SkillCheck validator, Cursor exports, and per-agent installers (#27)
Three more learnings from alirezarezvani/claude-skills, applied: 1. SkillCheck validator (scripts/skillcheck.mjs) — validates every SKILL.md against the authoring standard (frontmatter, name/folder match, trigger + produces clauses, required headings) plus tier referential integrity. Errors fail CI; --strict fails on warnings too. New skillcheck.yml workflow and a SkillCheck status badge in the README. Current: 0 errors / 14 advisory warnings across 172 skills. 2. Cursor export platform — build-exports.mjs now generates exports/cursor/<bundle>/<skill>/<skill>.mdc rule files. The PLATFORMS registry now supports per-skill filenames (file as a function). 3. Per-agent installers — scripts/install.sh unifies install for claude/hermes/codex/openclaw/cursor (--link, --target, --dry-run, --list). Curl-able one-liners codex-install.sh, openclaw-install.sh, and cursor-install.sh clone the library and install in a single command. README documents the one-line installs and Cursor exports; CHANGELOG and the authoring standard updated. Claude-Session: https://claude.ai/code/session_016JWn5jRD5tcEFKrubjQ6Px Co-authored-by: Claude <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,116 @@
|
||||
---
|
||||
description: "Generate a prioritised compliance checklist for GDPR, SOC 2, ISO 27001, FCA, HIPAA, or other frameworks with a gap analysis. Use when asked for a compliance checklist, gap analysis, readiness assessment, or audit preparation for any regulatory framework. Produces a structured checklist with prioritised gaps, quick wins, and evidence requirements. Optimised for Opus 4.7 and newer models. Not a substitute for legal or compliance professional advice."
|
||||
globs:
|
||||
alwaysApply: false
|
||||
---
|
||||
|
||||
# Compliance Checklist Skill
|
||||
|
||||
Produces a prioritised compliance checklist for any regulatory framework — with gap analysis, evidence requirements, and quick wins identified.
|
||||
|
||||
ALWAYS include this disclaimer at the start of every response:
|
||||
"WARNING: This checklist is for informational and planning purposes only and does not constitute legal or compliance advice. Regulatory requirements change and vary by jurisdiction. Always engage a qualified compliance professional or solicitor before implementing compliance programmes or making regulatory claims."
|
||||
|
||||
## Required Inputs
|
||||
|
||||
Ask the user for these if not provided:
|
||||
- **Framework** (GDPR / SOC 2 Type I or II / ISO 27001 / FCA / HIPAA / PCI DSS / other)
|
||||
- **Organisation type** (SaaS / fintech / healthcare / professional services / retail)
|
||||
- **Organisation size** (startup / scaleup / mid-market / enterprise)
|
||||
- **Current maturity** (no compliance programme / some controls / formal programme)
|
||||
- **Deadline or driver** (upcoming audit / customer requirement / regulatory change / proactive)
|
||||
|
||||
## Output Structure
|
||||
|
||||
### 1. Framework Overview
|
||||
|
||||
**Framework:** [Name with version]
|
||||
**Applicable because:** [One sentence — why this framework applies to this organisation]
|
||||
**Typical timeline to readiness:** [From current maturity to certified/compliant]
|
||||
**Key stakeholders needed:** [Roles that must be involved]
|
||||
|
||||
### 2. Scope Definition
|
||||
|
||||
What is in scope for this checklist:
|
||||
- [Specific systems / processes / data types]
|
||||
|
||||
What is NOT in scope (explicit exclusions):
|
||||
- [Specific exclusions]
|
||||
|
||||
### 3. Control Categories
|
||||
|
||||
For each category relevant to the framework:
|
||||
|
||||
**[Category — e.g. "Access Control"]**
|
||||
|
||||
| Control | Current State | Gap | Priority | Effort |
|
||||
|---|---|---|---|---|
|
||||
