π Free agents, skills & packs for Claude Code
One subscription. An army of Claude Code agents.
Website Β· Browse the catalog Β· Getting started Β· npm Β· X
29 production-grade agents, skills, and packs for Claude Code β free, Apache-2.0, install with one command. This is the open free tier of the Vanara catalog (206 items total).
npx vanara install code-reviewer # one agent
npx vanara install security-pack # a pack β expands to all its members
npx vanara doctor # scans your repo, tells you what's worth installingItems land in your project's .claude/ directory and Claude Code picks them up automatically. They run on the Claude subscription you already have β no API keys, nothing metered.
Every item here is a packaged directory, not a single markdown file:
references/β deep, focused reference docs the agent actually reads while workingexamples/β worked examples of the output it should producescripts/β runnable verification checks; a deterministic evals runner keeps the β marks below honest- Memory β agents write lessons to
.claude/memory/as they work your codebase and get sharper over time; commit that folder and your team inherits what one agent learned - Orchestration β the included
vanara-orchestrateskill chains agents into gated pipelines (reproduce β test β patch β review β commit) where nothing advances past a failed gate
β = ships runnable verification checks, currently passing.
| Item | What it does |
|---|---|
api-designer |
For when designing a new HTTP/GraphQL API or changing an existing one β modeling resources, defining endpoint contracts, choosing statusβ¦ β |
code-reviewer |
Runs immediately after writing or modifying code, and before any commit to a shared branch. β |
debugger |
Hypothesis-driven debugging specialist. β |
pr-summarizer |
Runs after a pull request is opened (or updated) to produce a concise, reviewer-friendly summary of the change, its risk areas,β¦ β |
refactoring-specialist |
For when code is hard to change, duplicated, deeply nested, or accumulating tech debt and you want it restructured for clarity WITHOUTβ¦ β |
security-auditor |
Runs before commits/merges and whenever code touches auth, user input, secrets, file paths, DB queries, deserialization, orβ¦ β |
technical-writer |
For when documentation is needed for a feature, tool, API, or system β READMEs, tutorials, how-to guides, references, orβ¦ β |
test-author |
For when adding a feature or fixing a bug β writes tests FIRST (TDD red-green-refactor). β |
threat-modeler |
For when designing a new system or feature, or assessing the attack surface of an existing one. β |
vuln-scanner |
For when scanning a project's dependencies, source, config, and container images for known vulnerabilities (CVEs), risky versions, andβ¦ β |
| Item | What it does |
|---|---|
api-pagination |
Implement correct, fast API pagination β cursor vs offset trade-offs, opaque cursor encoding, stable sort keys, page-size limits,β¦ β |
caching-strategies |
Deep reference for caching β what to cache, cache-aside vs read/write-through/write-behind, TTLs with jitter, eviction (LRU/LFU/FIFO),β¦ β |
conventional-commits |
Write Conventional Commits β the type(scope)!: subject + body + footer spec β so history is readable and changelogs and SemVer bumps can beβ¦ β |
database-migrations |
How to write safe, reversible, zero-downtime database schema migrations β additive-first changes, the expand/migrate/contract pattern,β¦ β |
error-handling-patterns |
How to handle errors explicitly and consistently across an app β validate at boundaries, classify operational vs programmer errors, addβ¦ β |
git-collaboration-workflows |
Run git collaboration that scales β trunk-based vs git-flow decided by deploy cadence, branch protection and required checks, PR sizing andβ¦ β |
owasp-top10 |
A deep prevention reference for the OWASP Top 10 web risks β broken access control, injection, crypto failures, insecure design, SSRF andβ¦ β |
prompt-engineering |
A deep, practical guide to engineering reliable LLM prompts β role/context, instructions, few-shot, structured output, chain-of-thought,β¦ β |
readme-writing |
How to write a README that gets a project understood and running fast β lead with what/why, a 60-second quickstart, then usage, config,β¦ β |
refactoring-patterns |
Improve code structure without changing behavior β the discipline of small, named, test-backed moves. β |
rest-api-design |
Conventions for designing clean, consistent, evolvable REST APIs β resource modeling, HTTP semantics, status codes, pagination, filtering,β¦ β |
secrets-management |
Handle secrets safely across the lifecycle β keep them out of source, load from env or a secret manager, scope to least privilege, encryptβ¦ β |
secure-auth |
Implement authentication securely β authentication vs authorization, password hashing (argon2id/bcrypt), sessions vs JWT (storage, expiry,β¦ β |
sql-index-tuning |
Diagnose slow SQL queries and add the right indexes without over-indexing β B-tree mechanics, composite ordering (equality-before-range),β¦ β |
test-plan-design |
How to design a test plan β scope and risk-based prioritization, the test pyramid, case-design techniques (equivalence partitioning,β¦ β |
vanara-orchestrate |
Run a goal end-to-end as a gated pipeline of specialist agents β reproduce β test β patch β review β commit β where nothing advances past aβ¦ β |
vanara-route |
Given a task, find the best-fit installed Vanara agent and run it. β |
| Item | What it does |
|---|---|
code-review-pack |
Review pull requests faster and better β automated first-pass review, PR summaries reviewers can trust, healthy git workflow settings,β¦ |
security-pack |
Build and ship secure software β threat modeling at design time, OWASP code audits, dependency/secret scanning, and secure auth and secretsβ¦ |
Every item is plain files in the Claude Code layout β copy them in directly if you prefer:
# an agent: one .md (plus its support folder) into .claude/agents/
cp -r agents/code-reviewer/AGENT.md your-project/.claude/agents/code-reviewer.md
# a skill: the whole directory into .claude/skills/
cp -r skills/rest-api-design your-project/.claude/skills/The vanara CLI just automates this, tracks versions in .vanara.json, and adds doctor, update, report, and memory on top.
This repo is 29 of 206 items β the rest (63 more agents, 80 more skills, 34 more packs, across 28 fields) are in Vanara Pro at $10/mo: one subscription, everything installable, continuous updates, same no-API-keys model.
npx vanara list # browse everything
npx vanara unlock <key> # after subscribing at vanaraagents.comMissing a specialist? Log it in one line β it goes on the roadmap:
npx vanara request "a Kafka consumer-lag alerting agent"Issues and PRs to the free-tier items are welcome β see CONTRIBUTING.md for the item anatomy and rules. And every item here is a template: CUSTOMIZING.md shows how to fork an agent for your own stack in about 2 minutes.
Apache-2.0 β these 29 items are free to use, modify, and redistribute. The premium catalog is licensed separately.
