skillsSource-backedReview first Safety ✓ Privacy ✓
Privacy and Safety Notes Authoring Capability Pack Skill
Expert capability pack for drafting accurate safetyNotes and privacyNotes on HeyClaude hooks, MCP servers, skills, commands, and statuslines using CONTRIBUTING.md disclosure requirements and submission examples.
HarnessClaude CodeCodexWindsurfGeminiCursorCLI
Level:expertType:capability-packVerified:validated
Review first — review before installing
Open the source and read safety notes before installing.
Safety notes
- This skill drafts disclosure text only; it does not execute submitted hooks or MCP servers.
- Do not paste live secrets into review prompts—use placeholders when illustrating patterns.
Privacy notes
- Review prompts may include draft submission text—redact customer or employer identifiers.
Prerequisites
- Draft or existing HeyClaude content entry with known runtime behavior.
- Access to CONTRIBUTING.md disclosure categories for the target category.
- Reviewer who can confirm network, credential, and write/delete behavior.
Schema details
- Install type
- package
- Reading time
- 8 min
- Difficulty score
- 58
- Troubleshooting
- Yes
- Breaking changes
- No
Package metadata
Skill and platform metadata
- Skill type
- capability-pack
- Skill level
- expert
- Verification
- validated
- Verified at
- 2026-06-16
Retrieval sources
https://github.com/JSONbored/awesome-claude/blob/main/CONTRIBUTING.mdhttps://github.com/JSONbored/awesome-claude/blob/main/examples/content/SUBMISSION_EXAMPLES.mdhttps://github.com/JSONbored/awesome-claude/blob/main/examples/content/SCHEMA.mdhttps://code.claude.com/docs/en/securityhttps://developers.google.com/search/docs/fundamentals/creating-helpful-content
Tested platforms
Claude CodeClaudeCursorGeneric AGENTS
| Platform | Support | Install path |
|---|---|---|
| claude-code | Native | .claude/skills/<skill-name>/SKILL.md |
| codex | Native | .agents/skills/<skill-name>/SKILL.md |
| windsurf | Native | .windsurf/skills/<skill-name>/SKILL.md |
| gemini | Native | .gemini/skills/<skill-name>/SKILL.md or .agents/skills/<skill-name>/SKILL.md |
| cursor | Adapter | .cursor/rules/<skill-name>.mdc |
| cli | Manual | AGENTS.md or tool-specific context file |
Full copyable content
# Trigger
"Apply the privacy and safety notes authoring capability pack for this submission."
# Required output
1) Runtime behavior inventory (execution, network, writes, credentials)
2) Draft safetyNotes bullets with concrete risks
3) Draft privacyNotes bullets with data exposure paths
4) Review matrix pass/fail per CONTRIBUTING categories
5) Privacy-safe summary for maintainersAbout this resource
Knowledge Freshness
Grounded in HeyClaude CONTRIBUTING.md and submission examples verified on 2026-06-16. Disclosure requirements may evolve with schema updates—confirm SCHEMA.md before publishing.
Retrieval Sources
- https://github.com/JSONbored/awesome-claude/blob/main/CONTRIBUTING.md
- https://github.com/JSONbored/awesome-claude/blob/main/examples/content/SUBMISSION_EXAMPLES.md
- https://github.com/JSONbored/awesome-claude/blob/main/examples/content/SCHEMA.md
- https://code.claude.com/docs/en/security
- https://developers.google.com/search/docs/fundamentals/creating-helpful-content
Source Verification Notes
Verified on 2026-06-16:
- CONTRIBUTING.md requires safety_notes for code execution, package install risk, write/delete actions, background workers, network access, and account writes.
- CONTRIBUTING.md requires privacy_notes for local file access, logs, credentials, telemetry, third-party API calls, and retained data exposure.
- SUBMISSION_EXAMPLES.md rejects hooks and MCP servers that access home directories, call third-party APIs, or write files without safety and privacy notes.
- Claude Code security documentation recommends reviewing proposed commands and changes for safety before approval.
Scope Note
Community reusable authoring skill—not an official HeyClaude maintainer tool. Applies public contribution disclosure rules to draft frontmatter notes.
Core Workflow
- Inventory runtime behavior: execution, installs, writes, network, credentials, logs.
- Map behaviors to CONTRIBUTING safety_note categories.
- Map data flows to privacy_note categories (local files, telemetry, third parties).
- Draft concrete safetyNotes bullets—avoid generic "use with caution" only.
- Draft privacyNotes bullets listing what enters model context or leaves the machine.
- Cross-check SUBMISSION_EXAMPLES rejected cases (missing notes, hidden network calls).
- Produce maintainer-ready summary without live secrets.
Capability Scope
- safetyNotes drafting for hooks, MCP, skills, commands, statuslines.
- privacyNotes drafting for credential and telemetry exposure.
- Review matrix against CONTRIBUTING categories.
- Rejection-pattern avoidance from submission examples.
Compatibility
Native
- Claude Code: use when preparing one-file HeyClaude content PRs.
Manual Adaptation
- Generic AGENTS: apply checklist when reviewing any AI workflow registry submission.
Required Inputs
- Target category and slug.
- Known install/command/config behavior.
- Network endpoints or file paths touched at runtime.
- Whether background workers or retained logs exist.
Production Rules
- Never embed live tokens in examples—use obvious placeholders.
- Separate safety (what can break systems) from privacy (what data is exposed).
- If behavior is read-only, say so explicitly instead of omitting notes.
- If a field is not applicable, explain why rather than leaving it empty without context.
- Link only to official docs in retrievalSources—no affiliate URLs.
