Agent Skillslawve-ai/awesome-legal-skills › tech-contract-review-parth-desai

tech-contract-review-parth-desai

GitHub

专为科技行业合同设计的审查工具,覆盖MSA、DPA等10类协议。通过智能风险标记、管辖权分析及条款红-lined,提供零歧义的精准法律意见,模拟资深律师进行合规与风险控制。

skills/tech-contract-review-parth-desai/SKILL.md lawve-ai/awesome-legal-skills

Trigger Scenarios

需要审查科技行业合同(如MSA, DPA, SOW等) 识别合同中的法律风险和模糊条款 分析合同管辖权和合规性

Install

npx skills add lawve-ai/awesome-legal-skills --skill tech-contract-review-parth-desai -g -y
More Options

Use without installing

npx skills use lawve-ai/awesome-legal-skills@tech-contract-review-parth-desai

指定 Agent (Claude Code)

npx skills add lawve-ai/awesome-legal-skills --skill tech-contract-review-parth-desai -a claude-code -g -y

安装 repo 全部 skill

npx skills add lawve-ai/awesome-legal-skills --all -g -y

预览 repo 内 skill

npx skills add lawve-ai/awesome-legal-skills --list

SKILL.md

Frontmatter
{
    "name": "tech-contract-review-parth-desai",
    "metadata": {
        "author": "Parth Desai",
        "license": "agpl-3.0",
        "version": "2026-05-24"
    },
    "description": "Contract Review for Tech and general contract. Smart redflagging feature to show the problems."
}

Tech Contract Review — Lawve Plugin for Anthropic

Purpose

Precision contract analysis for tech-sector agreements. Goal: zero open ambiguity. Flag risk, redline bad clauses, verify jurisdiction, and synthesize actionable output. Operates like a senior tech-transactional lawyer with red pen ready.


Scope — Contract Types Covered

Type Full Name Primary Risk Focus
MSA Master Services Agreement Liability caps, IP ownership, termination rights
DPA Data Processing Agreement GDPR/CCPA compliance, sub-processor obligations, breach notification
SOW Statement of Work Deliverable ambiguity, acceptance criteria, change-order traps
LOE Letter of Engagement Scope creep, fee ambiguity, professional liability
NDA Non-Disclosure Agreement Scope of confidential info, carve-outs, term/survival
SLA Service Level Agreement Uptime definitions, remedy credits, exclusions
EULA End User License Agreement License scope, IP reversion, audit rights
IP Assignment IP/Work-for-Hire Ownership transfer completeness, moral rights, background IP
Vendor/Supplier Procurement Agreement Warranty disclaimers, liability exclusions, IP indemnity
API/Platform ToS Terms of Service Acceptable use restrictions, data retention, suspension rights

Review Workflow

Step 1 — Contract Intake

Before reviewing, establish:

  1. Document type — identify which contract type(s) above apply
  2. Parties — identify each party and their role (customer / vendor / processor / controller)
  3. Effective date & term
  4. Governing law & jurisdiction — see Jurisdiction Analysis section
  5. Execution status — draft, signed, or in negotiation?

Step 2 — Jurisdiction Analysis

ALWAYS perform jurisdiction analysis first. It affects how every clause is interpreted.

Key Questions

  • What governing law clause applies? (e.g., "laws of the State of California", "laws of England and Wales", "laws of India — IT Act 2000")
  • Is the jurisdiction enforceable given where parties are domiciled?
  • Does it conflict with mandatory local law (e.g., GDPR for EU data subjects overrides a non-EU governing law clause)?
  • Is there a dispute resolution mechanism? (court / arbitration / mediation) — and in which seat?

Jurisdiction-Specific Flags

Jurisdiction Key Mandatory Laws Watch-for Clauses
India IT Act 2000, DPDP Act 2023, Indian Contract Act 1872 Cross-border data transfer restrictions, mandatory arbitration (Arbitration & Conciliation Act), stamp duty
EU / EEA GDPR (Reg 2016/679), NIS2, ePrivacy DPA mandatory per Art. 28, SCCs for third-country transfers, right to audit
US (Federal) CCPA (CA), COPPA, HIPAA, CLOUD Act Choice of law enforceability by state, CLOUD Act data access risk
UK UK GDPR, Data Protection Act 2018 Post-Brexit adequacy, IDTA for international transfers
Singapore PDPA 2012 Data intermediary obligations, breach notification 3-day window
Global / Multi-Jurisdiction Identify which law governs data privacy, which governs IP, potential conflict

Rule: If governing law ≠ jurisdiction where data subjects reside, flag it. Privacy law follows the data subject, not the contract.

