Contract Risk Analyzer

Contract Risk Analyzer · 合同风险智能审查 — 上传合同PDF，AI自动提取关键条款并标注风险点，输出结构化风险报告（文本摘要 + 关键条款表格 + 🔴🟠🟡三级风险列表）。支持采购/销售/服务/劳动/租赁/保密协议6种合同类型。触发词：合同审查、合同风险、合同分析、合同检查、合同审核

copies: implexa run clawhub/contract-risk-analyzer

view source

installs

stars

karma

SkillRank score ↗

7.2/ 10

evaluated by implexa, claude-haiku-4-5 · 2026-05-26

contract-risk-analyzer automates contract review by extracting text from PDFs, classifying contract type, running structured AI risk analysis, and outputting markdown reports with key terms tables and three-tier risk lists. supports six contract types and tiered features.

structure

9.0

trigger phrases

9.0

procedure

8.0

edge cases

6.0

documentation

7.0

view original SKILL.md from clawhubclick to expand

# Contract Risk Reviewer · 合同风险智能审查

**Trigger Keywords / 触发词：** 合同审查、合同风险、合同分析、合同检查、合同审核、contract review、contract risk

**When to use / 何时使用：**
- User uploads a contract PDF and wants AI-powered risk analysis
- User asks to review/audit/check a contract for risks
- User provides a contract and asks for a structured risk report
- User mentions "合同审查"、"合同风险"、"合同分析"

---

## What this skill does

上传合同 PDF → AI 分析 → 输出结构化风险报告（文本摘要 + 关键条款表格 + 风险点列表）

---

## Workflow

### Step 1 — Receive Contract File

The user uploads a PDF file. Download it to `/tmp/contracts/` using the appropriate tool:

- If the file comes as a Feishu message attachment → use `feishu_im_bot_image` or `feishu_im_user_fetch_resource` with `type=file`
- If the file is a local path → copy or note the path directly
- If the file is a URL → use `web_crawl` or fetch

Store the file in `/tmp/contracts/<uuid>.pdf`.

### Step 2 — Extract Text from PDF

Try in order:

1. **PyMuPDF (fitz)** — best for text-based PDFs:
   ```python
   import fitz
   doc = fitz.open(pdf_path)
   text = "\n".join(page.get_text() for page in doc)
   ```

2. **pdfplumber** — good for tables:
   ```python
   import pdfplumber
   with pdfplumber.open(pdf_path) as pdf:
       text = "\n".join(page.extract_text() or "" for page in pdf.pages)
   ```

3. **OCR (pytesseract)** — for scanned/image PDFs:
   - Convert PDF pages to images with `pdf2image` or `PyMuPDF` render
   - Run pytesseract with language packs (chi_sim + eng)
   - Fallback to Chinese + English bilingual OCR

If text extraction fails completely or yields < 50 characters, inform the user that the PDF may be a scanned image requiring OCR, and offer to process with OCR.

### Step 3 — Auto-Detect Contract Type

Use the AI model to classify the contract type from extracted text:

- 劳动合同 (Labor/Employment Contract)
- 采购合同 (Purchase/Procurement Contract)
- 销售合同 (Sales Contract)
- 租赁合同 (Lease/Rental Contract)
- 保密协议 (NDA/Confidentiality Agreement)
- 其他 (Other)

Also detect language: 中文 / English / Bilingual.

### Step 4 — AI Risk Analysis

Build a structured prompt for the AI model. Use `model` parameter from user's session or default to `minimax/MiniMax-M2`.

**Prompt Structure:**

```
# Contract Risk Analysis

## Contract Type: [detected type]
## Language: [Chinese / English / Bilingual]

## Contract Text:
[extracted text, truncated to last 8000 characters if too long]

---

Please analyze this contract and return a structured JSON report:

{
  "summary": "200-word-or-less summary of the contract's core content",
  "contract_type": "detected contract type",
  "language": "detected language",
  "key_terms": {
    "parties": ["Party A", "Party B", ...],
    "contract_value": "amount if stated, otherwise 'Not specified'",
    "payment_terms": "payment conditions summary",
    "duration": "contract duration/term",
    "termination": "termination conditions",
    "breach_penalties": "breach of contract penalties",
    "dispute_resolution": "dispute resolution clause",
    "governing_law": "applicable law/jurisdiction"
  },
  "risk_report": [
    {
      "level": "HIGH",    // HIGH / MEDIUM / LOW
      "category": "payment/termination/liability/confidentiality/other",
      "title": "Risk title",
      "description": "Detailed risk description",
      "clause_reference": "Which clause/section this risk comes from",
      "recommendation": "What the user should do about this risk"
    }
  ],
  "overall_score": 1-10,   // Risk score: 1=very low risk, 10=very high risk
  "overall_assessment": "Brief overall risk assessment paragraph"
}

IMPORTANT:
- Be strict and thorough — do not minimize real risks
- Classify risks as HIGH only if they involve significant financial loss, legal liability, or irreversible consequences
- If no risks found, return empty risk_report array
- This is NOT legal advice — include a disclaimer in the response to the user
```