| [Specific control requirement] | Not implemented / Partial / Full | [What is missing] | High/Med/Low | Days/Weeks/Months |
|
||||
|
||||
### 4. Gap Analysis Summary
|
||||
|
||||
| Priority | Count | Examples |
|
||||
|---|---|---|
|
||||
| Critical gaps (block certification) | N | [Top 3] |
|
||||
| High priority gaps | N | |
|
||||
| Medium priority gaps | N | |
|
||||
| Quick wins | N | |
|
||||
|
||||
### 5. Quick Wins
|
||||
|
||||
Controls that can be implemented in under 2 weeks with minimal resources:
|
||||
|
||||
1. **[Control]** — [Specific action] — [Owner] — [Days to complete]
|
||||
|
||||
### 6. Evidence Requirements
|
||||
|
||||
For each control area, what documentation will be needed:
|
||||
|
||||
| Control area | Evidence types | Where to source |
|
||||
|---|---|---|
|
||||
| [Area] | [Policies, logs, screenshots, training records] | [System or team] |
|
||||
|
||||
### 7. Implementation Roadmap
|
||||
|
||||
Phase 1 (Weeks 1-4): Critical gaps and quick wins
|
||||
- [Specific deliverables]
|
||||
|
||||
Phase 2 (Weeks 5-12): High-priority gaps
|
||||
- [Specific deliverables]
|
||||
|
||||
Phase 3 (Weeks 13+): Medium priority and continuous improvement
|
||||
- [Specific deliverables]
|
||||
|
||||
### 8. Ongoing Maintenance
|
||||
|
||||
Once certified/compliant, what needs to continue:
|
||||
- [Review frequencies]
|
||||
- [Periodic testing requirements]
|
||||
- [Annual audit expectations]
|
||||
- [Staff training cadence]
|
||||
|
||||
### 9. Common Pitfalls for This Framework
|
||||
|
||||
2-3 specific traps organisations commonly fall into when pursuing this certification — flagged based on the stated maturity level.
|
||||
|
||||
## Quality Checks
|
||||
- [ ] Disclaimer included at start
|
||||
- [ ] Framework-specific controls (not generic)
|
||||
- [ ] Priorities align with organisation size and maturity
|
||||
- [ ] Quick wins clearly separated from complex implementations
|
||||
- [ ] Evidence requirements tied to specific controls
|
||||
|
||||
## Anti-Patterns
|
||||
|
||||
- [ ] Do not omit the legal disclaimer — this checklist does not constitute compliance advice and must never be presented as a substitute for qualified professional review
|
||||
- [ ] Do not generate a generic checklist that is not tailored to the stated framework, organisation type, and maturity level — a SOC 2 checklist for a startup and an enterprise are fundamentally different documents
|
||||
- [ ] Do not list controls without specifying what evidence is required — a control without evidence requirements cannot be audited
|
||||
- [ ] Do not mark a control as "full" implementation when it is partial — overestimating readiness leads to audit failures and regulatory risk
|
||||
- [ ] Do not skip the "common pitfalls" section — this is where organisations most frequently fail audits for the stated framework
|
||||
|
||||
## Example Trigger Phrases
|
||||
- "Create a GDPR compliance checklist for our SaaS"
|
||||
- "Generate a SOC 2 Type II readiness checklist"
|
||||
- "What do we need for ISO 27001 certification?"
|
||||
- "FCA compliance checklist for a fintech startup"
|
||||
- "HIPAA gap analysis for a healthtech scaleup"
|
||||
@@ -0,0 +1,81 @@
|
||||
---
|
||||
description: "Review and summarise any contract or legal agreement. Use when asked to review a contract, check an agreement, flag legal risks, or summarise key clauses. Produces a structured review with key terms, flagged clauses, risk rating, and plain English summary. Not a substitute for qualified legal advice."
|
||||
globs:
|
||||
alwaysApply: false
|
||||
---
|
||||
|
||||
# Contract Review Skill
|
||||
|
||||
This skill produces a structured contract review identifying key terms, unusual or high-risk clauses, and a plain English summary. Always include the disclaimer that this is not legal advice.