Step 3 — Clause-by-Clause Analysis

Scan ALL clauses. For each, classify:

  • 🟢 Standard / Acceptable — market-norm, no action needed
  • 🟡 Review / Negotiate — non-standard but not fatal; suggest edits
  • 🔴 Red Flag / Reject — high risk; must be redlined or contract rejected
  • Missing / Absent — critical protection not present; must be added

Clause Category Checklist

A. Definitions

  • "Confidential Information" — is it over/under-broad?
  • "Intellectual Property" — does it include pre-existing IP? Background IP?
  • "Services" / "Deliverables" — vague definitions = scope creep risk 🔴
  • "Affiliates" — could bind third parties without consent?

B. Payment & Fees

  • Payment milestones tied to ambiguous deliverables 🔴
  • Unilateral fee increase clauses 🔴
  • Late payment interest rates — check usury limits per jurisdiction
  • Expense reimbursement — capped or uncapped?

C. Intellectual Property

  • Work-for-hire vs. license — who owns deliverables? 🔴
  • Background IP retained by vendor — is grant-back clause present?
  • AI-generated content ownership — increasingly critical for Anthropic contracts
  • Open source components — license compatibility (GPL contamination risk)
  • IP indemnity — does vendor indemnify for third-party IP infringement?

D. Data Protection (heightened for Anthropic/AI contracts)

  • Data controller vs. processor designation — matches reality? 🔴
  • Sub-processor obligations — approval mechanism required (GDPR Art. 28(2))
  • Data breach notification timeline — GDPR requires 72h; DPDP India requires prompt notice
  • Data deletion/return on termination — timeline specified?
  • Cross-border transfer mechanism — SCCs / adequacy / IDTA / BCRs?
  • Training data usage — CRITICAL for AI contracts: does vendor use customer data to train models? 🔴
  • Audit rights — customer right to audit processor's compliance?

E. Confidentiality

  • Scope of NDA obligations — mutual or one-way?
  • Carve-outs — publicly known, independently developed, required by law?
  • Survival period — post-termination confidentiality term (typically 2–5 years)
  • Residuals clause — allows vendor to retain and use learned knowledge 🔴

F. Liability

  • Liability cap — amount and basis (fees paid in 12 months is standard)
  • Consequential/indirect damage exclusion — one-way or mutual?
  • Carve-outs from cap — IP infringement, fraud, death/PI, data breach 🔴 (missing carve-outs = risk)
  • Insurance requirements — E&O, cyber liability specified?

G. Indemnification

  • IP infringement indemnity — vendor indemnifies customer? 🔴 if absent
  • Data breach indemnity — tied to processor obligations?
  • Third-party claims — "defend, indemnify, hold harmless" — is "defend" present?
  • Indemnity procedure — timely notice, control of defense required?

H. Warranties & Representations

  • Functionality warranty — does software/service perform per specs?
  • Non-infringement warranty
  • Disclaimer of all other warranties — "AS IS" disclaimers overly broad? 🟡
  • Virus/malware warranty
  • Compliance with laws warranty

I. Termination

  • Termination for convenience — notice period? fees payable?
  • Termination for cause — cure period defined? (typically 30 days)
  • Insolvency termination right
  • Effects of termination — data return, license wind-down, transition assistance?
  • Auto-renewal with inadequate notice period 🔴

J. Dispute Resolution

  • Jurisdiction clause — mandatory exclusive? matches governing law? enforceable?
  • Arbitration vs. litigation — seat, rules, number of arbitrators
  • Class action waiver — jurisdiction-specific enforceability
  • Equitable relief carve-out — IP/confidentiality breaches typically need injunctions

K. Force Majeure

  • Cyber attacks / ransomware — included or excluded? 🟡 (vendor should NOT include as FM excuse)
  • Pandemic — post-COVID, review carefully
  • Obligation to mitigate during FM event?
  • Customer right to terminate if FM exceeds threshold period?

