frank-luongt/plugins/faos-clo/skills/legal-contract-review

<!-- AUTO-GENERATED by export-plugins.py — DO NOT EDIT -->

---

name: legal-contract-review description: Review contracts for risk, extract key clauses, triage NDAs, and score compliance exposure. Use when evaluating vendor agreements, reviewing customer contracts, assessing NDA terms, or performing contract due diligence. tags: [legal, contracts, compliance, risk-analysis]

Legal Contract Review

Structured contract analysis framework for extracting key terms, scoring risk, triaging NDAs, and identifying compliance exposure. Provides repeatable, evidence-based contract review — not legal advice.

Disclaimer: This skill provides structured analysis patterns and checklists. All output should be reviewed by qualified legal counsel before making binding decisions.

Use this skill when

• Reviewing vendor, customer, or partner agreements for risk
• Triaging NDAs (mutual or unilateral) for quick risk classification
• Extracting key commercial terms into a structured summary
• Scoring compliance exposure across regulatory dimensions
• Preparing contract summaries for executive or board review
• Conducting due diligence on a portfolio of contracts

Do not use this skill when

• You need binding legal opinions (consult qualified counsel)
• Drafting new contracts from scratch (use legal templates instead)
• Reviewing highly regulated instruments (securities, insurance policies) requiring specialized expertise
• The contract is in a language you cannot fully parse

Instructions

1. Identify contract type — classify as vendor, customer, partnership, NDA, employment, or licensing agreement.
2. Run the 10-Point Checklist — extract each element into the Clause Extraction Template.
3. Score compliance risk — apply the Compliance Risk Score across all applicable dimensions.
4. Check Red Flags — scan for the 8 critical red flag patterns.
5. For NDAs — apply the NDA Triage Matrix for rapid classification.
6. Generate output — produce a Contract Summary Brief with risk heat map.

---

10-Point Contract Review Checklist

Every contract review must extract and evaluate these 10 elements:

| # | Element | What to Look For | Risk Level if Missing | |---|---------|------------------|----------------------| | 1 | Parties | Legal entity names, jurisdiction of incorporation, authorized signatories | High — wrong entity = unenforceable | | 2 | Term & Renewal | Start date, end date, auto-renewal clauses, notice periods for termination | Medium — auto-renewal traps | | 3 | Termination Rights | For cause, for convenience, cure periods, termination triggers | High — inability to exit | | 4 | Liability Cap | Aggregate cap, per-incident cap, carve-outs from cap | Critical — unlimited exposure | | 5 | Indemnification | Mutual vs. one-sided, scope of indemnified claims, defense obligations | High — asymmetric risk | | 6 | IP & Ownership | IP assignment, license grants, work-for-hire provisions, background IP protections | Critical — loss of core IP | | 7 | Confidentiality | Scope, duration, permitted disclosures, return/destruction obligations | Medium — over-broad scope | | 8 | Governing Law & Disputes | Jurisdiction, arbitration vs. litigation, venue, class action waiver | Medium — unfavorable venue | | 9 | Data & Privacy | Data processing terms, DPA requirements, breach notification, data residency | High — regulatory exposure | | 10 | Force Majeure | Defined events, notice requirements, performance relief, termination rights | Low — unless critical supply chain |

---

Clause Extraction Template

Use this structure to summarize any contract:

## Contract Summary

**Contract Type:** [Vendor/Customer/NDA/Partnership/Employment/License]
**Parties:** [Party A] ↔ [Party B]
**Effective Date:** [YYYY-MM-DD]
**Term:** [Duration] | **Auto-Renewal:** [Yes/No — notice period]
**Governing Law:** [Jurisdiction]

### Key Commercial Terms
| Term | Value | Notes |
|------|-------|-------|
| Contract Value | $ | Annual/total |
| Payment Terms | Net [X] days | |
| Liability Cap | $ or [X]x fees | Carve-outs: [list] |
| Termination Notice | [X] days | For convenience / for cause |

### Risk Summary
| Risk Area | Score (1-5) | Key Finding |
|-----------|-------------|-------------|
| Financial Exposure | | |
| IP Risk | | |
| Compliance Risk | | |
| Operational Risk | | |
| **Overall Risk** | **[avg]** | **[summary]** |

---

NDA Triage Matrix

Rapid classification for NDAs — takes 10-15 minutes per NDA:

| Dimension | Green (Low Risk) | Yellow (Review) | Red (Escalate) | |-----------|-----------------|-----------------|----------------| | Type | Mutual | Unilateral (we disclose) | Unilateral (we receive only) | | Scope | Clearly defined to project | Broad but reasonable | "All information" without limits | | Duration | 1-3 years | 3-5 years | Perpetual or >5 years | | Non-compete | None | Narrow (specific market, <1 year) | Broad market, >1 year | | Residuals | Residuals clause included | Silent on residuals | Explicitly excludes residuals | | Remedies | Mutual remedies | Injunctive relief (standard) | Liquidated damages or penalties |

Triage Decision:

• All Green → Sign (standard terms)
• Any Yellow → Review (negotiate specific clauses)
• Any Red → Escalate to legal counsel before signing

---

Compliance Risk Score (0-100)

Weighted scoring across regulatory dimensions:

| Dimension | Weight | Score (0-10) | Weighted | |-----------|--------|-------------|----------| | Data Privacy (GDPR, CCPA, PDPA) | 25% | | | | Export Controls (ITAR, EAR) | 15% | | | | Anti-Bribery (FCPA, UK Bribery Act) | 15% | | | | Sanctions (OFAC, EU sanctions) | 15% | | | | Industry-Specific (HIPAA, PCI-DSS, SOX) | 20% | | | | Employment Law (non-compete, IP assignment) | 10% | | | | Total | 100% | | /100 |

Risk Bands:

• 0-25: Low risk — proceed with standard review
• 26-50: Moderate risk — require compliance team sign-off
• 51-75: High risk — require legal counsel review
• 76-100: Critical risk — escalate to CLO / outside counsel

---

Red Flag Checklist

These patterns require immediate escalation:

| # | Red Flag | Why It Matters | |---|----------|---------------| | 1 | Unlimited liability | No cap on financial exposure | | 2 | One-sided indemnification | Only your company bears risk | | 3 | Auto-renewal without notice | Locked into unfavorable terms | | 4 | Broad IP assignment | Transfers IP beyond project scope | | 5 | Non-compete overreach | Restricts future business operations | | 6 | Unilateral amendment rights | Counterparty can change terms without consent | | 7 | No termination for convenience | Cannot exit without cause | | 8 | Jurisdiction in counterparty's home country | Litigation disadvantage |

If any red flag is present, do not approve without legal counsel review.

---

Common Mistakes

• Confusing liability cap with indemnification — a liability cap limits total exposure; indemnification defines who pays for specific losses. Both must be reviewed independently.
• Ignoring change-of-control clauses — acquisition or merger can trigger termination or consent requirements.
• Skipping data processing addendums — GDPR/CCPA require explicit DPA terms for any contract involving personal data processing.
• Overlooking survival clauses — confidentiality, IP, and indemnification often survive termination. Check duration.
• Accepting "standard terms" — no contract is truly standard. Always review, even boilerplate.

---

Additional Resources

• Related skill: stakeholder-map — for identifying contract stakeholders and approval workflows
• IACCM (World Commerce & Contracting) — contract management best practices
• Legal design patterns for technology agreements

<!-- Source: .faos/custom/skills/business/legal-contract-review/SKILL.md -->