### Step 5 — Format and Deliver Results

Render the results as a well-formatted markdown report:

```
## 📄 合同风险审查报告

**合同类型：** [类型]
**语言：** [语言]
**整体风险评分：** [X/10] — [低/中/高]

---

### 📋 文本摘要

[200字以内摘要]

---

### 🔑 关键条款

| 条款 | 内容 |
|------|------|
| 当事人 | ... |
| 合同金额 | ... |
| 付款条件 | ... |
| 合同期限 | ... |
| 违约责任 | ... |
| 解除条款 | ... |
| 争议解决 | ... |
| 适用法律 | ... |

---

### ⚠️ 风险点列表

#### 🔴 高风险 (X项)

1. **[风险标题]**
   - 条款来源：第X条
   - 风险描述：...
   - 建议措施：...

#### 🟠 中风险 (X项)

...

#### 🟡 低风险 (X项)

...

---

⚠️ **免责声明：** 本报告仅供参考，不构成法律建议。如有法律疑问，请咨询专业律师。

---

📊 **统计数据**
- 文本字数：X字
- 检测到风险：X项（高X / 中X / 低X）
- 合同语言：中文/英文
- 分析时间：YYYY-MM-DD HH:mm
```

### Step 6 — Save & Export

- Save the full report as `/tmp/contracts/<uuid>_report.md`
- If user requests Excel export (STD plan or above), generate a simple CSV/Excel format
- Send the report to the user via the current channel (Feishu message or direct display)

---

## Tiered Features

| Feature | FREE | STD (¥9.9) | PRO (¥29) | MAX (¥69) |
|---------|------|-----------|-----------|-----------|
| Monthly limit | 3 contracts | 30 contracts | 200 contracts | Unlimited |
| Contract types | Other only | All 6 types | All 6 types | All 6 types |
| Summary + Risk list | ✅ | ✅ | ✅ | ✅ |
| Key terms table | ❌ | ✅ | ✅ | ✅ |
| Excel report export | ❌ | ✅ | ✅ | ✅ |
| Batch processing | ❌ | ❌ | ✅ | ✅ |
| Risk comparison | ❌ | ❌ | ✅ | ✅ |
| API priority | ❌ | ❌ | ❌ | ✅ |

For FREE tier: skip the key terms table, only deliver summary + risk list.

---

## Token Validation

Check the user's token prefix in their session context or configuration:

- Token starting with `CONTRACT-MAX` → full access
- `CONTRACT-PRO` → PRO features
- `CONTRACT-STD` → STD features
- `CONTRACT-FREE` or none → FREE tier

If monthly limit is exceeded, inform the user and suggest upgrading.

---

## Error Handling

| Error | Handling |
|-------|----------|
| PDF extraction yields < 50 chars | Offer OCR processing; if OCR also fails, report failure and suggest providing a text-based PDF |
| AI analysis fails | Return error message; suggest retrying |
| Unsupported file type | Inform user only PDF is supported |
| Token validation missing | Default to FREE tier |

---

## File Requirements

- All uploaded PDFs stored in `/tmp/contracts/` (auto-cleanup optional)
- Reports saved in same directory with `_report.md` suffix
- Do NOT store contract text long-term; clean up after report is delivered

---

## Tech Stack

- **PDF Text:** `PyMuPDF` (fitz) + `pdfplumber`
- **OCR:** `pytesseract` + `pdf2image` (with `chi_sim+eng` language packs)
- **AI Analysis:** OpenAI-compatible API via `openai` Python package
- **Report Export:** `csv` module for Excel CSV format

---

## Skill Metadata

- **Slug:** `contract-risk-reviewer`
- **Name:** 合同风险智能审查 (Contract Risk Reviewer)
- **Platform:** ClawHub (clawhub.ai) + 腾讯Skillhub
- **Entry:** `scripts/analyze_contract.py`
- **Dependencies:** `fitz`, `pdfplumber`, `pytesseract`, `pdf2image`, `openai`

> 如需购买收费版，请访问 [YK-Global.com](https://yk-global.com)

don't have the plugin yet? install it then click "run inline in claude" again.

