Summary
This scans your project dependencies and flags anything that doesn't match your approved license whitelist. You'd typically wire it into CI/CD as a blocking check to catch GPL creeping into proprietary code, or run it before releases to avoid legal surprises. It handles the tedious work of checking transitive dependencies across different package ecosystems. The main limitation is it can't replace actual legal review, especially for dual-licensed packages or custom license text that isn't in SPDX registries. It's read-only and doesn't touch your code, just parses manifest files to pull license metadata.
Install to Claude Code
npx -y skills add jorgealves/agent_skills --skill license-compliance-auditor --agent claude-codeInstalls into .claude/skills of the current project.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Files
SKILL.mdView on GitHub
License Compliance Auditor
Purpose and Intent
The license-compliance-auditor ensures that software projects remain legally compliant by automatically verifying that all direct and transitive dependencies use licenses approved by the organization.
When to Use
- Dependency Onboarding: Run when adding a new library to a project.
- CI/CD Gates: Use as a blocking step in pipelines to prevent merging code with non-compliant licenses (e.g., preventing GPL in a proprietary product).
- Release Preparation: Audit the entire dependency tree before a major release.
When NOT to Use
- Legal Advice: This tool provides technical checks based on metadata; it does not replace professional legal counsel.
- Custom Licenses: It may struggle with proprietary or highly customized license text not found in SPDX registries.
Error Conditions and Edge Cases
- Missing Metadata: If a package doesn't define a license in its manifest, it will be flagged as "Unknown".
- Dual Licensing: Packages with multiple licenses (e.g., "MIT OR GPL") will require manual review.
- Unsupported Ecosystems: Attempting to run on a language not supported by the
ecosysteminput will fail.
Security and Data-Handling Considerations
- ReadOnly: The tool only reads manifest files.
- Privacy: No source code is uploaded; only package names and versions are used to check license registries.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
