026-07-18

Claude resources for teams adding repeatable checks, code review flows, repository hygiene, and operational guardrails.

Compared at a glance

The top 5 picks side by side on trust, install, platform support, and disclosed notes — full rationale for each below.

2 trust signals differ across this comparison (Package trust, Source provenance).

Next steps differ across picks — use the actions in the table below to copy install commands and source links per resource.

Field

Write and maintain reliable end-to-end tests with Playwright — Microsoft's browser automation library that auto-waits for actionable elements and runs the same suite against Chromium, Firefox, and WebKit.

Open dossier

Comprehensive pre-commit hook that validates code quality, runs tests, and enforces standards.

Open dossier

Build intelligent CI/CD pipelines with GitHub Actions, AI-assisted workflow generation, automated testing, and deployment orchestration.

Open dossier

Build repeatable eval suites that catch quality regressions in AI agent behavior before merge or release.

Open dossier

Expert code-review capability pack for deterministic PR audits, risk-ranked findings, and low-noise fix planning without SaaS lock-in.

Open dossier
Next stepsDiffers
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustDiffersPackage verified2025-10-16Package not verifiedPackage verified2025-10-16Package verified2026-04-10Package verified2026-04-11
Source provenanceDiffersNo submission linkSource-backedNo submission linkNo submission linkNo submission link
Submitter
Install riskLow riskReview firstLow riskLow riskLow risk
Notes Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓
BrandGitHub logoGitHub
Categoryskillshooksskillsskillsskills
SourceFirst-partySource-backedFirst-partyFirst-partyFirst-party
AuthorJSONboredJSONboredJSONboredJSONboredJSONbored
Added2025-10-162025-09-162025-10-162026-04-102026-04-11
Platforms
Harness
Source repo
Safety notes`npx playwright install --with-deps` downloads browser binaries (~500 MB for Chromium, Firefox, and WebKit) from Playwright's CDN and on Linux installs system-level packages. Review your network and environment policies before running in restricted infrastructure. Generated tests have full browser-level access to any URL they target. Review test scripts before running them against authenticated sessions or production environments — Playwright can submit forms, click buttons, and make network requests as a real user.Runs automatically on its configured Claude Code hook event and executes shell logic that can read, modify, or delete files in your project (and may run builds, installs, or network calls); review the script and scope it to expected paths before enabling.Setup downloads and unzips a package, and generated workflows run build/test/deploy commands in CI with repository permissions; review workflow YAML and least-privilege the GITHUB_TOKEN before merging.This skill produces automated release recommendations (merge, patch, or rollback) from eval scores; treat them as decision support and require human review before gating production releases or running suggested commands.Installs from a downloaded package and may run local commands or scaffold files as part of the workflow; review the package and any generated changes before applying.
Privacy notesPlaywright runs entirely on your local machine. Traces, screenshots, and HTML test reports are written to local disk only and are not uploaded to Microsoft or any external service. Trace files and failure screenshots may capture sensitive content from the application under test (form data, rendered PII, session tokens visible in URLs). Store and rotate these files appropriately.Receives Claude Code hook input (session metadata, file paths, and tool output) and reads local project files; review what the script logs or forwards to external services and keep credentials out of its output.CI workflows read repository code and use secrets (API keys, deploy credentials, model keys); store them in GitHub Actions secrets, never in workflow files or logs, and review what third-party actions can access.Inputs can include source files, prompts, logs, account metadata, repository details, and operational context that may be sent to the configured AI model. Redact secrets, customer data, private URLs, credentials, and proprietary implementation details before sharing prompts, reports, or generated artifacts.Operates on your local project files and any context you share in the session; review what you expose before sharing — nothing is sent beyond the model unless a step calls an external service.
Prerequisites
  • Node.js 18+
  • Playwright 1.40+ with the @playwright/test package
  • Browser binaries installed via `npx playwright install` (Chromium, Firefox, WebKit)
  • A web application accessible for testing (local dev server, staging, or production URL)
— none listed
  • GitHub repository with Actions enabled
  • Test suite (Vitest, Jest, Playwright)
  • Deployment target (Vercel, AWS, GCP, etc.)
  • GitHub account with repository access and Actions enabled (free tier includes 2,000 minutes/month)
  • Existing prompts, tools, or agent workflows to evaluate
  • A representative set of real user tasks or transcripts
  • CI or local runner where eval suites can be executed repeatedly
  • Repository access and PR diff
  • Security severity policy
  • Test/lint/typecheck commands
Install
npx playwright install --with-deps
mkdir -p .claude/hooks && touch .claude/hooks/git-pre-commit-validator.sh && chmod +x .claude/hooks/git-pre-commit-validator.sh
curl -L https://heyclau.de/downloads/skills/github-actions-ai-cicd.zip -o github-actions-ai-cicd.zip && unzip -o github-actions-ai-cicd.zip -d ./github-actions-ai-cicd
curl -L https://heyclau.de/downloads/skills/agent-evals-regression-gate.zip -o agent-evals-regression-gate.zip && unzip -o agent-evals-regression-gate.zip -d ./agent-evals-regression-gate
curl -L https://heyclau.de/downloads/skills/coderabbit-lite-pr-review-capability-pack.zip -o coderabbit-lite-pr-review-capability-pack.zip && unzip -o coderabbit-lite-pr-review-capability-pack.zip -d ./coderabbit-lite-pr-review-capability-pack
Config
{
  "hooks": {
    "preToolUse": {
      "script": "./.claude/hooks/git-pre-commit-validator.sh",
      "matchers": [
        "git"
      ]
    }
  }
}
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimedUnclaimed
Open 4 picks in the interactive comparison tool
  1. 01
  2. 02
    Why it made the cut

    Git Pre Commit Validator - Hooks is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  3. 03
    Why it made the cut

    GitHub Actions AI-Powered CI/CD Automation Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  4. 04
    Why it made the cut

    Agent Evals Regression Gate Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  5. 05
    Why it made the cut

    Code Review Automation Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  6. 06
    Why it made the cut

    Playwright MCP Browser Automation Engineer Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  7. 07
    Why it made the cut

    Codex Automations Orchestrator Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  8. 08
    Why it made the cut

    Git MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  9. 09
    Why it made the cut

    GitHub MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  10. 10
    Why it made the cut

    Google Workspace Gemini Automation Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  11. 11
    Why it made the cut

    Jam MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  12. 12
    Why it made the cut

    MCP Tool Contract Testing Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  13. 13
    Why it made the cut

    n8n Production Security Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  14. 14
    Why it made the cut

    Unraid API Automation Operator Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  15. 15
    Why it made the cut

    Unraid API v2 Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  16. 16
    Why it made the cut

    Workato MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  17. 17
    Why it made the cut

    Zapier MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  18. 18
    Why it made the cut

    /test-advanced - Advanced Test Planning Custom Command is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

Missing a pick? Propose an edit to this list — every change goes through the same review queue as new entries.

Suggest a pick
Weekly · Sundays

Get the weekly brief

One calm read on Claude workflows. Sundays. No tracking pixels.

Unsubscribe any time. No tracking pixels. No partner blasts.