Vajra bundles a number of third-party Claude Code skills (installed via scripts/install-skills.sh from bundled-skills/) and builds on prior work. This file credits the original authors and records the licenses.
Auto-compiled from a local scan on 2026-06-25. Verify each entry against the skill's own LICENSE/README before publishing or redistributing. This is attribution, not legal review.
Before you ship: each bundled skill ships its own LICENSE file, keep those intact. Confirm every source actually grants redistribution rights. Prefer permissive (MIT / Apache-2.0) sources. For anything ambiguous, link to it instead of bundling it.
Keep each skill's LICENSE.txt (and any NOTICE) intact when shipping.
canvas-design,frontend-design,theme-factory,web-artifacts-builder,webapp-testing,ui-styling- Source: Anthropic Claude skills (verify the exact upstream repo).
banner-design,brand,design,design-system,slides,ui-styling- Author: claudekit (per SKILL.md frontmatter). Verify repo + license per skill. (Note:
ui-stylingshows both a claudekit/MIT frontmatter and an ApacheLICENSE.txt, reconcile which applies before shipping.)
composition-patterns,react-best-practices,web-design-guidelines- Author: Vercel (per SKILL.md frontmatter), from Vercel's engineering guidelines.
sentry-code-simplifier(based on Anthropic's code-simplifier agent),sentry-gha-security-review(cites StepSecurity research),sentry-security-review,sentry-skill-scanner- Author: Sentry. Verify license per skill.
sentry-security-reviewis based on the OWASP Cheat Sheet Series (CC BY-SA 4.0). Share-alike requires attribution and that derivative works be released under the same license. Confirm compliance, or replace, before redistributing.
autoresearchapplies Karpathy's autoresearch approach. https://github.com/karpathy/autoresearch
- agent-reach, MIT, by Neo Reid (@Panniantong). Used locally for research, not shipped in Vajra. https://github.com/Panniantong/agent-reach
- The upstream tools agent-reach routes to (yt-dlp, Jina Reader, Exa, mcporter, feedparser, etc.) are each their own projects under their own licenses.
- The Vajra harness (routing, campaign engine, verify gate, OS sandbox, Ralph loop, Atman, Cortex fleet) and the
devtool-growthskill are original. - The Mahabharata agent names (Arjuna, Bhima, Karna, Krishna, etc.) are original creative naming.
- Verify each bundled skill's actual LICENSE + author against its own files (this list is a scan, not a legal review).
- Keep every per-skill
LICENSE/NOTICEfile insidebundled-skills/<skill>/. - CC BY-SA items (OWASP-derived
sentry-security-review): comply with attribution + share-alike, or remove/replace. - Apache-2.0 items (Anthropic skills): preserve LICENSE + NOTICE, state changes if you modified them.
- Anything whose redistribution rights you can't confirm: link, don't bundle.
- Not legal advice. When in doubt, read the original repo's license.