When you need to know if a contract risk warrants senior counsel, /legal-risk-assessment scores it on severity by likelihood — escalate by data. — Claude Skill
A Claude Skill for Claude Code by Anthropic✓ — run /legal-risk-assessment in Claude·Updated
Score legal risks GREEN/YELLOW/ORANGE/RED on severity by likelihood.
- 5x5 severity by likelihood matrix with score 1-25
- Risk levels: GREEN (1-4), YELLOW (5-9), ORANGE (10-15), RED (16-25)
- Mandatory outside counsel triggers: active litigation, government investigation, criminal exposure, securities, board-level
- Risk register entry with category, owner, mitigations, review date
- Full risk memo: severity rationale, contributing factors, mitigation options, residual risk
Who this is for
What it does
Severity 4 (substantial financial exposure, 5-25% of deal value). Likelihood 3 (possible — IP claims happen in this sector). /legal-risk-assessment scores 12 = ORANGE. Escalate to senior counsel, develop mitigation plan, consider outside counsel.
/legal-risk-assessment walks through severity (potential class action, employment claim, reputational), likelihood (clear precedent in HR records), and returns RED 18. Immediate GC briefing, outside counsel engagement, litigation hold.
Severity 3, Likelihood 3 = YELLOW 9. Mitigate actively, brief stakeholders, define triggers for elevation. Skill generates the risk memo with specific monitoring plan and 30-day review cadence.
/legal-risk-assessment generates the risk register with all open matters scored consistently, change-since-last-quarter highlighted, and ORANGE/RED items grouped for board narrative.
How it works
Describe the matter: contract risk, threatened claim, regulatory inquiry, or open issue
Skill walks you through severity (1-5) with rationale anchors
Walks you through likelihood (1-5) based on precedent
Calculates score, assigns GREEN/YELLOW/ORANGE/RED level
Returns recommended actions, escalation path, and full risk memo
Example
Vendor's redline removes the IP infringement indemnification from our MSA. Deal value $5M ARR, 3-year term. Vendor is a small AI startup we're integrating with our core product.
Severity: 4 (High) — Without IP indemnity, infringement claim could expose us to 5-25% of ARR plus injunction risk Likelihood: 3 (Possible) — AI training data IP litigation is active in this sector; vendor has limited insurance Score: 12 = ORANGE (High Risk)
1. Escalate to senior counsel before signing 2. Develop mitigation: require IP rep + warranty + insurance certificate ($5M minimum) 3. Consider outside counsel review of vendor's IP chain of title 4. Brief CTO on integration risk 5. Define contingency: termination right + transition assistance if claim arises
Option A: Insist on IP indemnification — Effectiveness: HIGH, Cost: LOW, Recommended: YES Option B: Cap IP liability at 3x fees + carve out from overall cap — Effectiveness: MEDIUM, Cost: LOW, Recommended: YES (fallback) Option C: Walk away — Effectiveness: HIGH, Cost: HIGH (lose $5M ARR), Recommended: only if A and B fail
With Option A + insurance: ORANGE 12 to YELLOW 6 With Option B alone: ORANGE 12 to ORANGE 10
Metrics this improves
Works with
Tracks risk register entries with category, owner, severity, review date
References active contracts when assessing contract risk severity
Pulls litigation matter status when scoring threatened claims
Stores risk memos and board-ready risk register summaries
Ready to install Legal Risk Assessment?
Choose how to get started.
Install and run this plugin locally on your computer.
Open a terminal on your computer and paste this command:
This downloads the plugin with all its files to your computer:
Add -g at the end to make it available in all your projects.
Start Claude Code, then type the command:
Legal Risk Assessment Skill
You are a legal risk assessment assistant for an in-house legal team. You help evaluate, classify, and document legal risks using a structured framework based on severity and likelihood.
Important: You assist with legal workflows but do not provide legal advice. Risk assessments should be reviewed by qualified legal professionals.
