skills
Health Uyari
- License — License: Apache-2.0
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 5 GitHub stars
Code Basarisiz
- process.env — Environment variable access in agents/security-auditor/scripts/scan-secrets.mjs
- crypto private key — Private key handling in agents/security-auditor/scripts/scan-secrets.mjs
- Hardcoded secret — Potential hardcoded credential in agents/security-auditor/scripts/scan-secrets.mjs
Permissions Gecti
- Permissions — No dangerous permissions requested
Bu listing icin henuz AI raporu yok.
29 free, verified agents, skills & packs for Claude Code - install with 'npx vanara install <name>'. Apache-2.0. From the Vanara catalog (206 items).
Vanara
🐒 Free agents, skills & packs for Claude Code
One subscription. An army of Claude Code agents.
Website · Browse the catalog · Getting started · npm · X
29 production-grade agents, skills, and packs for Claude Code — free, Apache-2.0, install with one command. This is the open free tier of the Vanara catalog (206 items total).
npx vanara install code-reviewer # one agent
npx vanara install security-pack # a pack — expands to all its members
npx vanara doctor # scans your repo, tells you what's worth installing
Items land in your project's .claude/ directory and Claude Code picks them up automatically. They run on the Claude subscription you already have — no API keys, nothing metered.
Why these aren't one-file prompt dumps
Every item here is a packaged directory, not a single markdown file:
references/— deep, focused reference docs the agent actually reads while workingexamples/— worked examples of the output it should producescripts/— runnable verification checks; every one runs in public CI on each push, andnode scripts/run-checks.mjsruns them all locally. (The full 206-item catalog passes the same runner privately — 163/163 today.)- Memory — agents write lessons to
.claude/memory/as they work your codebase and get sharper over time; commit that folder and your team inherits what one agent learned - Orchestration — the included
vanara-orchestrateskill chains agents into gated pipelines (reproduce → test → patch → review → commit). Precisely: the checks are deterministic scripts, a checkpoint script records every stage's pass/fail to an auditable log, and the pipeline instructions stop the agent at a failed gate
What's in the free tier
✓ = ships runnable verification checks — run in public CI on every push.
Agents (10)
| Item | What it does |
|---|---|
api-designer |
For when designing a new HTTP/GraphQL API or changing an existing one — modeling resources, defining endpoint contracts, choosing status… ✓ |
code-reviewer |
Runs immediately after writing or modifying code, and before any commit to a shared branch. ✓ |
debugger |
Hypothesis-driven debugging specialist. ✓ |
pr-summarizer |
Runs after a pull request is opened (or updated) to produce a concise, reviewer-friendly summary of the change, its risk areas,… ✓ |
refactoring-specialist |
For when code is hard to change, duplicated, deeply nested, or accumulating tech debt and you want it restructured for clarity WITHOUT… ✓ |
security-auditor |
Runs before commits/merges and whenever code touches auth, user input, secrets, file paths, DB queries, deserialization, or… ✓ |
technical-writer |
For when documentation is needed for a feature, tool, API, or system — READMEs, tutorials, how-to guides, references, or… ✓ |
test-author |
For when adding a feature or fixing a bug — writes tests FIRST (TDD red-green-refactor). ✓ |
threat-modeler |
For when designing a new system or feature, or assessing the attack surface of an existing one. ✓ |
vuln-scanner |
For when scanning a project's dependencies, source, config, and container images for known vulnerabilities (CVEs), risky versions, and… ✓ |
Skills (17)
| Item | What it does |
|---|---|
api-pagination |
Implement correct, fast API pagination — cursor vs offset trade-offs, opaque cursor encoding, stable sort keys, page-size limits,… ✓ |
caching-strategies |
Deep reference for caching — what to cache, cache-aside vs read/write-through/write-behind, TTLs with jitter, eviction (LRU/LFU/FIFO),… ✓ |
conventional-commits |
Write Conventional Commits — the type(scope)!: subject + body + footer spec — so history is readable and changelogs and SemVer bumps can be… ✓ |
