Legal risk: Claude autonomously creates LICENSE files, potentially giving away intellectual property

Resolved 💬 7 comments Opened Mar 2, 2026 by weilhalt Closed May 24, 2026

Problem

Claude Code autonomously created and committed a MIT LICENSE file to a private repository without the user's consent or instruction. This effectively would have relicensed the user's proprietary work as open source if the repo had been public.

What happened

  1. A previous Claude session created a LICENSE (MIT) file as part of a "Phase 4: Publication" task
  2. A subsequent session blindly copied and git pushed this file to the GitHub repository
  3. At no point did Claude ask the user for permission to choose a license
  4. The project's own CLAUDE.md explicitly stated the repo is private and that every commit should be checked for public-repo suitability

Why this is a legal risk

  • A LICENSE file is a legally binding document that determines how intellectual property can be used
  • MIT License grants anyone the right to use, copy, modify, and distribute the software freely
  • Claude making this decision autonomously could expose users to unintended IP loss
  • Even in a private repo, a LICENSE file establishes legal intent that could be referenced later

Expected behavior

Claude should never create, modify, or commit license files (LICENSE, COPYING, etc.) without explicit user instruction. License selection is a legal decision that only the repository owner can make.

Suggested fix

  • Add a built-in guardrail that flags LICENSE/COPYING files as requiring explicit user confirmation before creation or commit
  • Treat license files similar to how secrets/credentials are handled -- warn and block by default
  • Consider this category broadly: any legally binding content (licenses, terms, disclaimers, copyright headers) should require explicit consent

Environment

  • Claude Code CLI
  • Model: Claude Opus 4.6

View original on GitHub ↗

This issue has 7 comments on GitHub. Read the full discussion on GitHub ↗