Review Matrix
| Behavior | safetyNotes | privacyNotes |
|---|---|---|
| Bash execution | Required | If logs capture paths |
| MCP network calls | Required | Required |
| Read-only grep | Note read scope | If PII in files |
| Package install | Required | If telemetry sent |
| Background worker | Required | Required |
Output Contract
- Runtime behavior inventory.
- Draft safetyNotes list.
- Draft privacyNotes list.
- Review matrix with pass/fail per row.
- Privacy-safe maintainer summary.
Troubleshooting
Issue: Notes too generic Fix: Name the exact tool, path, network host, or credential type affected.
Issue: Missing privacyNotes for MCP server Fix: Document tool outputs and third-party API calls per SUBMISSION_EXAMPLES.
Duplicate Check
No skills entry provides this HeyClaude-specific safetyNotes and privacyNotes authoring capability pack with CONTRIBUTING-aligned review matrix.
Editorial Disclosure
Independent entry by kiannidev based on public HeyClaude contribution docs. No
paid placement or affiliate links.
Source citations
Add this badge to your README
Show that Privacy and Safety Notes Authoring Capability Pack Skill is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.
[](https://heyclau.de/entry/skills/privacy-safety-notes-authoring-capability-pack)How it compares
Privacy and Safety Notes Authoring Capability Pack Skill side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.
| Field | Privacy and Safety Notes Authoring Capability Pack Skill Expert capability pack for drafting accurate safetyNotes and privacyNotes on HeyClaude hooks, MCP servers, skills, commands, and statuslines using CONTRIBUTING.md disclosure requirements and submission examples. Open dossier | README Catalog Integrity Review Capability Pack Skill Expert README and catalog integrity review capability pack for validating generated README tables against raw content files, slug consistency, broken links, duplicate entries, and source URL reachability before merge. Open dossier | Claude Agent SDK MCP Integration Capability Pack Skill Expert Claude Agent SDK MCP integration capability pack for designing, reviewing, and rolling out Agent SDK MCP integration with source-backed checklists, production rules, and privacy-safe output contracts. Open dossier | Claude Agent SDK Session Storage Capability Pack Skill Expert Claude Agent SDK session storage capability pack for designing, reviewing, and rolling out Agent SDK session storage with source-backed checklists, production rules, and privacy-safe output contracts. Open dossier |
|---|---|---|---|---|
| Trust | ||||
| Install risk | Review first | Review first | Review first | Review first |
| Notes | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ |
| Category | skills | skills | skills | skills |
| Source | source-backed | source-backed | source-backed | source-backed |
| Author | kiannidev | kiannidev | kiannidev | kiannidev |
| Added | 2026-06-16 | 2026-06-16 | 2026-06-14 | 2026-06-14 |
| Platforms | Claude CodeCodexWindsurfGeminiCursorCLI | Claude CodeCodexWindsurfGeminiCursorCLI | Claude CodeCodexWindsurfGeminiCursorCLI | Claude CodeCodexWindsurfGeminiCursorCLI |
| Source repo | — | — | — | — |
| Safety notes | ✓This skill drafts disclosure text only; it does not execute submitted hooks or MCP servers. Do not paste live secrets into review prompts—use placeholders when illustrating patterns. | ✓Catalog integrity review is read-only analysis; do not auto-merge PRs that edit generated README, workflows, or bulk artifacts unless policy explicitly allows it. Flag entries whose frontmatter URLs redirect to unrelated products, parked pages, or affiliate landings. One-file content PR policy violations often indicate accidental scope creep—surface them before maintainer review. This skill validates integrity; it must not approve catalogs with unreachable canonical sources or unresolved duplicate slugs. | ✓This skill plans Agent SDK MCP integration; it must not execute destructive changes without explicit approval. Browser, computer-use, and remote surfaces can access sensitive UI state; scope tests carefully. MCP and SDK integrations may exfiltrate data if tool scopes are too broad. The public `anthropics/claude-code` repository ships documentation links to code.claude.com for settings, security, and integration surfaces. Scheduled or autonomous workflows compound risk; cap blast radius in staging first. | ✓This skill plans Agent SDK session storage; it must not execute destructive changes without explicit approval. Browser, computer-use, and remote surfaces can access sensitive UI state; scope tests carefully. MCP and SDK integrations may exfiltrate data if tool scopes are too broad. The public `anthropics/claude-code` repository ships documentation links to code.claude.com for settings, security, and integration surfaces. Scheduled or autonomous workflows compound risk; cap blast radius in staging first. |
| Privacy notes | ✓Review prompts may include draft submission text—redact customer or employer identifiers. | ✓Integrity logs may include internal staging URLs or private fork names if reviewers paste raw fetch output. README tables can expose contributor GitHub usernames and submission issue numbers—redact customer-specific fork names in public summaries. Public reports should list pass/fail counts and representative examples, not full HTTP response bodies. | ✓Reviews may expose integration tokens, customer metadata, and internal URLs related to Agent SDK MCP integration. Telemetry and analytics configs can include account emails; redact before sharing externally. Keep troubleshooting logs in internal channels unless explicitly sanitized. Third-party vendors remain outside Anthropic retention policies; document separately. | ✓Reviews may expose integration tokens, customer metadata, and internal URLs related to Agent SDK session storage. Telemetry and analytics configs can include account emails; redact before sharing externally. Keep troubleshooting logs in internal channels unless explicitly sanitized. Third-party vendors remain outside Anthropic retention policies; document separately. |
| Prerequisites |
|
|
|
|
| Install | — | — | — | — |
| Config | — | — | — | — |
| Citations | ||||
| Claim | Unclaimed | Unclaimed | Unclaimed | Unclaimed |
Signals
Loading live community signals…
More like this, weekly
A short, calm digest of reviewed Claude resources. Unsubscribe any time.