license-compliance-auditor
License Compliance Auditor
Purpose and Intent
The license-compliance-auditor ensures that software projects remain legally compliant by automatically verifying that all direct and transitive dependencies use licenses approved by the organization.
When to Use
- Dependency Onboarding: Run when adding a new library to a project.
- CI/CD Gates: Use as a blocking step in pipelines to prevent merging code with non-compliant licenses (e.g., preventing GPL in a proprietary product).
- Release Preparation: Audit the entire dependency tree before a major release.
When NOT to Use
- Legal Advice: This tool provides technical checks based on metadata; it does not replace professional legal counsel.
- Custom Licenses: It may struggle with proprietary or highly customized license text not found in SPDX registries.
Error Conditions and Edge Cases
- Missing Metadata: If a package doesn't define a license in its manifest, it will be flagged as "Unknown".
- Dual Licensing: Packages with multiple licenses (e.g., "MIT OR GPL") will require manual review.
- Unsupported Ecosystems: Attempting to run on a language not supported by the
ecosysteminput will fail.
More from jorgealves/agent_skills
python-security-scanner
Detect common Python vulnerabilities such as SQL injection, unsafe deserialization, and hardcoded secrets. Use as part of a secure SDLC for Python projects.
191gdpr-ccpa-privacy-auditor
Audits web applications to ensure declared privacy policies match actual technical data collection practices. Use to identify discrepancies in cookie usage, tracking scripts, and user data handling.
159prompt-injection-scanner
Audits agent skill instructions and system prompts for vulnerabilities to prompt hijacking and indirect injection. Use when designing new agent skills or before deploying agents to public environments where users provide untrusted input.
157pii-sanitizer
Detects and redacts Personally Identifiable Information (PII) like emails, phone numbers, and credit cards. Use when cleaning logs, datasets, or communications to comply with GDPR/CCPA privacy standards.
135hipaa-compliance-guard
Audits HealthTech applications for HIPAA technical safeguards like encryption and audit logging. Use when reviewing healthcare infrastructure or ensuring PHI is handled according to legal security standards.
133documentation-generator
Analyzes source code to automatically generate technical documentation and architecture diagrams. Use to maintain up-to-date API references and onboarding materials for engineering teams.
131