alirezarezvani/gc-review
c-level-advisor/c-level-agents/skills/gc-review/SKILL.md
/cs:gc-review <plan> — General Counsel interrogation of contracts, IP, regulatory, term sheets, and employment-law surface.
$ install --global
skillsauthnpx skillsauth add alirezarezvani/claude-skills gc-reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 14, 2026, 3:35 AM287.6s1 file scanned
SKILL.md
- name:
- gc-review
- description:
- /cs:gc-review <plan> — General Counsel interrogation of contracts, IP, regulatory, term sheets, and employment-law surface.
/cs:gc-review — General Counsel Forcing Questions
Command: /cs:gc-review <plan>
The General Counsel lens. Six questions before any contract, term sheet, IP move, or regulatory commitment. This is a lane gstack has zero of — and one where a single missed clause costs more than a year of engineering.
⚠️ Not legal advice. This command surfaces the right questions to ask before talking to outside counsel. Always engage qualified counsel for binding decisions.
When to Run
- Before signing any contract > $100K or > 1 year
- Before issuing equity (employee grants, advisor grants)
- Before a term sheet response
- Before entering a regulated market (healthcare, fintech, defense)
- Before any open-source license decision in core IP
- Before an M&A LOI
The Six GC Questions
1. IP Ownership
Who owns the IP being created or shared in this transaction?
- Work-for-hire vs license vs joint.
- For employees and contractors: written IP assignment in place?
- For OSS: license compatibility checked?
2. Liability & Indemnity
What's the liability cap, and what's carved out from it?
- Standard cap: 12 months of fees.
- Carve-outs: IP infringement, data breach, willful misconduct.
- Mutual indemnity desirable.
3. Data Processing
What personal data is involved, and is a DPA in place?
- GDPR / CCPA scope?
- Subprocessor flow-down?
- Data residency requirements?
4. Termination & Renewal
What's the termination right, what's the notice period, and what's auto-renew?
- Termination for convenience vs cause.
- Notice period (30 / 60 / 90 days).
- Auto-renewal trap?
5. Regulatory Surface
Does this expose the company to a new regulatory regime?
- Healthcare → HIPAA.
- Fintech → BSA/AML, state money-transmitter.
- Medical device → FDA, MDR, ISO 13485.
- Data → GDPR, CCPA, state breach laws.
6. Employment / Equity
If this is a hire or contractor: jurisdiction, classification, equity grant, IP assignment?
- Misclassification risk?
- Equity vesting standard (4-year, 1-year cliff)?
- Acceleration triggers?
- 409A current?
Workflow
- Read the contract / term sheet end to end
- Run the six questions
- Identify the top-3 issues that need outside counsel review
- Apply the verdict
Output Format
# GC Review: <plan>
**Date:** YYYY-MM-DD
## Document
- Type: <contract / term sheet / grant / DPA>
- Counterparty: <name>
- $ value or scope: <amount>
## Issues
| # | Issue | Risk | Recommendation |
|---|---|---|---|
| 1 | <e.g., uncapped IP indemnity> | HIGH | Cap at fees paid, mutual |
| 2 | <e.g., 5-year auto-renew> | MED | 1-year max, 60-day notice |
| 3 | <e.g., no DPA, EU data> | HIGH | Require DPA before sign |
## Regulatory Trigger
- New regime triggered? <yes/no>
- Specific frameworks: <HIPAA / GDPR / etc.>
## Outside Counsel Action Items
- [ ] <specific item 1>
- [ ] <specific item 2>
- [ ] <specific item 3>
## Verdict
🟢 SIGN AS-IS (rare)
🟡 NEGOTIATE — counter on top-3 issues
🔴 DO NOT SIGN — material risk
Routing
/cs:ciso-review— for any data-touching contract/cs:cfo-review— for any commitment > 1 year or > 1% of revenue/cs:decide— log the verdict after outside counsel review
Workflow Integration with general-counsel-advisor skill
Since v2.5.1, this command is backed by a full skill at ../../../skills/general-counsel-advisor/ with two Python tools:
# Automated contract scan (12 founder-killer patterns)
python ../../../skills/general-counsel-advisor/scripts/contract_risk_scanner.py path/to/contract.txt
# Term sheet scoring (0-100 founder-friendliness)
python ../../../skills/general-counsel-advisor/scripts/term_sheet_analyzer.py path/to/term_sheet.json
The cs-general-counsel-advisor agent orchestrates both tools plus 3 references (contracts playbook, IP + regulatory, term sheet decoder).
Related
- Skill:
general-counsel-advisor— full skill with Python tools + references - Agent:
cs-general-counsel-advisor - Compliance execution:
../../../../ra-qm-team/ - Adjacent:
../../../skills/ma-playbook/
Version: 1.0.0
Related Skills
alirezarezvani/code-reviewer
tools
VerifiedTrustedCommunity
Code review automation for TypeScript, JavaScript, Python, Go, Swift, Kotlin, C#, .NET, Java, C, C++, Rust, Ruby, PHP, and Dart/Flutter. Analyzes PRs for complexity and risk, checks code quality for SOLID violations and code smells, generates review reports. Use when reviewing pull requests, analyzing code quality, identifying issues, generating review checklists.
16,546SKILL.mdUpdated May 10, 2026
alirezarezvani/research-ops-skills
tools
VerifiedTrustedCommunity
Use when planning, funding, scoping, or synthesizing enterprise research across workstreams — clinical study design, R&D program finance, market sizing/surveys, or product/user research. Triggers on "design this clinical study", "what sample size", "R&D budget", "burn rate", "capitalize or expense", "TAM SAM SOM", "market sizing", "survey design", "segment the market", "plan user interviews", "usability test", "synthesize research insights". Forks context to route to one of four Research-Operations sub-skills (clinical-research, research-finance, market-research, product-research) and returns a digest. Distinct from ra-qm-team (regulatory submission), finance (corporate close/valuation), research/grants (funding discovery), product-team (persona/journey/live experiments), and marketing-skill (campaign analytics).
16,359SKILL.mdUpdated May 28, 2026
alirezarezvani/research-finance
development
VerifiedTrustedCommunity
Use when managing the money for an internal R&D program or portfolio — building a multi-period program budget with the F&A (indirect) split, tracking burn rate and runway against value-inflection milestones, or routing R&D cost items to a capitalize-vs-expense determination. Every budget output surfaces its assumptions block; capitalize-vs-expense is decision-support only and routes to a named finance owner — it never books an entry or decides accounting treatment. Distinct from finance/financial-analysis (corporate DCF, close, valuation) and research/grants (funding discovery — this manages money already won).
16,359SKILL.mdUpdated May 28, 2026
alirezarezvani/product-research
development
VerifiedTrustedCommunity
Use when planning and synthesizing product/user research as a method-and-repository discipline — selecting the right method for the goal (generative interviews vs usability test vs concept test vs validation), computing method-based saturation/sample size with an explicit confidence level, or synthesizing coded observations into insights while flagging single-source anecdotes. Never fabricates user insight; an insight requires recurrence across independent participants. Distinct from product-team/ux-researcher-designer (persona/journey artifacts), product-discovery (discovery-sprint planning), and experiment-designer (live A/B) — this is the research-ops method + insight-repository layer.
16,359SKILL.mdUpdated May 28, 2026