|
||||
|
||||
## Required Inputs
|
||||
- **Contract text or description** (paste or describe)
|
||||
- **Reviewer role** (e.g. the party signing, their legal team, a business owner)
|
||||
- **Contract type** (e.g. SaaS agreement, employment contract, NDA, supplier contract)
|
||||
- **Key concerns** (optional — e.g. "focus on IP ownership and termination clauses")
|
||||
|
||||
## Output Structure
|
||||
|
||||
### 1. Contract Overview
|
||||
- **Type:** [Contract type]
|
||||
- **Parties:** [Party A and Party B]
|
||||
- **Effective date / duration:** [If stated]
|
||||
- **Governing law:** [Jurisdiction]
|
||||
- **Overall risk rating:** Green Low / Amber Medium / Red High
|
||||
|
||||
### 2. Key Terms Summary
|
||||
|
||||
| Term | Detail |
|
||||
|---|---|
|
||||
| Payment / fees | |
|
||||
| Term and renewal | |
|
||||
| Termination rights | |
|
||||
| Liability cap | |
|
||||
| IP ownership | |
|
||||
| Confidentiality | |
|
||||
| Dispute resolution | |
|
||||
|
||||
### 3. Flagged Clauses
|
||||
|
||||
For each flagged clause:
|
||||
|
||||
**[Risk level] — [Clause name]**
|
||||
- **What it says:** [Plain English summary]
|
||||
- **Why it matters:** [Risk or implication]
|
||||
- **Suggested action:** [Negotiate / Accept / Seek legal advice / Query]
|
||||
|
||||
### 4. Missing Clauses
|
||||
List any standard clauses absent but normally expected for this contract type.
|
||||
|
||||
### 5. Plain English Summary
|
||||
3-5 sentences. What does this contract mean for the party signing it?
|
||||
|
||||
### 6. Recommended Next Steps
|
||||
- [Action 1]
|
||||
- [Action 2]
|
||||
|
||||
---
|
||||
|
||||
WARNING: This review is for informational purposes only and does not constitute legal advice. Always consult a qualified solicitor or lawyer before signing any legally binding agreement.
|
||||
|
||||
## Quality Checks
|
||||
|
||||
- [ ] Overall risk rating is justified (not just "Medium" without reasons)
|
||||
- [ ] All flagged clauses have a specific recommended action (not just "read this")
|
||||
- [ ] Missing clauses section is completed for this contract type
|
||||
- [ ] Plain English summary can be understood by a non-lawyer
|
||||
- [ ] Disclaimer is included
|
||||
|
||||
## Anti-Patterns
|
||||
|
||||
- [ ] Do not provide legal advice or suggest the review substitutes for qualified legal counsel
|
||||
- [ ] Do not skip flagging unusual or one-sided clauses because they appear standard
|
||||
- [ ] Do not omit a plain-English summary — legal jargon alone is not useful output
|
||||
- [ ] Do not rate risk without explaining what specifically drives that rating
|
||||
- [ ] Do not ignore missing clauses — absence of key protections is itself a risk
|
||||
|
||||
## Example Trigger Phrases
|
||||
- "Review this contract: [paste]"
|
||||
- "Flag the key risks in this agreement"
|
||||
- "Summarise this SaaS contract in plain English"
|
||||
- "What should I watch out for in this supplier agreement?"
|
||||
@@ -0,0 +1,81 @@
|
||||
---
|
||||
description: "Draft a structured legal brief, case summary, or legal argument outline. Use when asked to write a legal brief, case note, legal memo, argument outline, or position paper. Produces a structured document using IRAC format (Issue, Rule, Application, Conclusion)."
|
||||
globs:
|
||||
alwaysApply: false
|
||||
---
|
||||
|
||||
# Legal Brief Skill
|
||||
|
||||
This skill drafts structured legal briefs and memos using IRAC format — the standard structure for legal writing.