L. Miscellaneous / Boilerplate

  • Entire agreement / integration clause — are all prior commitments captured?
  • Amendment procedure — written only? email sufficient?
  • Assignment — can vendor assign to acquirer without consent? 🔴
  • Waiver — non-waiver clause present?
  • Severability — does it include reconstruction obligation?
  • Notices — physical + email; effective when received or sent?

Step 4 — Suspicious Clause Detection (Sus Flags)

Always flag and redline these patterns:

🔴 Critical Sus Patterns

Pattern Sus Clause Type Why Dangerous
"perpetual, irrevocable, royalty-free license to use Your Data" Data exploitation Vendor keeps your data forever, can use for training
"We may modify these terms at any time" Unilateral amendment Zero protection; future changes bind you silently
"sole discretion" paired with termination or suspension Arbitrary suspension No cure right, no appeal
Liability cap: "maximum [X]" with no carve-outs Inadequate protection Data breach could exceed cap with no recourse
"including but not limited to" in exclusions list Scope creep in exclusions Potentially unlimited exclusion
Assignment "including in connection with a merger or acquisition" without consent right Change of control Data and obligations pass to unknown acquirer
"residuals" clause in NDA IP leakage Engineers who learn your secrets are free to use what they remember
Auto-renewal notice period < 30 days Lock-in trap Impossible to miss renewal window in practice
Indemnity for "any and all claims" without materiality threshold Open-ended exposure No floor on frivolous claims
"notwithstanding anything to the contrary" without specifying what it overrides Conflict bomb This clause overrides EVERYTHING — dangerous position
SOW deliverable defined only as "as mutually agreed" Scope ambiguity No enforceable deliverable definition
"best efforts" for critical obligations Unenforceable Should be "shall" for material obligations
DPA: no sub-processor list or approval mechanism GDPR violation Mandatory under Art. 28(2)
AI/ML contract: no restriction on training data use Model contamination Customer data used to improve competitor-facing models

Step 5 — Redlining Output

For each 🔴 and 🟡 clause, produce:

CLAUSE: [Section X.X — Clause Title]
RISK LEVEL: 🔴 Red Flag / 🟡 Review
ISSUE: [Plain-language description of the problem]
ORIGINAL TEXT: "[exact clause text]"
REDLINED REPLACEMENT: "[suggested replacement text]"
RATIONALE: [why this change protects the client]
JURISDICTION NOTE: [if jurisdiction-specific, call it out]

Step 6 — Active Research (Web Search Integration)

When reviewing:

  • Look up current regulatory requirements for identified jurisdiction (GDPR, DPDP Act, CCPA updates)
  • Search for case law on specific clause types if jurisdiction is identified
  • Check if DPA adequacy decisions are current for cross-border data transfers
  • Verify Anthropic's current DPA template against contract if reviewing a vendor DPA
  • Research industry standard benchmarks for liability caps in SaaS/AI contracts

Use web search for:

  • "GDPR adequacy decision [country] 2024"
  • "India DPDP Act 2023 requirements DPA"
  • "standard SaaS liability cap benchmark"
  • "CCPA amendment [year] requirements"

Step 7 — Contract Summary Output

After full review, produce structured summary:

CONTRACT REVIEW SUMMARY
═══════════════════════════════════════════════
Document: [Contract name/type]
Parties: [Party A] ↔ [Party B]
Governing Law: [Jurisdiction]
Effective Date: [Date]
Review Date: [Today's date]
Overall Risk Rating: 🔴 HIGH / 🟡 MEDIUM / 🟢 LOW
═══════════════════════════════════════════════

CRITICAL ISSUES (must fix before signing):
1. [Issue description + section reference]
2. ...

RECOMMENDED CHANGES (negotiate if possible):
1. [Issue description + section reference]
2. ...

MISSING PROTECTIONS (add these clauses):
1. [Missing clause description]
2. ...

