ReddRadar
Agent skill
license-compliance-checker
Automated license compliance verification for dependencies to ensure legal compliance during migration
Install this agent skill to your Project
npx add-skill https://github.com/a5c-ai/babysitter/tree/main/library/specializations/code-migration-modernization/skills/license-compliance-checker
SKILL.md
License Compliance Checker Skill
Automated verification of license compliance across all project dependencies to ensure legal compliance during migration activities.
Purpose
Enable comprehensive license compliance checking for:
- Dependency license identification
- Compatibility verification
- Copyleft license flagging
- Attribution requirement tracking
- Policy enforcement
Capabilities
1. License Identification
- Extract licenses from dependencies
- Parse SPDX identifiers
- Detect custom licenses
- Handle multi-license packages
2. Compatibility Checking
- Verify license compatibility
- Check against project license
- Identify conflicting licenses
- Map dependency license chains
3. Copyleft License Flagging
- Detect GPL/AGPL licenses
- Identify viral clauses
- Flag distribution implications
- Alert on copyleft in proprietary projects
4. Attribution Requirement Tracking
- Collect NOTICE requirements
- Track attribution obligations
- Generate attribution documents
- Monitor compliance completeness
5. Policy Enforcement
- Define allowed/blocked licenses
- Enforce organizational policies
- Generate compliance reports
- Track policy violations
6. Compliance Report Generation
- Create audit-ready reports
- Generate SBOM with licenses
- Produce attribution files
- Export compliance evidence
Tool Integrations
| Tool | Purpose | Integration Method |
|---|---|---|
| FOSSA | Full compliance platform | API |
| WhiteSource | License scanning | API |
| Black Duck | Comprehensive analysis | API |
| license-checker | npm license checking | CLI |
| licensee | License detection | CLI |
| go-licenses | Go license checking | CLI |
| pip-licenses | Python license checking | CLI |
Output Schema
{
"analysisId": "string",
"timestamp": "ISO8601",
"projectLicense": "string",
"dependencies": [
{
"name": "string",
"version": "string",
"license": "string",
"spdxId": "string",
"compatible": "boolean",
"attributionRequired": "boolean",
"riskLevel": "high|medium|low|none"
}
],
"compliance": {
"status": "compliant|non-compliant|review-required",
"violations": [],
"warnings": [],
"attributionNeeded": []
},
"sbom": {
"format": "SPDX|CycloneDX",
"path": "string"
}
}
Integration with Migration Processes
- dependency-analysis-updates: License verification
- legacy-codebase-assessment: Compliance assessment
Related Skills
dependency-scanner: Dependency discoveryvulnerability-scanner: Security + compliance
Related Agents
dependency-modernization-agent: License-safe updatescompliance-migration-agent: Full compliance
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
a5c-ai/babysitter
gsd-tools
Central utility skill for GSD operations. Provides config parsing, slug generation, timestamps, path operations, and orchestrates calls to other specialized skills. Acts as the unified entry point that the original gsd-tools.cjs provided via its lib/ modules (commands, config, core, init).
a5c-ai/babysitter
model-profile-resolution
Resolve model profile (quality/balanced/budget) at orchestration start and map agents to specific models. Enables cost/quality tradeoffs by selecting appropriate AI models for each agent role.
a5c-ai/babysitter
verification-suite
Plan structure validation, phase completeness checks, reference integrity verification, and artifact existence confirmation. Provides the structured verification layer ensuring GSD artifacts are well-formed and complete.
a5c-ai/babysitter
state-management
STATE.md reading, writing, and field-level updates. Provides cross-session state persistence via .planning/STATE.md with structured fields for current task, completed phases, blockers, decisions, and quick tasks.
a5c-ai/babysitter
git-integration
Git commit patterns, formats, and conventions for GSD methodology. Provides atomic commits per task, structured commit messages, planning file commits, branch management, and milestone tag operations.
a5c-ai/babysitter
frontmatter-parsing
YAML frontmatter parsing and manipulation for .planning/ documents. Provides read, write, update, query, and validation operations on frontmatter blocks in GSD markdown artifacts.
Didn't find tool you were looking for?