OpenSkillIndex← back to search
claude-codesecurity

Claude-skill-registry legal-sanity

Scan code for client project names, proprietary tool references, and legally sensitive content

install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/legal-sanity" ~/.claude/skills/majiayu000-claude-skill-registry-legal-sanity && rm -rf "$T"
manifest: skills/data/legal-sanity/SKILL.md
tags
#legal-compliance#code-scanning#grep#security#automation#regex
source content

Legal Sanity Skill

Version: 1.0.0 Category: Workspace Trigger: Before PRs, after code porting, on demand

Quick Start

# Scan a specific submodule
./scripts/legal/legal-sanity-scan.sh --repo=worldenergydata

# Scan all submodules
./scripts/legal/legal-sanity-scan.sh --all

# Scan only git-changed files (fast mode for PRs)
./scripts/legal/legal-sanity-scan.sh --repo=worldenergydata --diff-only

# JSON output for automation
./scripts/legal/legal-sanity-scan.sh --repo=worldenergydata --json

When to Use

  • After code porting: Any time code is imported from a client project
  • Before PR creation: Automated via pr-manager pre-hooks
  • During cross-review: Runs as a mandatory pre-gate before Codex/Gemini
  • On demand: When adding new deny-list patterns or auditing repos

How It Works

  1. Deny lists define patterns to block:
    • Global: 
      .legal-deny-list.yaml
      (workspace root)
    • Per-project: 
      <submodule>/.legal-deny-list.yaml
  2. Scanner merges both lists and runs 
    rg
    (ripgrep) against the target
  3. Exclusions skip files like 
    .git/
    , 
    *.md
    , 
    *.lock
  4. Exit code: 0 = pass, 1 = block violations found

Deny List Format

version: "1.0"
updated: "2026-02-02"

client_references:
  - pattern: "CLIENT_NAME"
    case_sensitive: true
    description: "Why this is blocked"

proprietary_tools:
  - pattern: "ToolName"
    case_sensitive: false
    description: "Client proprietary tool"

exclusions:
  - ".legal-deny-list.yaml"
  - ".git/"

default_severity: "block"

Execution Checklist

When invoked as a skill:

  1. Identify target scope (specific repo, all repos, or diff-only)
  2. Run the scan script with appropriate flags
  3. If violations found:
    • List each violation with file:line detail
    • Suggest replacement text
    • Block PR creation until resolved
  4. If clean:
    • Report PASS
    • Proceed to next review gate

Output Format

Terminal (default)

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
  Legal Sanity Scanner
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Scanning: worldenergydata
  RESULT: PASS — no violations found
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

JSON (
--json
)

{"repo":"worldenergydata","pattern":"ENIGMA","file":"src/main.py","line":42,"severity":"block"}

Related

  • Rule file: 
    .claude/rules/legal-compliance.md
  • Workflow: 
    .claude/skills/_internal/workflows/legal-sanity-review/SKILL.md
  • Cross-review: 
    .claude/skills/_internal/workflows/cross-review-policy/SKILL.md