Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From product-legal
Runs structured risk assessment for a single feature when launch review flags novel issues. Analyzes scenarios, likelihood, severity, and mitigations.
npx claudepluginhub anthropics/claude-for-legal --plugin product-legalHow this skill is triggered — by the user, by Claude, or both
Slash command
/product-legal:feature-risk-assessmentThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
**Matter context.** Check `## Matter workspaces` in the practice-level CLAUDE.md. If `Enabled` is `✗` (the default for in-house users), skip the rest of this paragraph — skills use practice-level context and the matter machinery is invisible. If enabled and there is no active matter, ask: "Which matter is this for? Run `/product-legal:matter-workspace switch <slug>` or say `practice-level`." Lo...
Performs deep legal risk assessment for a single feature or product under Turkish product law. Use when launch review flags new/high risk, GC/management decision needed, or regulated sector/AI/KVKK/consumer risk.
Runs structured AI impact assessments with intake, risk analysis, regulatory classification, policy diff, and conditions. Useful for documenting AI systems and compliance decisions.
Generates a Privacy Impact Assessment in house format for new features, products, or processing activities. Guides through necessity check, intake, and structured output with conditions and sign-off routing.
Share bugs, ideas, or general feedback.
Matter context. Check ## Matter workspaces in the practice-level CLAUDE.md. If Enabled is ✗ (the default for in-house users), skip the rest of this paragraph — skills use practice-level context and the matter machinery is invisible. If enabled and there is no active matter, ask: "Which matter is this for? Run /product-legal:matter-workspace switch <slug> or say practice-level." Load the active matter's matter.md for matter-specific context and overrides. Write outputs to the matter folder at ~/.claude/plugins/config/claude-for-legal/product-legal/matters/<matter-slug>/. Never read another matter's files unless Cross-matter context is on.
The launch review is broad. This is deep. When a single issue needs more than a table row — a novel AI feature, a children's product, something a regulator is actively looking at — this skill produces a standalone assessment.
Not every launch needs one. Most don't. This is for the 10% where "PIA done, shipped" isn't the right level of scrutiny.
If none of the above, the launch review is enough. Don't generate paperwork for its own sake.
One paragraph. What the feature does, what's new about it, why it got escalated to a full assessment.
For each distinct risk (aim for 2-5, not 15):
### Risk [N]: [Short name]
**Scenario:** [What would have to happen for this to go wrong. Be specific —
not "data breach" but "the recommendation algo surfaces a user's sensitive
category interest to someone who shouldn't see it because X."]
**Who gets hurt:** [Users? The company? A third party? Specific.]
**How likely:** [Low / Medium / High — with a reason. "Low — would require
both X and Y to fail simultaneously." Not just a vibes rating.]
**How bad if it happens:** [Low / Medium / High — with a reason. "High —
regulatory fine + class action exposure + press" vs. "Low — one angry
tweet, no actual harm."]
**Existing mitigations:** [What already reduces the likelihood or impact]
**Gap:** [What's missing, if anything]
**Residual risk:** [After existing mitigations — is this acceptable or does
it need more?]
Only include if a regulator is actively interested in this space. If so:
Has another company done something similar? What happened?
Don't overweight precedent. Regulators change priorities; one company getting away with something doesn't mean the next one will.
Present 2-3 realistic paths:
| Option | Description | Risk reduction | Cost |
|---|---|---|---|
| A: Ship as designed | [current plan] | None | None |
| B: Ship with [mitigation] | [change] | [how much] | [eng effort, timeline, UX] |
| C: Don't ship [component] | [scope cut] | [how much] | [product impact] |
Pick one. Explain why. Acknowledge what you're trading off.
**Recommended: Option [X]**
[Why. What risk remains. Why that's acceptable. Who accepts it.]
**If the answer is "not my call":** [Who decides, what they need to know]
Before finalizing, check against ~/.claude/plugins/config/claude-for-legal/product-legal/CLAUDE.md → Risk calibration:
/ai-governance-legal:aia-generation [feature] in parallel or
immediately after. The feature risk assessment frames the decision; the AIA
documents the AI system specifically in the format AI governance needs. They're
not duplicates: the FRA is a product-legal decision doc; the AIA is the
governance record./privacy-legal:pia-generation [feature]. The FRA's risk section
will likely overlap with the PIA's — flag that overlap so work isn't duplicated,
but both docs need to exist./ai-governance-legal:vendor-ai-review [vendor agreement] if not already done
during the launch review.Standalone doc, 2-4 pages. Prepend the work-product header from ~/.claude/plugins/config/claude-for-legal/product-legal/CLAUDE.md ## Outputs (it differs by user role — see ## Who's using this).
Not a slide deck, not a memo to file — a decision document someone reads and then decides.
Save where ~/.claude/plugins/config/claude-for-legal/product-legal/CLAUDE.md → Launch review process says review docs go. If the doc is going to be shared with anyone outside the privileged loop (e.g., posted to a broadly-shared ticket), drop the work-product header only for that externally-facing copy and keep the privileged original in the matter file.
If the assessment cites cases, statutes, regulations, or enforcement actions — in the Regulatory landscape or Precedent sections especially — those citations were generated by an AI model and have not been verified against a primary source. Before the decision document goes to a decisionmaker, verify each citation against a legal research tool (Lexis+, Westlaw, CourtListener, or your firm's research platform) for accuracy, good law status, and current enforcement posture. A risk assessment built on a fabricated enforcement action is worse than no assessment.
No silent supplement. If a research query to the configured legal research tool returns few or no results for the regime or precedent the assessment needs, report what was found and stop. Do NOT fill the gap from web search or model knowledge without asking. Say: "The search returned [N] results from [tool]. Coverage appears thin for [regime / precedent]. Options: (1) broaden the search query, (2) try a different research tool, (3) search the web — results will be tagged
[web search — verify]and should be checked against the issuing authority before relying, or (4) flag as unverified and stop. Which would you like?" A lawyer decides whether to accept lower-confidence sources.Source attribution. Tag every citation in the Regulatory landscape and Precedent sections with where it came from:
[Lexis+],[Westlaw],[CourtListener],[regulator site], or the MCP tool name for citations retrieved from a legal research connector;[web search — verify]for web-search citations;[model knowledge — verify]for citations recalled from training data;[user provided]for citations from the feature team. Citations taggedverifycarry higher fabrication risk and should be checked first. Never strip or collapse the tags — the decisionmaker needs to see which citations to verify first.
End with the next-steps decision tree per CLAUDE.md ## Outputs. Customize the options to what this skill just produced — the five default branches (draft the X, escalate, get more facts, watch and wait, something else) are a starting point, not a lock-in. The tree is the output; the lawyer picks.