Scancode License Analysis Tool for MCP

Overview Schema Related Servers Score Discussions

Summarize License Risks

mcp_ScancodeMCP_summarize_license_risks

Identify high-risk licenses in software code and summarize legal compliance issues for each license type to assess potential vulnerabilities.

Instructions

Lists all files with high-risk/problematic licenses and provides a legal risk summary for each license type.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`random_string`	No	Dummy parameter for no-parameter tools

Implementation Reference

index.ts:112-122 (handler)

The main handler function for the 'mcp_ScancodeMCP_summarize_license_risks' tool. It checks for license data, builds a risk map of licenses to files, generates a summary report for each license using legal summaries, and returns markdown content.

async ({ random_string }) => {
  if (!licenseData?.problematic_licenses) {
    return { content: [{ type: "text", text: "License data not loaded or no problematic licenses found." }] };
  }
  const riskMap: Record<string, Set<string>> = buildRiskMap();
  let report = 'Summary of High-Risk/Problematic Licenses and Files:\n';
  for (const lic in riskMap) {
    report += `\nLicense: ${lic}\nFiles: ${Array.from(riskMap?.[lic] ?? []).join('; ')}\n`;
    report += await legalSummaryForLicense(lic, true);
  }
  return { content: [{ type: "text", text: report }] };

index.ts:107-111 (schema)

Input schema and metadata (title, description) for the tool registration.

{
  title: "Summarize License Risks",
  description: "Lists all files with high-risk/problematic licenses and provides a legal risk summary for each license type.",
  inputSchema: { random_string: z.string().describe("Dummy parameter for no-parameter tools").optional() },
},

index.ts:105-124 (registration)

The server.registerTool call that registers the 'mcp_ScancodeMCP_summarize_license_risks' tool with its schema and inline handler function.

server.registerTool(
  "mcp_ScancodeMCP_summarize_license_risks",
  {
    title: "Summarize License Risks",
    description: "Lists all files with high-risk/problematic licenses and provides a legal risk summary for each license type.",
    inputSchema: { random_string: z.string().describe("Dummy parameter for no-parameter tools").optional() },
  },
  async ({ random_string }) => {
    if (!licenseData?.problematic_licenses) {
      return { content: [{ type: "text", text: "License data not loaded or no problematic licenses found." }] };
    }
    const riskMap: Record<string, Set<string>> = buildRiskMap();
    let report = 'Summary of High-Risk/Problematic Licenses and Files:\n';
    for (const lic in riskMap) {
      report += `\nLicense: ${lic}\nFiles: ${Array.from(riskMap?.[lic] ?? []).join('; ')}\n`;
      report += await legalSummaryForLicense(lic, true);
    }
    return { content: [{ type: "text", text: report }] };
  }
);

index.ts:126-135 (helper)

Helper function called by the handler to aggregate files per license type from the problematic_licenses data.

function buildRiskMap(): Record<string, Set<string>> {
  const riskMap: Record<string, Set<string>> = {};
  for (const category in licenseData?.problematic_licenses ?? {}) {
    for (const item of licenseData?.problematic_licenses?.[category] ?? []) {
      if (!riskMap[item.name]) riskMap[item.name] = new Set();
      riskMap[item.name].add(item.file);
    }
  }
  return riskMap;
}

index.ts:196-253 (helper)

Helper function that provides legal summaries for licenses, used by the handler to append risk explanations. Contains a lookup table of license summaries.

async function legalSummaryForLicense(licenseName: string, short = false): Promise<string> {
  // This is a simplified legal expert system for demo purposes
  const name = licenseName.toLowerCase();