Contract Risk Analyzer

Item: Contract Risk Analyzer
Rating: 7.2
Author: Implexa

intent

upload a contract pdf and get an ai-driven risk analysis report with key terms extracted and risks flagged by severity. use this when you need to review a contract for legal and financial exposure before signing. supports 6 contract types (labor, procurement, sales, lease, nda, other) in chinese, english, or bilingual documents. trigger keywords: 合同审查, 合同风险, 合同分析, 合同检查, 合同审核, contract review, contract risk.

inputs

file input:

contract pdf file (local path, feishu attachment, or url)
stored in /tmp/contracts/<uuid>.pdf after retrieval

user context:

session token (prefix: CONTRACT-MAX, CONTRACT-PRO, CONTRACT-STD, CONTRACT-FREE) to determine tier and monthly usage quota
model override (optional, defaults to minimax/MiniMax-M2)
language preference (auto-detected but user can override)

external connections:

ai model api (openai-compatible endpoint for contract analysis and classification)
feishu integration (if file comes as im attachment, use feishu_im_bot_image or feishu_im_user_fetch_resource with type=file)
web crawl (if file is remote url)

environment assumptions:

pytesseract + chi_sim and eng language packs installed (for ocr fallback)
pymupdf, pdfplumber, pdf2image, openai python packages available
/tmp/contracts/ directory writable

procedure

step 1: receive and store contract file

inputs: user uploads pdf via message, url, or local path.

process:

if feishu attachment: call feishu_im_bot_image or feishu_im_user_fetch_resource with type=file to download.
if url: use web_crawl or http fetch to download.
if local path: note the path directly.
generate uuid and save to /tmp/contracts/<uuid>.pdf.

outputs: pdf file at /tmp/contracts/<uuid>.pdf, uuid stored for tracking.

step 2: extract text from pdf

inputs: pdf file path from step 1.

process:

attempt pymupdf (fitz): fitz.open(pdf_path), extract text via page.get_text() from all pages. concatenate with newlines.
if fitz extraction succeeds and text length >= 50 characters, proceed to step 3.
if fitz fails or text < 50 characters, attempt pdfplumber: pdfplumber.open(pdf_path), extract text from each page via page.extract_text(), concatenate.
if pdfplumber also fails or text < 50 characters, trigger ocr:
- convert pdf pages to images using pdf2image or fitz rendering.
- run pytesseract with language packs (chi_sim + eng) on each image.
- concatenate ocr results.
if ocr also yields < 50 characters or raises exception, return error to user: "pdf is scanned or corrupted. please provide a text-based pdf or retry with clearer document."

outputs: extracted text string (truncated to last 8000 chars if exceeds). extraction method used (fitz/pdfplumber/ocr). character count.

step 3: auto-detect contract type and language

inputs: extracted text from step 2.

process:

send extracted text (first 2000 chars) to ai model with classification prompt: "classify this contract as one of: 劳动合同, 采购合同, 销售合同, 租赁合同, 保密协议, 其他. also identify language: 中文, English, or Bilingual. respond in json: {contract_type, language}."
parse ai response.

outputs: detected contract_type (string), detected language (string).

step 4: ai risk analysis

inputs: extracted text (step 2), contract_type (step 3), language (step 3), user token (inputs section).

process:

build structured prompt including contract text, type, language.
send to ai model (user's model or default minimax/MiniMax-M2).
ai returns structured json with: summary, key_terms (parties, value, payment, duration, termination, breach_penalties, dispute_resolution, governing_law), risk_report (array of {level, category, title, description, clause_reference, recommendation}), overall_score (1-10), overall_assessment.
apply tier restrictions:
- FREE: skip key_terms table in output, only summary + risk_list.
- STD and above: include key_terms table and all risk details.
- PRO and above: enable risk comparison (if multiple contracts analyzed in session).
- MAX: enable api priority flag (optional, for backend scheduling).

outputs: structured json report with all fields. tier-limited fields applied.

