Vet the fine print a star count hides: real license and a gate on dual-use tools
Before you build on a starred repo, record its actual license (not an assumed permissive one) and whether it is dual-use, so a custom license or an impersonation risk never surprises you after you have shipped.
Run this workflow
CI-verified, 2/2 fixtures passing.
Build this with your agent
One copy-paste hands Claude Code, Codex, or Cursor the full recipe, steps included, nothing to fetch.
Intended Use
Anyone about to build on an open-source AI repo. CI validates a dependency manifest: each dep states a real license (not one containing 'assume'), any license outside MIT/Apache/BSD is explicitly marked reviewed: true, and every dep flagged dual_use carries a non-empty authorization gate (consent, permission, or authorized-use only). No install, no network. Judging whether a tool fits your use is fenced.
Not for
- Assuming permissive defaults, a popular repo can carry a custom or copyleft license; MinerU's custom license and AGPL are exactly the traps this catches
- Trusting a repo name, Anthropic-Cybersecurity-Skills is a community project, not official Anthropic; verify affiliation, do not infer it from the title
- Shipping dual-use capability without consent, voice or site cloning without permission is impersonation and IP infringement, and offensive security tooling against systems you do not own is illegal
The Stack
Tested Against
github.com/opendatalab/MinerU (license verified 2026-07)node@20Side effects & data flow
- Network
- none, local only
- Writes
- ./dependencies.json
- Credentials
- none required
Prerequisites
- The actual license and dual-use posture of each dependency (read the repo, do not assume)
Steps
- 1
Write the dependency manifest and vet it
For each repo you plan to build on, record its real license, its license family, and whether it is dual-use (with the authorization rule if so). CI checks you did not assume a license, that non-standard licenses are marked reviewed, and that every dual-use tool has an authorization gate. Deciding if a tool fits your use is fenced.
cat > dependencies.json <<'JSON' { "dependencies": [ { "name": "MinerU", "license": "MinerU Open Source License", "license_family": "custom", "reviewed": true, "dual_use": false }, { "name": "voicebox", "license": "open (verify on repo)", "license_family": "unknown", "reviewed": true, "dual_use": true, "authorization": "clone only voices you have consent to use" }, { "name": "ai-website-cloner-template", "license": "open (verify on repo)", "license_family": "unknown", "reviewed": true, "dual_use": true, "authorization": "clone only sites you own or have permission to copy" }, { "name": "Anthropic-Cybersecurity-Skills", "license": "Apache-2.0", "license_family": "apache", "dual_use": true, "authorization": "authorized blue-team or lab use only; offensive use against systems you do not own is illegal" }, { "name": "agent-native", "license": "open (verify on repo)", "license_family": "unknown", "reviewed": true, "dual_use": false } ] } JSON node -e ' const fs = require("fs"); const c = JSON.parse(fs.readFileSync("dependencies.json", "utf8")); function bad(m) { console.error("BAD: " + m); process.exit(1); } const deps = c.dependencies || []; if (deps.length < 1) bad("list at least one dependency"); const STD = ["mit", "apache", "bsd"]; let reviewed = 0, dualGated = 0; for (const d of deps) { if (!d.name) bad("each dependency needs a name"); const lic = String(d.license || ""); if (!lic || lic.toLowerCase().indexOf("assume") !== -1) bad(d.name + " must state its real license, not an assumed one"); const fam = String(d.license_family || "").toLowerCase(); if (STD.indexOf(fam) === -1) { if (d.reviewed !== true) bad(d.name + " has a non-standard license; set reviewed: true once you have read the terms"); reviewed++; } if (d.dual_use === true) { if (!d.authorization || String(d.authorization).length < 5) bad(d.name + " is dual-use; declare an authorization gate (consent, permission, or authorized-use only)"); dualGated++; } } console.log("deps OK: " + deps.length + " dependency(ies) vetted; " + reviewed + " with non-standard licenses reviewed, " + dualGated + " dual-use tools each carry an authorization gate"); ' - 2
Decide if each tool fits your use (the judgement step, not checked by CI)
With the license and dual-use facts written down, decide per tool: is the license compatible with what you are shipping, and can you meet the authorization requirement for the dual-use ones? Keep the sensitive ones in an authorized, consented, lab context. The judgement is fenced.
Eval, 2 fixtures
Last passed: verified todayvet-okcontainstimeout 30s · max $0Expected:
deps OK: 5 dependency(ies) vetted; 4 with non-standard licenses reviewed, 3 dual-use tools each carry an authorization gateclean-exitexit_codetimeout 30s · max $0Expected:
0
Results
A star count says a project is popular, not that it is safe to build on. Two kinds of fine print hide behind it: license (MinerU moved off AGPL to a custom license; a repo named Anthropic-Cybersecurity-Skills is actually a community project, not official) and dual-use (voice cloning, site cloning, and offensive security skills are the same capabilities that power fraud, spoofing, and illegal intrusion). This check makes you write both down before you depend on the thing.
Did this work for you?
Our CI checks the setup runs. You tell us if the whole thing worked. Tell us straight.
Related workflows
Liked this workflow?
Get new verified workflows in WebAfterAI, three issues a week (Tue, Thu, Sat).