Review vendor AI terms — agreement, addendum, or ToS AI provisions — against your governance positions; flag training-on-data, liability, model changes, and AI policy consistency. Use when user says "review this AI agreement", "check OpenAI terms", "what did we agree to with [vendor]", "vendor sent an AI addendum", "is this AI contract okay", or attaches vendor AI terms.
复制安装指令,让 AI 自动完成配置 · 推荐新手
请帮我安装 askskill 上的 "vendor-ai-review" 技能: 1. 下载 https://raw.githubusercontent.com/anthropics/claude-for-legal/main/ai-governance-legal/skills/vendor-ai-review/SKILL.md 2. 保存为 ~/.claude/skills/vendor-ai-review/SKILL.md 3. 装好后重载技能,告诉我可以用了
~/.claude/plugins/config/claude-for-legal/ai-governance-legal/CLAUDE.md. Confirm vendor governance positions are populated — if not, stop and direct to setup.~/.claude/plugins/config/claude-for-legal/ai-governance-legal/CLAUDE.md./ai-governance-legal:vendor-ai-review openai-enterprise-agreement.pdf
Matter context. Check ## Matter workspaces in the practice-level CLAUDE.md. If Enabled is ✗ (the default for in-house users), skip the rest of this paragraph — skills use practice-level context and the matter machinery is invisible. If enabled and there is no active matter, ask: "Which matter is this for? Run /ai-governance-legal:matter-workspace switch <slug> or say practice-level." Load the active matter's matter.md for matter-specific context and overrides. Write outputs to the matter folder at ~/.claude/plugins/config/claude-for-legal/ai-governance-legal/matters/<matter-slug>/. Never read another matter's files unless Cross-matter context is on.
Vendor AI terms are where your governance positions actually get tested. The cold-start interview captures what you want. This skill checks what you agreed to — and flags the gaps between those two things.
The direction here is always the same: we are the deployer or buyer reviewing the vendor's terms. This is the opposite posture from the DPA review controller/processor question — there's no flip.
What varies is the input:
When there's a DPA already in place, this review complements it — it's not a substitute. The DPA governs data protection obligations; the AI terms govern model-specific rights and risks. Both need to be reviewed.
Read ~/.claude/plugins/config/claude-for-legal/ai-governance-legal/CLAUDE.md → ## Vendor AI governance. Also read ## AI policy commitments
— vendor terms can't be consistent with a use restriction our own policy imposes if
we've agreed to something different.
If ~/.claude/plugins/config/claude-for-legal/ai-governance-legal/CLAUDE.md contains [PLACEHOLDER], surface this bounce:
I notice you haven't configured your practice profile yet — that's how I tailor vendor governance positions to your practice.
Two choices:
- Run
/ai-governance-legal:cold-start-interview(2 minutes) to configure your profile, then I'll review tailored to YOUR positions.- Say "provisional" and I'll review against generic defaults — US jurisdiction, middle risk appetite, lawyer role, no playbook — and tag every output
[PROVISIONAL — configure your profile for tailored output]so you can see what I do before committing.
If the user says "provisional," run the vendor AI review normally using these generic defaults: middle risk appetite, lawyer role, US jurisdiction, no playbook (flag all common vendor-AI risks from first principles rather than matching to configured positions). Tag the reviewer note and every finding block with [PROVISIONAL]. At the end of the output, append:
…
Review and approve (or reject) pending playbook update proposals from the playbook-monitor agent and apply approved changes to the practice profile. Use when the playbook-monitor agent has surfaced proposals, when the user says "review playbook proposals", "what playbook updates are pending", or wants to step through deviation-driven playbook changes.
Reference: review of SaaS subscription agreements with attention to the terms that matter most in subscription deals — auto-renewal mechanics, price escalation, data portability, uptime SLAs, and subprocessor rights. Loaded by /commercial-legal:review when a SaaS or subscription agreement is detected.
Drafts board or committee meeting minutes in your house format. Auto-detects upcoming board and committee meetings from your calendar, asks for the agenda and any slides or pre-read materials, and produces a complete draft in the format learned from your seed minutes. Also handles written consents in lieu of meetings. Trigger: "board minutes", "draft minutes", "upcoming board meeting", "committee minutes", "written consent", or calendar detection of an upcoming board or committee event.
Aggregate diligence findings into a deal team briefing at the right altitude for the audience — exec summary for leadership, working summary for the team. Use when user says "brief the deal team", "what's the state of diligence", "summarize findings for [audience]", "deal update", or on the briefing cadence.
Entity compliance tracker — initialize, report upcoming deadlines, update status, run health audit, export to CSV. Maintains a compliance-tracker.yaml built from the entity table, calculates filing deadlines by entity and jurisdiction, and surfaces what's due in the next 30/60/90 days. Use when user says "entity compliance", "filing deadlines", "annual reports due", "entity tracker", "what filings are due", "entity health", or "good standing".
Trace how a contract has changed across its base agreement and all amendments — either a summary of all changes over time, or a provision trace for a specific clause. Use when the user says "what changed in this contract over time", "show me the amendment history", "where's the latest [clause]", "how has [provision] evolved", or uploads multiple versions of an agreement.