Audit dependency licenses to detect copyleft, unknown, or non-OSI-approved licenses. Essential for compliance in enterprise MCP servers.
Audit dependency licenses: copyleft (GPL, AGPL), unknown/missing licenses, non-OSI-approved licenses. Important for MCP servers in enterprise environments.
| Name | Required | Description | Default |
|---|---|---|---|
| path | Yes | Project directory with node_modules |
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
No annotations are provided, so the description must disclose behavioral traits. It specifies what is audited (copyleft, unknown, non-OSI licenses) but does not indicate whether the tool is read-only, modifies anything, requires network access, or has side effects. This gap is significant given the lack of annotations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two sentences are concise and front-loaded with the main action. Every sentence adds value; no filler or redundancy.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
For a simple tool with one parameter and no output schema, the description gives the audit categories but does not explain the output format or what the user should expect as a result. It is minimally adequate but could be more complete.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100% (one parameter 'path' with description). The description does not add meaning beyond the schema, so baseline 3 is appropriate. No param details are missing.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
Description clearly states the tool audits dependency licenses, specifically copyleft, unknown, and non-OSI-approved licenses. This distinguishes it from sibling tools like dep_check_deprecated or dep_check_typosquatting, making purpose explicit and unique.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Description mentions it's important for MCP servers in enterprise environments, implying context but not explicitly stating when to use this versus alternatives. No exclusions or when-not-to-use guidance is provided.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/badchars/mcp-security-scanner'
If you have feedback or need assistance with the MCP directory API, please join our Discord server