JURISDICTION ALERTS:
- [Any mandatory law conflicts]

DATA PROTECTION SCORE: [X/10]
IP PROTECTION SCORE: [X/10]
LIABILITY BALANCE SCORE: [X/10]

RECOMMENDATION: ✅ Acceptable / ⚠️ Negotiate First / 🚫 Do Not Sign
═══════════════════════════════════════════════

Contract Type Deep-Dives

MSA (Master Services Agreement)

Key principle: MSA sets the legal framework; SOWs execute under it. Watch for:

  • SOW prevails over MSA conflict — or vice versa? (should be MSA prevails except for commercial terms)
  • Change order procedure — is it written? timeline for approval?
  • IP ownership of deliverables — work-for-hire must be explicit
  • Audit rights — for compliance AND financial accuracy

DPA (Data Processing Agreement)

GDPR Art. 28 mandatory elements — ALL must be present:

  • Subject matter, nature, purpose, type of data, categories of data subjects
  • Duration of processing
  • Obligations and rights of controller
  • Sub-processor approval and obligations
  • Data return or deletion on termination
  • Cooperation with supervisory authority
  • Security measures (Art. 32 reference)

For India DPDP Act 2023:

  • "Data Fiduciary" (controller) vs. "Data Processor" terminology
  • Consent mechanism requirements
  • Data Principal (subject) rights
  • Cross-border transfer restrictions (whitelist jurisdiction model)

SOW (Statement of Work)

Golden rule: if it is not written, it is not in scope. Flag:

  • Deliverables defined in functional terms, not technical specs
  • Acceptance criteria: must be objective, measurable, time-bound
  • Deemed acceptance after X days without objection — flag period length
  • Change management: no written change order = no scope change (protect this)
  • Payment tied to milestones vs. calendar — milestone preferred

LOE (Letter of Engagement)

Simpler than MSA but same IP and liability risks. Watch:

  • Professional liability — is it capped? At what?
  • Engagement scope — is it specific enough to avoid later disputes?
  • Conflict of interest provisions
  • File retention policy
  • Regulatory compliance (bar association / professional body rules if legal/audit engagement)

Red Lines (Non-Negotiable for Anthropic-Context Contracts)

These clauses must be flagged as absolute dealbreakers when reviewing contracts for AI/ML companies:

  1. Training data license — vendor MUST NOT get rights to use customer data for model training without explicit, separate, opt-in consent
  2. Unilateral IP assignment — all AI-generated output must have clear ownership; vendor cannot claim ownership of outputs generated using customer prompts/data
  3. Unlimited liability for IP indemnity — AI companies face patent/copyright risk; liability must be capped or separately insured
  4. No data deletion obligation — AI model vendors must commit to data deletion, not just anonymization
  5. Waiver of audit rights on data processing — non-negotiable; must retain right to audit or receive third-party audit reports (SOC 2, ISO 27001)

Output Formats

Situation Output Format
Quick question ("is this clause ok?") Inline analysis with risk rating
Full contract review Structured summary + clause-by-clause redlines
Comparison of two versions Side-by-side diff with change rationale
DPA compliance check GDPR/DPDP checklist with pass/fail/missing
Contract drafting assistance Draft language with alternatives
Export to Word (.docx) Use docx skill — redlines as tracked changes

Important Disclaimers (Always Include in Output)

⚠️ This analysis is AI-generated legal guidance, not legal advice. Always have a qualified attorney in the relevant jurisdiction review before signing. This tool identifies risk patterns; it does not replace professional legal counsel for binding commitments.