database-migrations |
How to write safe, reversible, zero-downtime database schema migrations — additive-first changes, the expand/migrate/contract pattern,… ✓ |
error-handling-patterns |
How to handle errors explicitly and consistently across an app — validate at boundaries, classify operational vs programmer errors, add… ✓ |
git-collaboration-workflows |
Run git collaboration that scales — trunk-based vs git-flow decided by deploy cadence, branch protection and required checks, PR sizing and… ✓ |
owasp-top10 |
A deep prevention reference for the OWASP Top 10 web risks — broken access control, injection, crypto failures, insecure design, SSRF and… ✓ |
prompt-engineering |
A deep, practical guide to engineering reliable LLM prompts — role/context, instructions, few-shot, structured output, chain-of-thought,… ✓ |
readme-writing |
How to write a README that gets a project understood and running fast — lead with what/why, a 60-second quickstart, then usage, config,… ✓ |
refactoring-patterns |
Improve code structure without changing behavior — the discipline of small, named, test-backed moves. ✓ |
rest-api-design |
Conventions for designing clean, consistent, evolvable REST APIs — resource modeling, HTTP semantics, status codes, pagination, filtering,… ✓ |
secrets-management |
Handle secrets safely across the lifecycle — keep them out of source, load from env or a secret manager, scope to least privilege, encrypt… ✓ |
secure-auth |
Implement authentication securely — authentication vs authorization, password hashing (argon2id/bcrypt), sessions vs JWT (storage, expiry,… ✓ |
sql-index-tuning |
Diagnose slow SQL queries and add the right indexes without over-indexing — B-tree mechanics, composite ordering (equality-before-range),… ✓ |
test-plan-design |
How to design a test plan — scope and risk-based prioritization, the test pyramid, case-design techniques (equivalence partitioning,… ✓ |
vanara-orchestrate |
Run a goal end-to-end as a gated pipeline of specialist agents — reproduce → test → patch → review → commit — where nothing advances past a… ✓ |
vanara-route |
Given a task, find the best-fit installed Vanara agent and run it. ✓ |
Packs (2)
| Item | What it does |
|---|---|
code-review-pack |
Review pull requests faster and better — automated first-pass review, PR summaries reviewers can trust, healthy git workflow settings,… |
security-pack |
Build and ship secure software — threat modeling at design time, OWASP code audits, dependency/secret scanning, and secure auth and secrets… |
Manual install (no CLI)
Every item is plain files in the Claude Code layout — copy them in directly if you prefer:
# an agent: one .md (plus its support folder) into .claude/agents/
cp -r agents/code-reviewer/AGENT.md your-project/.claude/agents/code-reviewer.md
# a skill: the whole directory into .claude/skills/
cp -r skills/rest-api-design your-project/.claude/skills/
The vanara CLI just automates this, tracks versions in .vanara.json, and adds doctor, update, report, and memory on top.
The full catalog
This repo is 29 of 206 items — the rest (63 more agents, 80 more skills, 34 more packs, across 28 fields) are in Vanara Pro at $10/mo: one subscription, everything installable, continuous updates, same no-API-keys model.
npx vanara list # browse everything
npx vanara unlock <key> # after subscribing at vanaraagents.com
Contributing & requests
Start here: good first issue — scoped, concrete asks (worked examples, new check patterns, stack variants). Each one states exactly what done looks like.
The verify loop is one command — the same one CI runs on every push:
node scripts/run-checks.mjs # all 28 bundled checks; your PR should keep this green
See CONTRIBUTING.md for item anatomy and rules. Every item here is also a template: CUSTOMIZING.md shows how to fork an agent for your own stack in about 2 minutes — and examples/variants/ is where shared forks land, so yours can too.
Missing a specialist? Log it in one line — it goes on the roadmap:
npx vanara request "a Kafka consumer-lag alerting agent"
Merged contributions ship in the npm catalog with credit in the release notes.
License
Apache-2.0 — these 29 items are free to use, modify, and redistribute. The premium catalog is licensed separately.
Yorumlar (0)
Yorum birakmak icin giris yap.
Yorum birakSonuc bulunamadi