step 5: format and render markdown report

inputs: json report from step 4, extracted text stats, file uuid.

process:

generate markdown report with sections:
- header (contract type, language, overall risk score with 低/中/高 band).
- text summary (200 chars max from json).
- key terms table (if tier allows): 当事人, 合同金额, 付款条件, 合同期限, 违约责任, 解除条款, 争议解决, 适用法律.
- risk list grouped by level (🔴 HIGH, 🟠 MEDIUM, 🟡 LOW), each with title, clause reference, risk description, recommendation.
- stats footer: text word count, risk count by level, language, analysis timestamp.
- disclaimer: "this report is for reference only and is not legal advice. consult a lawyer for legal concerns."
ensure all prose is lowercase, punchy, direct.

outputs: markdown report string. saved to /tmp/contracts/<uuid>_report.md.

step 6: deliver and optionally export

inputs: markdown report from step 5, user token (tier).

process:

send markdown report to user via current channel (feishu im or direct display).
if user requests export and tier allows (STD+):
- generate csv export: columns [risk_level, category, title, clause_reference, description, recommendation].
- include key_terms as separate csv section.
- save to /tmp/contracts/<uuid>_report.csv.
- deliver csv to user.
cleanup: delete /tmp/contracts/<uuid>.pdf and /tmp/contracts/<uuid>_report.* after 24 hours (optional but recommended).

outputs: report delivered to user, export file generated if applicable.

decision points

if file extraction fails or yields < 50 characters:

offer ocr processing. if ocr succeeds, continue to step 3.
if ocr also fails, return error message and suggest providing a text-based pdf or re-uploading.

if ai analysis request times out or returns error:

retry once with same payload.
if retry fails, return error to user. do not attempt to generate report from incomplete data.

if user token is missing or invalid:

default to FREE tier. inform user of tier-limited features (no key terms table, 3-contract monthly limit).

if user token indicates tier but monthly limit is reached:

check usage via session context or token metadata.
if limit exceeded (e.g., free tier user has already analyzed 3 contracts this month), inform user and suggest upgrading. do not process the contract.

if contract language is detected as non-chinese, non-english:

proceed with analysis but note language limitation. ocr fallback may struggle. inform user.

if contract type is unclassifiable or returns "其他":

proceed to ai analysis without type-specific template. risk analysis is still performed broadly.

if extracted text is heavily corrupted (< 100 coherent words after extraction):

skip step 4. return error to user: "contract text is too corrupted to analyze. please provide a clearer pdf."

output contract

success criteria:

markdown report file exists at /tmp/contracts/<uuid>_report.md.
report contains all of the following sections:
- header with contract type, language, overall risk score (X/10) with band (低/中/高).
- text summary of 200 chars or less.
- key terms table with 8 rows (if tier allows; free tier omits this).
- risk list grouped by severity (🔴 HIGH, 🟠 MEDIUM, 🟡 LOW), each risk item includes title, clause reference, description, recommendation.
- footer stats: text word count, risk count breakdown, language, timestamp.
- disclaimer statement.
risk_report json array is non-null (may be empty if no risks detected).
overall_score is integer 1-10.
if tier is STD+, csv export file exists at /tmp/contracts/<uuid>_report.csv with columns: risk_level, category, title, clause_reference, description, recommendation.

data format:

markdown report: utf-8 text, emoji used for visual hierarchy (🔴🟠🟡📄📋🔑⚠️📊).
csv export (if applicable): utf-8 csv with header row, quoted fields for safety.
json intermediate (internal): valid json with utf-8 encoding.

file location:

primary report: /tmp/contracts/<uuid>_report.md.
optional export: /tmp/contracts/<uuid>_report.csv.
cleanup: files deleted after 24 hours or on user request.

outcome signal

the user knows the skill worked when:

markdown report is displayed in chat or sent via channel (feishu im or direct message).
report visually separates risks by color emoji (🔴 🟠 🟡) and includes specific, actionable recommendations.
overall risk score (X/10) is prominently displayed with a band label (低 for 1-3, 中 for 4-6, 高 for 7-10).
key terms table appears (if tier allows) with all 8 clauses populated or marked "not specified".
disclaimer is visible, making clear this is not legal advice.
if user

Contract Risk Analyzer

related skills

Contract Risk Analyzer

intent

inputs

procedure

decision points

output contract

outcome signal