|
||||
|
||||
## Required Inputs
|
||||
- **Brief type** (legal memo / case summary / argument outline / position paper / letter before action)
|
||||
- **Legal issue or question**
|
||||
- **Jurisdiction** (England & Wales / US / EU / Other)
|
||||
- **Relevant facts**
|
||||
- **Relevant law or cases** (if known — otherwise flagged as [RESEARCH NEEDED])
|
||||
- **Audience** (internal memo / court submission / client letter)
|
||||
|
||||
## Output Structure
|
||||
|
||||
### Header
|
||||
- **To:** [Recipient]
|
||||
- **From:** [Author]
|
||||
- **Date:** [Date]
|
||||
- **Re:** [Matter reference]
|
||||
- **Confidential:** Subject to legal professional privilege
|
||||
|
||||
### Issue(s)
|
||||
One sentence per legal question:
|
||||
- Issue 1: Whether X constitutes Y under [law]
|
||||
|
||||
### Brief Answer
|
||||
One sentence per issue — conclusion upfront before analysis.
|
||||
|
||||
### Facts
|
||||
Concise relevant facts only. Flag disputed facts.
|
||||
|
||||
### Law (Rule)
|
||||
- Relevant statute, regulation, or case law
|
||||
- How the rule has been interpreted in key cases
|
||||
- Flag [RESEARCH NEEDED] where law is not provided
|
||||
|
||||
### Application
|
||||
- Arguments in favour
|
||||
- Counter-arguments and responses
|
||||
- Areas of uncertainty flagged explicitly
|
||||
|
||||
### Conclusion
|
||||
- Clear answer to each issue
|
||||
- Overall recommendation
|
||||
- Suggested next steps
|
||||
|
||||
### Caveats
|
||||
What this memo does not cover. What additional research would change the analysis.
|
||||
|
||||
---
|
||||
|
||||
WARNING: This draft requires review by a qualified legal professional. It does not constitute legal advice.
|
||||
|
||||
## Quality Checks
|
||||
|
||||
- [ ] Issue is stated as a specific legal question (not a general topic)
|
||||
- [ ] Brief answer appears before the analysis (conclusion upfront)
|
||||
- [ ] Disputed facts are explicitly flagged
|
||||
- [ ] Areas of legal uncertainty are noted (not hidden in confident language)
|
||||
- [ ] Caveats section lists what would change the analysis
|
||||
- [ ] Disclaimer is included
|
||||
|
||||
## Anti-Patterns
|
||||
|
||||
- [ ] Do not present uncertain legal positions with confident language — areas of legal ambiguity must be flagged explicitly, not smoothed over
|
||||
- [ ] Do not omit the disclaimer — every legal brief output must include the professional review caveat before the user treats it as advice
|
||||
- [ ] Do not structure the brief chronologically — IRAC format (Issue, Rule, Application, Conclusion) must be used regardless of how the user framed the request
|
||||
- [ ] Do not cite cases or statutes from memory without flagging them as [REQUIRES VERIFICATION] — hallucinated citations are worse than no citations
|
||||
- [ ] Do not conflate jurisdiction — legal positions in England & Wales, US, and EU can differ materially; always confirm jurisdiction before stating the rule
|
||||
|
||||
## Example Trigger Phrases
|
||||
- "Draft a legal memo on [issue]"
|
||||
- "Write a legal brief arguing [position]"
|
||||
- "Summarise the legal position on [topic]"
|
||||
- "Write a letter before action for [situation]"
|
||||
@@ -0,0 +1,77 @@
|
||||
---
|
||||
description: "Analyses a Non-Disclosure Agreement clause by clause and flags unusual terms, one-sided provisions, and negotiation points. Use when reviewing an NDA, mutual NDA, confidentiality agreement, or non-disclosure deed before signing or countering. Produces a plain English verdict, clause-by-clause risk analysis, and a prioritised negotiation checklist — always with a disclaimer that qualified legal advice is required before signing."
|
||||
globs:
|
||||
alwaysApply: false
|
||||
---
|
||||
|
||||
# NDA Analyser Skill
|
||||
|
||||
NDAs are often treated as routine paperwork but contain terms with significant long-term consequences. This skill analyses them systematically.
