:: About ::

WHY CLDKIT EXISTS

Review Claude Code skills with evidence from prior tests before you install.

The Problem

SKILL SELECTION NEEDS BETTER SIGNALS

Claude Code and Codex have hundreds of community skills and MCP servers. Many live across GitHub with uneven review information. Before installing, it can be difficult to judge permissions, runtime behavior, and maintenance status.

CldKit adds those signals through reviews and sandbox run records. Each recommended component is tested first, so you can try it live, compare options, and decide whether to install.

Vision

MAKE AGENT TOOLS TRUSTWORTHY

Agent tooling should feel more like choosing a reviewed dependency. CldKit exists to turn scattered Skills and MCP servers into evidence-backed decision information.

Evidence first

We prefer runtime traces, repo metadata, and review notes over vague popularity claims.

Clear boundaries

A sandbox result is signal, not a blanket safety guarantee. We say what was tested and what was not.

Freshness matters

Skills drift. Versions, repo activity, and audit age are tracked so old reviews do not look current.

How It Works

AGENT + SANDBOX

Curator Agent

Reads every component, scores it across three axes, and answers your questions about which one fits your stack.

Live Sandbox

Run any Try Live skill in an isolated environment. See the actual output before you trust it with your project credentials.

Review Layer

Combines automated checks, sandbox behavior, version freshness, and human judgment before a component is presented as recommended.

Review Methodology

HOW WE TURN A REPO INTO A DECISION

Scores are a compact summary of review evidence. Open the dimensions below to see what they mean, how the sandbox is used, and where our claims stop.

35 pts

Security risk is scored before convenience.

Security

Token handling, network calls, dependency hygiene, prompt injection surface.

What we check

Looks for token exposure, suspicious network behavior, and unsafe install patterns.

Flags dependency and package risks that could matter inside an agent workflow.

Treats prompt injection and hidden instruction surfaces as real security concerns.

Trust & security

Data handling

Public catalog pages are visible to everyone. User conversations, submissions, and account data are used to operate CldKit and improve review quality.

Sandbox isolation

Sandbox sessions are designed to separate test runs from your local project. Isolation limits the scope of impact, but it is still a test environment with defined boundaries.

API key risk

Treat every MCP or Skill as code that may touch credentials. Prefer scoped, revocable, low-privilege tokens and avoid pasting production secrets into demos.

Vulnerability reports

If you find a security issue, unsafe component, inaccurate score, or takedown concern, send the details to our contact email and we will review it.

Send review feedback

Pick what kind of evidence you have. The email subject will be prepared so reports arrive with the right context.

Selected feedback type: Request score review

Email CldKit

Inventory

SMALL ON PURPOSE

We prefer listing 100 components we have run and reviewed over 10,000 unverified links. If a skill is not here yet, it may still be in the queue or may not have passed review. Submissions are open.

Contact

GET IN TOUCH

Questions, corrections, takedown requests, or score review requests? Email hi@cldkit.com.

SUBMIT A COMPONENT BROWSE COMPONENTS