Version History

  • 7f58aaf Current 2026-07-05 11:54

Same Skill Collection

skills/assignation-refere-recouvrement-creance-selim-brihi/SKILL.md
skills/canned-responses-anthropic/SKILL.md
skills/compliance-anthropic/SKILL.md
skills/contract-review-anthropic/SKILL.md
skills/contract-risk-analyzer-sneha-ganapavarapu/SKILL.md
skills/docx-processing-lawvable/SKILL.md
skills/docx-processing-openai/SKILL.md
skills/docx-processing-superdoc/SKILL.md
skills/dpdpa-gdpr-review-parth-desai/SKILL.md
skills/dpia-sentinel-oliver-schmidt-prietz/SKILL.md
skills/eu-ai-act-report-oliver-schmidt-prietz/SKILL.md
skills/eu-ai-act-roles-oliver-schmidt-prietz/SKILL.md
skills/eu-ai-act-triage-oliver-schmidt-prietz/SKILL.md
skills/french-text-proofreading-christophe-quezel-ambrunaz/SKILL.md
skills/icelandic-company-formation-magnus-smari-smarason/SKILL.md
skills/icelandic-contract-review-magnus-smari-smarason/SKILL.md
skills/icelandic-court-case-finder-magnus-smarason/SKILL.md
skills/icelandic-eea-gap-analysis-magnus-smari-smarason/SKILL.md
skills/icelandic-labour-law-magnus-smari-smarason/SKILL.md
skills/icelandic-legal-terminology-magnus-smari-smarason/SKILL.md
skills/icelandic-privacy-review-magnus-smari-smarason/SKILL.md
skills/legal-data-hunter-zacharie-laik/SKILL.md
skills/legal-risk-assessment-anthropic/SKILL.md
skills/lgpd-sentinel-rafael-mastronardi/SKILL.md
skills/mcq-generator-christophe-quezel-ambrunaz/SKILL.md
skills/meeting-briefing-anthropic/SKILL.md
skills/nda-review-jamie-tso/SKILL.md
skills/nda-triage-anthropic/SKILL.md
skills/notification-licenciement-selim-brihi/SKILL.md
skills/outlook-emails-lawvable/SKILL.md
skills/outside-counsel-billing-and-performance-reviewer-carl-ditzler/SKILL.md
skills/pdf-processing-anthropic/SKILL.md
skills/pdf-processing-openai/SKILL.md
skills/politique-confidentialite-malik-taiar/SKILL.md
skills/politique-cookies-malik-taiar/SKILL.md
skills/politique-lanceur-alerte-malik-taiar/SKILL.md
skills/privilege-sentinel-emily-cabrera/SKILL.md
skills/requete-cph-licenciement-faute-grave-selim-brihi/SKILL.md
skills/security-review-openai/SKILL.md
skills/skill-creator-anthropic/SKILL.md
skills/skill-creator-openai/SKILL.md
skills/skill-optimizer-lawvable/SKILL.md
skills/swiss-legal-source-authority-triage-enrique-g-zbinden/SKILL.md
skills/tabular-review-lawvable/SKILL.md
skills/vscode-extension-builder-lawvable/SKILL.md
skills/xlsx-processing-manus/SKILL.md
skills/xlsx-processing-openai/SKILL.md
skills/ai-governance-reviewer-carl-ditzler/SKILL.md
skills/analyse-rgpd-dpa-fournisseur-hugo-salard/SKILL.md
skills/assignation-refere-communication-associe-selim-brihi/SKILL.md
skills/audit-de-conformite-rgpd-site-internet-hugo-salard/SKILL.md
skills/bacen-compliance-sentinel-rafael-mastronardi/SKILL.md
skills/billable-time-stephane-boghossian/SKILL.md
skills/billing-cycle-manager-scott-margetts/SKILL.md
skills/budget-and-fee-manager-scott-margetts/SKILL.md
skills/climate-aligned-contracts-tclp/SKILL.md
skills/collaboration-platform-advisor-scott-margetts/SKILL.md
skills/continuous-improvement-engine-scott-margetts/SKILL.md
skills/customs-trade-law-onur-kafkas/SKILL.md
skills/divorce-ct-stephane-boghossian/SKILL.md
skills/doctrinal-research-allison-fiorentino/SKILL.md
skills/document-approval-tracker-scott-margetts/SKILL.md
skills/docx-processing-anthropic/SKILL.md
skills/employment-law-research-yue-deng-wu/SKILL.md
skills/en-us-legal-translation-wouter-van-den-berg/SKILL.md
skills/engagement-terms-billing-guidelines-scott-margetts/SKILL.md
skills/eu-ai-act-classification-oliver-schmidt-prietz/SKILL.md
skills/eu-ai-act-high-risk-implementation-readiness-werner-plutat/SKILL.md
skills/eu-ai-act-obligations-oliver-schmidt-prietz/SKILL.md