  const licenseSummaries: { [key: string]: { short: string; long: string } } = {
    "mit": {
      short: "MIT: Permissive, allows reuse/modification, requires attribution, disclaims warranties. Low risk.",
      long: `Type: Permissive\nGrant: Broad rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies.\nObligations: Must include original copyright and license.\nWarranty: Disclaimed.\nIndemnity: None.\nCompatibility: Compatible with most open and closed licenses.\nRisks: Minimal.\nCommercial Use: Safe.\n`
    },
    "gpl": {
      short: "GPL: Copyleft, requires derivatives to be GPL, viral effect, not business-friendly for closed source.",
      long: `Type: Copyleft\nGrant: Use, copy, modify, distribute.\nObligations: Derivatives must be GPL, source code disclosure required.\nWarranty: Disclaimed.\nIndemnity: None.\nCompatibility: Incompatible with most closed/proprietary licenses.\nRisks: Viral obligations, business model conflict.\nCommercial Use: Risky for proprietary.\n`
    },
    "lgpl": {
      short: "LGPL: Weak copyleft, allows dynamic linking, but modifications to LGPL code must be open.",
      long: `Type: Weak Copyleft\nGrant: Use, copy, modify, distribute.\nObligations: Modifications to LGPL code must be LGPL, dynamic linking allowed.\nWarranty: Disclaimed.\nIndemnity: None.\nCompatibility: More compatible than GPL, but still viral for modifications.\nRisks: Linking confusion.\nCommercial Use: Moderate risk.\n`
    },
    "bsd": {
      short: "BSD: Permissive, minimal restrictions, requires attribution.",
      long: `Type: Permissive\nGrant: Use, copy, modify, distribute.\nObligations: Attribution, sometimes no endorsement.\nWarranty: Disclaimed.\nIndemnity: None.\nCompatibility: High.\nRisks: Minimal.\nCommercial Use: Safe.\n`
    },
    "apache": {
      short: "Apache: Permissive, explicit patent grant, requires NOTICE file.",
      long: `Type: Permissive\nGrant: Use, copy, modify, distribute.\nObligations: Attribution, NOTICE file, patent grant.\nWarranty: Disclaimed.\nIndemnity: None.\nCompatibility: High, but not with GPLv2.\nRisks: Patent termination.\nCommercial Use: Safe.\n`
    },
    "proprietary": {
      short: "Proprietary: Custom terms, usually restricts use, modification, redistribution. High legal risk.",
      long: `Type: Proprietary\nGrant: Limited, as specified.\nObligations: As specified, often strict.\nWarranty: Varies.\nIndemnity: Varies.\nCompatibility: Usually incompatible with open source.\nRisks: High, custom terms.\nCommercial Use: Review required.\n`
    },
    "unknown": {
      short: "Unknown: No license detected, all rights reserved by default. Cannot use, modify, or distribute.",
      long: `Type: Unknown\nGrant: None.\nObligations: Cannot use, modify, or distribute.\nWarranty: None.\nIndemnity: None.\nCompatibility: None.\nRisks: Maximum.\nCommercial Use: Forbidden.\n`
    },
    "cc-by": {
      short: "CC-BY: Attribution required, otherwise permissive.",
      long: `Type: Permissive (Creative Commons)\nGrant: Use, share, adapt.\nObligations: Attribution.\nWarranty: Disclaimed.\nIndemnity: None.\nCompatibility: Not for software.\nRisks: License scope confusion.\nCommercial Use: Allowed.\n`
    },
    "public-domain": {
      short: "Public Domain: No rights reserved, free to use.",
      long: `Type: Public Domain\nGrant: Unrestricted.\nObligations: None.\nWarranty: None.\nIndemnity: None.\nCompatibility: Universal.\nRisks: None.\nCommercial Use: Safe.\n`
    },
    "default": {
      short: `Custom/Unknown: Legal review required. High risk of non-compliance or business conflict.`,
      long: `Type: Custom/Unknown\nGrant: Unclear.\nObligations: Unclear.\nWarranty: Unclear.\nIndemnity: Unclear.\nCompatibility: Unclear.\nRisks: High.\nCommercial Use: Not recommended without legal review.\n`
    }
  };

  for (const key in licenseSummaries) {
    if (name.includes(key)) {
      const summary = licenseSummaries[key];
      return short ? summary.short : summary.long;
    }
  }

  // Fallback for custom/complex/unknown if no match found
  const defaultSummary = licenseSummaries["default"];
  return short ? defaultSummary.short : defaultSummary.long;
}

Tool Definition Quality

B3.4/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden of behavioral disclosure. It states the tool lists files and provides summaries, but does not cover critical aspects like whether it requires prior analysis, how it determines 'high-risk/problematic' licenses, output format, or potential side effects. For a tool with no annotation coverage, this leaves significant gaps in understanding its behavior.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence that front-loads the core functionality ('Lists all files with high-risk/problematic licenses') and adds the summary aspect. Every word contributes directly to understanding the tool's purpose without redundancy or unnecessary detail.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given no annotations, no output schema, and a tool that likely produces complex data (license risk summaries), the description is incomplete. It lacks details on output structure, how risks are assessed, or dependencies on other tools. For a risk analysis tool with rich context needs, this minimal description does not provide sufficient completeness for effective agent use.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The input schema has 1 parameter with 100% description coverage, but it's a dummy parameter ('random_string') for a no-parameter tool. The description correctly implies no meaningful parameters are needed by not mentioning any, adding value beyond the schema by clarifying the tool's parameter-free nature. Baseline is 3 for high schema coverage, but the description compensates by aligning with the tool's actual usage.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose with specific verbs ('Lists all files with high-risk/problematic licenses' and 'provides a legal risk summary for each license type'), distinguishing it from siblings like 'list_high_risk_files' by adding the summary component. It explicitly identifies the resource (files with problematic licenses) and the action (list and summarize).

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It does not mention prerequisites, context, or compare to sibling tools like 'list_high_risk_files' (which may only list without summarizing) or 'analyze_license_file' (which might focus on individual files). Usage is implied but not explicitly stated.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/bivex/scancodeMCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server