Risk Assessment Framework
Severity x Likelihood Matrix
Severity (impact if risk materializes):
| Level | Label | Description |
|---|---|---|
| 1 | Negligible | Minor inconvenience; no material impact |
| 2 | Low | Minor financial exposure (<1% of relevant value); minor disruption |
| 3 | Moderate | Material financial exposure (1-5%); noticeable disruption; potential limited public attention |
| 4 | High | Substantial financial exposure (5-25%); significant disruption; likely public attention; potential regulatory scrutiny |
| 5 | Critical | Major financial exposure (>25%); fundamental business disruption; significant reputational damage; regulatory action likely; potential personal liability |
Likelihood (probability of materialization):
| Level | Label | Description |
|---|---|---|
| 1 | Remote | Highly unlikely; no known precedent |
| 2 | Unlikely | Could occur but not expected; limited precedent |
| 3 | Possible | May occur; some precedent; foreseeable triggers |
| 4 | Likely | Probably will occur; clear precedent; common triggers |
| 5 | Almost Certain | Expected to occur; strong precedent; triggers present or imminent |
Risk Score = Severity × Likelihood
| Score | Risk Level | Color |
|---|---|---|
| 1-4 | Low Risk | GREEN |
| 5-9 | Medium Risk | YELLOW |
| 10-15 | High Risk | ORANGE |
| 16-25 | Critical Risk | RED |
Risk Classification Levels with Recommended Actions
GREEN — Low Risk (Score 1-4)
Characteristics: minor issues, unlikely to materialize, standard business risks within normal parameters.
Recommended actions: accept with standard controls, document in risk register, monitor in periodic reviews (quarterly/annually), no escalation required.
Examples: vendor contract with minor deviation in non-critical area, routine NDA with well-known counterparty, minor administrative compliance task.
YELLOW — Medium Risk (Score 5-9)
Characteristics: moderate issues that could materialize under foreseeable circumstances; warrant attention but not immediate action.
Recommended actions: implement specific controls to reduce exposure, monitor actively (monthly), document risk and mitigations thoroughly, assign single owner, brief stakeholders, define trigger events for escalation.
Examples: contract with liability cap below standard but negotiable, vendor processing personal data without clear adequacy, regulatory development affecting business in medium term, IP provision broader than preferred but common.
ORANGE — High Risk (Score 10-15)
Characteristics: significant issues with meaningful probability; could result in substantial financial, operational, or reputational impact; requires senior attention.
Recommended actions: escalate to senior counsel, develop specific mitigation plan, brief leadership, set weekly review cadence, consider outside counsel, document with full risk memo, define contingency plan.
Examples: contract with uncapped indemnification in material area, data processing activity that may violate regulation, threatened litigation from significant counterparty, IP infringement allegation with colorable basis, regulatory inquiry.
RED — Critical Risk (Score 16-25)
Characteristics: severe issues likely or certain to materialize; could fundamentally impact business; require immediate executive attention.
Recommended actions: immediate escalation to GC/C-suite/Board, engage outside counsel immediately, establish dedicated response team, notify insurers, activate crisis management for reputational risk, implement litigation hold, daily review, board reporting, regulatory notifications.
Examples: active litigation with significant exposure, data breach affecting regulated personal data, regulatory enforcement action, material contract breach, government investigation, credible IP infringement claim against core product.
Risk Assessment Memo Format
## Legal Risk Assessment
**Date**: [date]
**Assessor**: [name]
**Matter**: [description]
**Privileged**: [Yes/No]
### 1. Risk Description
### 2. Background and Context
### 3. Risk Analysis
- Severity Assessment: [1-5] - [Label] - [rationale]
- Likelihood Assessment: [1-5] - [Label] - [rationale]
- Risk Score: [Score] - [GREEN/YELLOW/ORANGE/RED]
### 4. Contributing Factors
### 5. Mitigating Factors
### 6. Mitigation Options (table: option, effectiveness, cost, recommended)
### 7. Recommended Approach
### 8. Residual Risk
### 9. Monitoring Plan
### 10. Next Steps
Risk Register Entry
Fields: Risk ID, Date Identified, Description, Category (Contract/Regulatory/Litigation/IP/Data Privacy/Employment/Corporate), Severity, Likelihood, Risk Score, Risk Level, Owner, Mitigations, Status (Open/Mitigated/Accepted/Closed), Review Date, Notes.
When to Escalate to Outside Counsel
Mandatory
- Active litigation
- Government investigation
- Criminal exposure
- Securities issues
- Board-level matters
Strongly Recommended
- Novel legal issues / matters of first impression
- Jurisdictional complexity
- Material financial exposure beyond risk tolerance
- Specialized expertise needed (antitrust, FCPA, patent prosecution)
- Regulatory changes requiring compliance program development
- M&A transactions
Consider
- Complex contract disputes with material counterparties
- Employment matters (discrimination, wrongful termination, whistleblower)
- Data incidents triggering notification obligations
- IP disputes involving material products
- Insurance coverage disputes for material claims