Scancode License Analysis Tool for MCP

Overview Schema Related Servers Score Discussions

List High-Risk Files

mcp_ScancodeMCP_list_high_risk_files

Identify files with copyleft, unknown, or commercial-unfriendly licenses to address compliance risks and legal warnings.

Instructions

Lists all files with copyleft, unknown, or commercial-unfriendly licenses, with a legal warning for each.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`random_string`	No	Dummy parameter for no-parameter tools

Implementation Reference

index.ts:162-176 (handler)

The handler function that implements the tool logic: checks if license data is loaded, defines high-risk categories, iterates over them to build a report listing files with their licenses and short legal summaries, and returns the report as content.

async ({ random_string }) => {
  if (!licenseData?.problematic_licenses) {
    return { content: [{ type: "text", text: "License data not loaded or no problematic licenses found." }] };
  }
  const highRiskCats = ["copyleft", "unknown", "commercial_unfriendly", "gpl", "agpl"];
  let report = 'High-Risk Files (copyleft, unknown, commercial-unfriendly):\n';
  for (const cat of highRiskCats) {
    if (!licenseData.problematic_licenses[cat]) continue;
    for (const item of licenseData.problematic_licenses[cat]) {
      report += `\nFile: ${item.file}\nLicense: ${item.name}\n`;
      report += await legalSummaryForLicense(item.name, true);
    }
  }
  return { content: [{ type: "text", text: report }] };
}

index.ts:157-161 (schema)

The tool's metadata including title, description, and input schema (a dummy optional string since no real params needed).

{
  title: "List High-Risk Files",
  description: "Lists all files with copyleft, unknown, or commercial-unfriendly licenses, with a legal warning for each.",
  inputSchema: { random_string: z.string().describe("Dummy parameter for no-parameter tools").optional() },
},

index.ts:155-177 (registration)

The server.registerTool call that registers the tool with its name, schema/metadata, and handler function.

server.registerTool(
  "mcp_ScancodeMCP_list_high_risk_files",
  {
    title: "List High-Risk Files",
    description: "Lists all files with copyleft, unknown, or commercial-unfriendly licenses, with a legal warning for each.",
    inputSchema: { random_string: z.string().describe("Dummy parameter for no-parameter tools").optional() },
  },
  async ({ random_string }) => {
    if (!licenseData?.problematic_licenses) {
      return { content: [{ type: "text", text: "License data not loaded or no problematic licenses found." }] };
    }
    const highRiskCats = ["copyleft", "unknown", "commercial_unfriendly", "gpl", "agpl"];
    let report = 'High-Risk Files (copyleft, unknown, commercial-unfriendly):\n';
    for (const cat of highRiskCats) {
      if (!licenseData.problematic_licenses[cat]) continue;
      for (const item of licenseData.problematic_licenses[cat]) {
        report += `\nFile: ${item.file}\nLicense: ${item.name}\n`;
        report += await legalSummaryForLicense(item.name, true);
      }
    }
    return { content: [{ type: "text", text: report }] };
  }
);

index.ts:196-253 (helper)

Helper function that provides short or long legal summaries for licenses based on a predefined map, used in the handler to append warnings for each high-risk license.

async function legalSummaryForLicense(licenseName: string, short = false): Promise<string> {
  // This is a simplified legal expert system for demo purposes
  const name = licenseName.toLowerCase();