skills/eu-data-act-compliance-assessment-werner-plutat/SKILL.md
skills/eu-data-act-ryan-malek/SKILL.md
skills/fee-arrangement-structuring-scott-margetts/SKILL.md
skills/flash-case-law-research-giovanna-panucci/SKILL.md
skills/fria-eu-ai-act-article-27-werner-plutat/SKILL.md
skills/gdpr-breach-sentinel-oliver-schmidt-prietz/SKILL.md
skills/gdpr-privacy-notice-eu-oliver-schmidt-prietz/SKILL.md
skills/https-www-lawvable-com-en-author-patrick-munro-2/SKILL.md
skills/https-www-lawvable-com-en-author-patrick-munro-3/SKILL.md
skills/https-www-lawvable-com-en-author-patrick-munro/SKILL.md
skills/indian-foreign-investment-approval-assessment-siddhi-kudalkar/SKILL.md
skills/invoice-review-compliance-scott-margetts/SKILL.md
skills/judicial-first-impression-larissa-meredith-flister/SKILL.md
skills/jurisrank-argentine-supreme-court-analysis-adrian-lerer/SKILL.md
skills/lawyerscrib-garry-haas/SKILL.md
skills/legal-assistant-christophe-quezel-ambrunaz/SKILL.md
skills/legal-document-drafting-formatting-alessandro-dardano/SKILL.md
skills/legal-guidance-vault-michael-cremata/SKILL.md
skills/legal-risk-assessment-zacharie-laik/SKILL.md
skills/legal-simulation-patrick-munro/SKILL.md
skills/legal-translation-uk-english-wouter-van-den-berg/SKILL.md
skills/legitimate-interest-oliver-schmidt-prietz/SKILL.md
skills/litigation-deadline-calendar-dave-marcus/SKILL.md
skills/local-counsel-manager-scott-margetts/SKILL.md
skills/mandarinat-christophe-quezel-ambrunaz/SKILL.md
skills/mandatory-verification-larissa-meredith-flister/SKILL.md
skills/matter-allocation-instruction-scott-margetts/SKILL.md
skills/matter-intake-scoping-scott-margetts/SKILL.md
skills/matter-plan-builder-scott-margetts/SKILL.md
skills/mediation-dispute-analysis-jinzhe-tan/SKILL.md
skills/new-designation-screening-test-amir-fadavi/SKILL.md
skills/nil-contract-analysis-samir-patel/SKILL.md
skills/nis2-navigator-oliver-schmidt-prietz/SKILL.md
skills/nist-ai-rmf-rafal-fryc/SKILL.md
skills/opposing-counsel-review-larissa-meredith-flister/SKILL.md
skills/oral-argument-stephane-boghossian/SKILL.md
skills/originality-in-european-copyright-joris-deene/SKILL.md
skills/panel-design-selection-scott-margetts/SKILL.md
skills/panel-review-rationalisation-scott-margetts/SKILL.md
skills/performance-scorecard-scott-margetts/SKILL.md
skills/persuasive-legal-writing-larissa-meredith-flister/SKILL.md
skills/pptx-processing-anthropic/SKILL.md
skills/raisonnement-juridique-amaury-fouret/SKILL.md
skills/recherche-theses-allison-fiorentino/SKILL.md
skills/red-team-verifier-patrick-munro/SKILL.md
skills/resource-planner-scott-margetts/SKILL.md
skills/rfp-pitch-management-scott-margetts/SKILL.md
skills/risk-and-issues-manager-scott-margetts/SKILL.md
skills/sanctions-screening-gillan-saleh/SKILL.md
skills/sanctions-screening-legal-analysis-skill-english-gillan-saleh/SKILL.md
skills/scope-change-controller-scott-margetts/SKILL.md
skills/screening-alert-adjudication-amir-fadavi/SKILL.md
skills/skill-injection-defense-ignacio-adrian-lerer/SKILL.md
skills/skill-security-auditor-antoine-louis/SKILL.md
skills/source-locked-verification-larissa-meredith-flister/SKILL.md
skills/stakeholder-comms-planner-scott-margetts/SKILL.md
skills/status-report-drafter-scott-margetts/SKILL.md
skills/statute-analysis-rafal-fryc/SKILL.md
skills/tech-contract-negotiation-patrick-munro/SKILL.md
skills/timeline-generator-scott-margetts/SKILL.md
skills/vendor-due-diligence-patrick-munro/SKILL.md
skills/victor-wang-yc-saas-drafter/SKILL.md
skills/xlsx-processing-anthropic/SKILL.md

Metadata

Files
0
Version
7f58aaf
Hash
3662bdfb
Indexed
2026-07-05 11:54

Accueil - Wiki
Copyright © 2011-2026 iteam. Current version is 2.155.2. UTC+08:00, 2026-07-08 20:54
浙ICP备14020137号-1 $Carte des visiteurs$