|
||||
|
||||
## Required Inputs
|
||||
- **NDA text** (paste in full or describe key clauses)
|
||||
- **Your party position** (disclosing / receiving / mutual)
|
||||
- **Purpose of the NDA** (e.g. pre-sales, hiring, M&A, partnership)
|
||||
- **Industry context** (optional)
|
||||
|
||||
## Output Structure
|
||||
|
||||
### 1. NDA Type and Parties
|
||||
- **Type:** Unilateral / Mutual
|
||||
- **Disclosing party:** [Name]
|
||||
- **Receiving party:** [Name]
|
||||
- **Purpose:** [As stated]
|
||||
- **Governing law:** [Jurisdiction]
|
||||
- **Term:** [Duration of obligations]
|
||||
|
||||
### 2. Definition of Confidential Information
|
||||
- **How broadly defined?** Narrow / Standard / Very broad
|
||||
- **Oral disclosures included?** Yes / No / With conditions
|
||||
- **Standard exclusions present?** [public domain, prior knowledge, independently developed, legally required disclosure]
|
||||
- **Flag:** [Unusual inclusions or missing exclusions]
|
||||
|
||||
### 3. Key Clause Analysis
|
||||
|
||||
**[Clause name] — Concern / Watch / Standard**
|
||||
- **What it says:** [Plain English]
|
||||
- **Issue:** [Why flagged]
|
||||
- **Standard position:** [What this typically looks like]
|
||||
- **Negotiation suggestion:** [If applicable]
|
||||
|
||||
Clauses always covered: permitted use, non-solicitation/non-compete, term and post-termination obligations, return/destruction of information, remedies, liability, residuals clause.
|
||||
|
||||
### 4. Negotiation Checklist
|
||||
|
||||
| Point | Current position | Suggested ask |
|
||||
|---|---|---|
|
||||
| [e.g. Confidentiality term] | [e.g. 5 years] | [e.g. Reduce to 2 years] |
|
||||
|
||||
### 5. Plain English Verdict
|
||||
2-3 sentences. Standard NDA, one-sided, or needs a lawyer?
|
||||
|
||||
---
|
||||
|
||||
WARNING: This analysis is for informational purposes only and is not legal advice. Consult a qualified solicitor before signing.
|
||||
|
||||
## Quality Checks
|
||||
|
||||
- [ ] Definition of confidential information assessed for scope (narrow / standard / very broad)
|
||||
- [ ] Residuals clause checked (allows memory use of disclosed information — high-risk)
|
||||
- [ ] Non-solicitation / non-compete provisions flagged
|
||||
- [ ] Post-termination obligations duration noted
|
||||
- [ ] Plain English verdict given (standard / one-sided / needs lawyer)
|
||||
- [ ] Disclaimer is included
|
||||
|
||||
## Anti-Patterns
|
||||
|
||||
- [ ] Do not present the analysis as legal advice — the disclaimer must appear prominently and the output must recommend qualified legal review before any signing decision
|
||||
- [ ] Do not skip the residuals clause check — residuals clauses allow the receiving party to use disclosed information from memory, which is one of the highest-risk provisions in any NDA
|
||||
- [ ] Do not evaluate only the clauses explicitly flagged by the user — a complete analysis must cover all standard clause types even if the user only asked about one
|
||||
- [ ] Do not assess breadth of the confidentiality definition without checking for oral disclosure coverage — oral disclosures with no written confirmation requirement are a common enforcement gap
|
||||
- [ ] Do not omit the plain English verdict — a clause-by-clause analysis without a summary conclusion leaves the user unable to act on the findings
|
||||
|
||||
## Example Trigger Phrases
|
||||
- "Analyse this NDA"
|
||||
- "Review this confidentiality agreement"
|
||||
- "Is this NDA standard or unusual?"
|
||||
- "What should I negotiate in this mutual NDA?"
|
||||
Reference in New Issue
Block a user