Skill

vgv-license-compliance

Audits package dependency licenses in Dart/Flutter projects using Very Good CLI packages_check_licenses tool. Flags non-compliant/unknown licenses and generates compliance reports.

Dart

Flutter

security

code-quality

npx claudepluginhub verygoodopensource/very_good_claude_code_marketplace --plugin vgv-ai-flutter-plugin

Configuration

Model: sonnet

Tool Access

This skill is limited to using the following tools:

Read Glob Grep mcp__very-good-cli__packages_check_licenses

Preview

Dependency license auditor for Dart and Flutter projects — verifies that all package dependencies use licenses compatible with the project's requirements using the Very Good CLI MCP tools.

SKILL.md

Similar Skills

compliance-license-audit

Performs interactive open-source license compliance audits: identifies dependency licenses from manifests like package.json and pyproject.toml, flags risks, detects incompatibilities based on project license and risk tolerance.

ai-compliance

license-compliance

Guides open source license compliance: evaluates dependencies, analyzes compatibility between licenses, tracks obligations, and supports attribution and workflows for distribution.

6 tools

compliance-planning

memstack-business-licensing

307

Scans repository dependencies, vendored code, fonts, and assets for licenses, producing per-package verdicts on commercial use: ready, citation required, needs info, or not allowed.

memstack

Stats

Stars108

Forks0

Last CommitMay 5, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

License Compliance

Dependency license auditor for Dart and Flutter projects — verifies that all package dependencies use licenses compatible with the project's requirements using the Very Good CLI MCP tools.

Core Standards

Apply these standards to ALL license compliance work:

Run packages_check_licenses MCP tool on the target project directory with licenses: true to display full license information
Transitive dependencies matter — a permissive package that depends on a GPL package still carries the GPL obligation
Flag for manual review when in doubt — never assume compliance without a clear license identifier

License Categories

Category	Licenses	Risk	Guidance
Permissive	MIT, BSD-2-Clause, BSD-3-Clause, Apache-2.0	Low	Safe for any use
Weak copyleft	LGPL-2.1, LGPL-3.0, MPL-2.0	Medium	Safe for dynamic linking; flag for static linking or modification
Strong copyleft	GPL-2.0, GPL-3.0, AGPL-3.0	High	May require the entire project to adopt the same license
Unknown/Missing	None detected	High	Flag immediately for manual review

Audit Process

1. Run License Check

Call the packages_check_licenses MCP tool on the target project directory.

2. Categorize Results

Classify each dependency license using the categories above. Pay attention to:

Direct dependencies with strong copyleft licenses
Transitive dependencies that introduce copyleft obligations
Packages with no license or an unrecognized license identifier

3. Report Findings

Produce a structured compliance report:

## License Compliance Report

### Summary
- Total dependencies scanned: N
- Compliant: N
- Flagged: N

### Flagged Dependencies
| Package | License | Risk | Recommendation |
| --- | --- | --- | --- |
| package_name | GPL-3.0 | High | Replace or obtain exception |

### Compliant Dependencies
All other dependencies use permissive licenses (MIT, BSD, Apache 2.0).

### Recommendations
1. [Most urgent action]
2. [Next action]