Lawyer Analyst
Stress-test product decisions with IRAC-style legal lenses—contracts, privacy, IP, and liability—before you commit scope or ship policy-facing features.
Overview
Lawyer Analyst is an agent skill most often used in Validate (also Ship, Launch) that applies IRAC and compliance checklists to contracts, privacy, IP, and liability—not a substitute for licensed counsel.
Install
npx skills add https://github.com/rysweet/amplihack --skill lawyer-analystWhat is this skill?
- IRAC framework: Issue, Rule, Application, Conclusion for structured legal reasoning
- Contract review, ToS/privacy drafting support, and open-source license evaluation
- GDPR, CCPA, HIPAA-oriented compliance and data-protection framing
- IP strategy coverage for patents, copyright, and trademarks
- Explicit disclaimer: legal information, not licensed legal advice
- Core IRAC legal reasoning uses a 4-step Issue–Rule–Application–Conclusion structure
Adoption & trust: 608 installs on skills.sh; 63 GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
You are shipping a SaaS or agent product without a clear read on contracts, privacy law, IP, or liability exposure until something expensive surprises you.
Who is it for?
Founders reviewing vendor contracts, drafting first-pass privacy/ToS, or evaluating OSS licenses and data regimes before build-heavy investment.
Skip if: Matters with no legal or regulatory angle, or situations where you need definitive legal advice instead of informational frameworks.
When should I use this skill?
Contract review, privacy or regulatory compliance, IP strategy, open-source licensing, or liability risk assessment—not for pure technical-only questions.
What do I get? / Deliverables
You get IRAC-structured issue lists, applicable-rule sketches, and risk flags you can hand to a real attorney or fold into scope and policy docs.
- IRAC-structured legal issue memos
- Compliance and liability risk inventories
- Draft outlines for policies or negotiation points
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Validate/scope is where solo builders lock terms, data practices, and regulatory assumptions that lawyer-style analysis should catch early. Scope covers what you will build, how you handle user data, and which obligations attach before full implementation spend.
Where it fits
Map GDPR/CCPA obligations before committing to analytics and AI data flows in the MVP.
Align data-protection requirements with security controls before handling health or sensitive categories.
Sanity-check platform ToS, moderation rules, and liability limits before public listing or marketplace launch.
Frame UGC moderation duties and enforcement policies as user volume increases.
How it compares
Analytical workflow skill for legal information, not automated contract generation or a regulated legal service.
Common Questions / FAQ
Who is lawyer-analyst for?
Solo and indie builders who need structured legal-risk thinking for SaaS, platforms, and AI products and who will still consult attorneys for binding advice.
When should I use lawyer-analyst?
At Validate when scoping compliance and terms; at Ship when assessing privacy/security obligations; at Launch for ToS and distribution governance; at Grow for moderation and lifecycle policies.
Is lawyer-analyst safe to install?
Check the Security Audits panel on this page; treat outputs as non-advice analysis and never rely on the skill alone for regulatory or litigation decisions.
SKILL.md
READMESKILL.md - Lawyer Analyst
# Lawyer Analyst - Quick Reference ## TL;DR Analyze through legal lenses: contract obligations and risks, intellectual property protection, privacy/data compliance (GDPR, CCPA), regulatory requirements, liability exposure, and terms of service. Use IRAC reasoning and identify legal risks before they become problems. **IMPORTANT DISCLAIMER**: This provides legal information and frameworks, not legal advice. Always consult licensed attorneys for actual legal matters. ## When to Use **Perfect For:** - Contract review and negotiation - Privacy policy and terms of service drafting - Regulatory compliance assessment (GDPR, CCPA, HIPAA) - Intellectual property strategy (patents, copyright, trademarks) - Open source license evaluation - Data protection and security requirements - Employment agreements and HR policies - Risk assessment and liability analysis - Content moderation and platform governance **Skip If:** - No legal or regulatory dimensions - Pure technical or scientific analysis - Focused on psychology or user experience ## Core Frameworks ### IRAC Legal Reasoning Structure legal analysis: 1. **Issue**: What's the legal question? 2. **Rule**: What law, statute, or precedent applies? 3. **Application**: How does the rule apply to these facts? 4. **Conclusion**: What's the legal outcome? Example: - **Issue**: Is our AI training on copyrighted works fair use? - **Rule**: Fair use considers: purpose, nature, amount, market effect - **Application**: Transformative use for training, not substituting original - **Conclusion**: Likely fair use but litigation risk remains ### GDPR Core Principles Eight principles for data protection: 1. **Lawfulness, fairness, transparency** - Clear legal basis and notice 2. **Purpose limitation** - Use only for stated purposes 3. **Data minimization** - Collect only what's necessary 4. **Accuracy** - Keep data correct and current 5. **Storage limitation** - Don't keep longer than needed 6. **Integrity and confidentiality** - Secure data appropriately 7. **Accountability** - Demonstrate compliance **Individual Rights**: Access, rectification, erasure, portability, objection ### Intellectual Property Types Four main categories: - **Patents**: Inventions, processes (20 years, must be novel, non-obvious, useful) - **Copyrights**: Creative works, software (life + 70 years, automatic upon creation) - **Trademarks**: Brands, logos (renewable, must be distinctive and used in commerce) - **Trade Secrets**: Confidential business info (no expiration if protected) ### Contract Essentials Valid contract requires: 1. **Offer** - Clear proposal 2. **Acceptance** - Agreement to terms 3. **Consideration** - Value exchanged (money, services, promises) 4. **Capacity** - Parties legally able to contract 5. **Legality** - Purpose must be legal ## Quick Analysis Steps ### Step 1: Identify Legal Domains (3 min) - What legal areas are implicated? (contract, IP, privacy, regulatory, tort) - What jurisdictions apply? (US federal, state, EU, international) - What industry regulations? (healthcare, finance, telecom) - Who are the parties and their relationships? ### Step 2: Contract Risk Spotting (8 min) If contracts are involved: - What are the core obligations? (deliverables, timelines, payments) - What are liability limitations and caps? - What are indemnification requirements? - What are termination conditions? - What's the dispute resolution process? - Are terms one-sided or unusual? - What's the governing law and jurisdiction? ### Step 3: Privacy and Data Compliance (10 min) If data is collected/processed: - What data is collected? (personal, sensitive, children's) - What's the legal basis? (consent, contract, legitimate interest) - Is data minimized to what's necessary? - Are individual rights supported? (access, deletion, portability) - Are there adequate security measures? - Are cross-border transfers lawful? - Is there a breach notification process? ### Step 4: IP Analysis (8 min) -