  const licenseSummaries: { [key: string]: { short: string; long: string } } = {
    "mit": {
      short: "MIT: Permissive, allows reuse/modification, requires attribution, disclaims warranties. Low risk.",
      long: `Type: Permissive\nGrant: Broad rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies.\nObligations: Must include original copyright and license.\nWarranty: Disclaimed.\nIndemnity: None.\nCompatibility: Compatible with most open and closed licenses.\nRisks: Minimal.\nCommercial Use: Safe.\n`
    },
    "gpl": {
      short: "GPL: Copyleft, requires derivatives to be GPL, viral effect, not business-friendly for closed source.",
      long: `Type: Copyleft\nGrant: Use, copy, modify, distribute.\nObligations: Derivatives must be GPL, source code disclosure required.\nWarranty: Disclaimed.\nIndemnity: None.\nCompatibility: Incompatible with most closed/proprietary licenses.\nRisks: Viral obligations, business model conflict.\nCommercial Use: Risky for proprietary.\n`
    },
    "lgpl": {
      short: "LGPL: Weak copyleft, allows dynamic linking, but modifications to LGPL code must be open.",
      long: `Type: Weak Copyleft\nGrant: Use, copy, modify, distribute.\nObligations: Modifications to LGPL code must be LGPL, dynamic linking allowed.\nWarranty: Disclaimed.\nIndemnity: None.\nCompatibility: More compatible than GPL, but still viral for modifications.\nRisks: Linking confusion.\nCommercial Use: Moderate risk.\n`
    },
    "bsd": {
      short: "BSD: Permissive, minimal restrictions, requires attribution.",
      long: `Type: Permissive\nGrant: Use, copy, modify, distribute.\nObligations: Attribution, sometimes no endorsement.\nWarranty: Disclaimed.\nIndemnity: None.\nCompatibility: High.\nRisks: Minimal.\nCommercial Use: Safe.\n`
    },
    "apache": {
      short: "Apache: Permissive, explicit patent grant, requires NOTICE file.",
      long: `Type: Permissive\nGrant: Use, copy, modify, distribute.\nObligations: Attribution, NOTICE file, patent grant.\nWarranty: Disclaimed.\nIndemnity: None.\nCompatibility: High, but not with GPLv2.\nRisks: Patent termination.\nCommercial Use: Safe.\n`
    },
    "proprietary": {
      short: "Proprietary: Custom terms, usually restricts use, modification, redistribution. High legal risk.",
      long: `Type: Proprietary\nGrant: Limited, as specified.\nObligations: As specified, often strict.\nWarranty: Varies.\nIndemnity: Varies.\nCompatibility: Usually incompatible with open source.\nRisks: High, custom terms.\nCommercial Use: Review required.\n`
    },
    "unknown": {
      short: "Unknown: No license detected, all rights reserved by default. Cannot use, modify, or distribute.",
      long: `Type: Unknown\nGrant: None.\nObligations: Cannot use, modify, or distribute.\nWarranty: None.\nIndemnity: None.\nCompatibility: None.\nRisks: Maximum.\nCommercial Use: Forbidden.\n`
    },
    "cc-by": {
      short: "CC-BY: Attribution required, otherwise permissive.",
      long: `Type: Permissive (Creative Commons)\nGrant: Use, share, adapt.\nObligations: Attribution.\nWarranty: Disclaimed.\nIndemnity: None.\nCompatibility: Not for software.\nRisks: License scope confusion.\nCommercial Use: Allowed.\n`
    },
    "public-domain": {
      short: "Public Domain: No rights reserved, free to use.",
      long: `Type: Public Domain\nGrant: Unrestricted.\nObligations: None.\nWarranty: None.\nIndemnity: None.\nCompatibility: Universal.\nRisks: None.\nCommercial Use: Safe.\n`
    },
    "default": {
      short: `Custom/Unknown: Legal review required. High risk of non-compliance or business conflict.`,
      long: `Type: Custom/Unknown\nGrant: Unclear.\nObligations: Unclear.\nWarranty: Unclear.\nIndemnity: Unclear.\nCompatibility: Unclear.\nRisks: High.\nCommercial Use: Not recommended without legal review.\n`
    }
  };

  for (const key in licenseSummaries) {
    if (name.includes(key)) {
      const summary = licenseSummaries[key];
      return short ? summary.short : summary.long;
    }
  }

  // Fallback for custom/complex/unknown if no match found
  const defaultSummary = licenseSummaries["default"];
  return short ? defaultSummary.short : defaultSummary.long;
}

Tool Definition Quality

A3.7/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden. It mentions 'legal warning for each' as a behavioral trait, but does not disclose other important aspects such as whether this is a read-only operation, potential performance impacts, data sources, or error handling. For a tool with no annotation coverage, this leaves significant gaps in understanding its behavior.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence that front-loads the core functionality ('Lists all files with...') and includes the key detail about legal warnings. There is no wasted text, and it effectively communicates the tool's purpose in a compact form.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (listing files with risk filtering) and lack of annotations and output schema, the description is moderately complete. It covers what the tool does and includes an output feature (legal warnings), but does not address return format, pagination, or error cases. It meets minimum viability but has clear gaps for a tool with no structured support.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The input schema has 1 parameter with 100% coverage, but it's a dummy parameter ('random_string') for no-parameter tools. The description correctly indicates no meaningful parameters by not mentioning any, adding value beyond the schema by implying the tool operates without user inputs. This compensates well for the dummy parameter setup.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the specific action ('Lists all files') with precise criteria ('with copyleft, unknown, or commercial-unfriendly licenses') and includes an additional output feature ('with a legal warning for each'). It distinguishes itself from siblings like 'analyze_license_file' or 'summarize_license_risks' by focusing on file listing with risk filtering rather than analysis or summarization.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description implies usage when identifying high-risk files based on license types, but does not explicitly state when to use this tool versus alternatives like 'summarize_license_risks' or provide exclusions. It offers some context but lacks clear guidance on prerequisites or specific scenarios.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/bivex/scancodeMCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server