Tutorial22 min read

Claude Cowork Legal Plugin: Contract Review & Compliance Automation

Learn how to use the Claude Cowork Legal plugin for contract review, NDA triage, compliance tracking, and legal risk assessment. Complete step-by-step installation guide and tutorial for legal professionals.

Published on February 3, 2026

The Legal Plugin: A Game-Changer for Legal Teams

When Anthropic released the Legal plugin on February 2, 2026, it sent shockwaves through the legal tech industry. For the first time, a foundation-model company packaged a legal workflow product directly into its platform—rather than merely supplying an API to legal-tech vendors. The Claude Cowork Legal plugin automates contract review, NDA classification, compliance workflows, vendor checks, and legal brief preparation—tasks that traditionally consumed countless billable hours.

The plugin is part of Anthropic's broader Cowork platform, which is described as "Claude Code for the rest of your work." Instead of responding to prompts one at a time, Claude Cowork takes on complex, multi-step tasks and executes them autonomously. You give it access to a folder on your computer, and it can read, edit, and create files in that workspace while it plans and executes work—all running locally in a virtual machine environment on your Mac.

Market Impact: Why the Legal Industry Is Paying Attention

The announcement had an immediate and dramatic impact on the stock market:

  • Thomson Reuters shares fell roughly 16% in the days following the announcement
  • RELX (parent company of LexisNexis) plunged approximately 14%
  • The Jefferies Group called this the "SaaSpocalypse"—a signal that foundation models are now competing directly with established SaaS incumbents
  • Morgan Stanley analysts wrote that Anthropic's entry is "a sign of intensifying competition, and thus a potential negative" for legal tech incumbents

As one industry analyst noted: "The most expert legal practitioners and advisors who have deep skill are going to benefit from this in the short term—these are the folks who have incredible expertise and will now be able to reduce the cost of doing the drudgery."

Who Is the Legal Plugin Built For?

The Claude Cowork Legal plugin is designed for:

  • Commercial Counsel — reviewing vendor and customer agreements
  • Product Counsel — evaluating partnership and licensing deals
  • Privacy & Compliance Teams — monitoring regulatory requirements and data processing agreements
  • Litigation Support — preparing briefs, research memos, and discovery responses
  • In-House Legal Teams — managing high volumes of routine contracts and NDAs

What the Legal Plugin Can Do

  • Contract Review: Analyze contracts clause-by-clause for risks, missing clauses, and deviations from your organization's standards
  • NDA Triage: Quickly classify and prioritize incoming NDAs by risk level
  • Compliance Tracking: Monitor regulatory requirements (GDPR, CCPA, HIPAA) and flag gaps in your agreements
  • Risk Assessment: Flag potential legal issues with a color-coded system (GREEN/YELLOW/RED)
  • Vendor Checks: Verify vendor agreement status and track obligations
  • Brief Preparation: Draft legal summaries, research memos, and incident reports
  • Templated Responses: Generate standardized replies for data subject requests, discovery holds, and other common legal inquiries

Supported Integrations

The Legal plugin connects to your existing tool stack via MCP (Model Context Protocol), Anthropic's open standard for secure, two-way connections between AI tools and external systems:

  • Document Management: Box, Egnyte
  • Project Management: Jira
  • Communication: Slack, Microsoft 365
  • Contract Intelligence: Pramata (see partnership details below)
  • Internal Tools: Custom integrations via MCP connectors

Pramata Partnership: Enterprise Contract Intelligence

In February 2026, Pramata announced an integration with the Claude Cowork Legal plugin, bringing contract intelligence capabilities to enterprise users. This partnership enables Fortune 500 legal, finance, and operations teams to access comprehensive commercial relationship context directly within Claude's interface—giving the AI deep visibility into existing contracts, obligations, and negotiation history.

How to Install the Claude Legal Plugin

There are multiple ways to install the Legal plugin depending on your setup:

Option A: Install via Claude Cowork Desktop (Recommended)

  1. Open the Claude Desktop app on macOS
  2. Switch to the Cowork tab
  3. Click "Plugins" in the left sidebar
  4. Browse the available plugins and find "Legal"
  5. Click Install—it's free for all paid plan users
  6. The plugin activates immediately and its slash commands become available

Option B: Install via CLI (Claude Code)

# Add the official plugin marketplace
claude plugin marketplace add anthropics/knowledge-work-plugins

# Install the Legal plugin
claude plugin install legal@knowledge-work-plugins

Option C: Install from the Web

Navigate to claude.com/plugins/legal and click Install. This will open Claude Desktop and trigger the installation.

Option D: Install from GitHub

The Legal plugin is open source. You can clone it directly from the GitHub repository:

# Clone the open-source plugin repository
git clone https://github.com/anthropics/knowledge-work-plugins

Prerequisites

  • Claude Desktop app for macOS (Windows support expanding in 2026)
  • An active paid subscription: Pro ($20/mo), Max ($100/mo), Team, or Enterprise
  • Cowork feature enabled in your Claude Desktop settings

Managing Your Installation

# List all installed plugins
claude plugin list

# Update all plugins to latest version
claude plugin update --all

# Remove the Legal plugin
claude plugin remove legal@knowledge-work-plugins

Plugins can live in two scopes:

  • User scope: installs to ~/.claude/plugins/ and works across all your projects
  • Project scope: installs to .claude/plugins/ within a specific repository

Configure Document Access

After installation, edit .mcp.json to connect your document management system:

{
  "mcpServers": {
    "box": {
      "command": "npx",
      "args": ["-y", "@anthropic/mcp-server-box"],
      "env": {
        "BOX_CLIENT_ID": "your-client-id",
        "BOX_CLIENT_SECRET": "your-secret"
      }
    }
  }
}

Add Your Standard Templates

Upload your organization's standard contract templates and playbooks to the plugin's skills folder. This tells Claude your preferred positions, escalation rules, and approval thresholds.

All Slash Commands Explained

The Legal plugin provides six primary slash commands:

/legal:review-contract

Comprehensive clause-by-clause contract analysis:

/legal:review-contract [upload contract file]

How it works: Claude analyzes the entire contract before flagging issues, because clauses interact with each other—for example, an uncapped indemnity may be partially mitigated by a broad limitation of liability. Each clause gets a color-coded flag:

  • GREEN: Clause aligns with your playbook—no action needed
  • YELLOW: Clause deviates from preferred terms—review recommended
  • RED: Clause poses significant risk—requires negotiation or escalation

Output includes:

  • Executive summary of contract terms
  • Key terms identification and analysis
  • Risk flags (liability, indemnification, IP, termination)
  • Deviations from your organization's standards
  • Specific redline suggestions with recommended language

/legal:triage-nda

Rapid NDA pre-screening and classification:

/legal:triage-nda [upload NDA]

Output includes:

  • NDA type classification (mutual, one-way, multilateral)
  • Duration, scope, and territorial coverage
  • Risk level assessment (standard, needs review, high risk)
  • Categorization: Standard Approval, Counsel Review, or Full Review
  • Suggested action (approve as-is, modify specific terms, escalate)

/legal:compliance-check

Verify compliance with regulatory requirements:

/legal:compliance-check GDPR data processing agreement

Output includes:

  • Required clauses checklist (with pass/fail status)
  • Missing or incomplete provisions
  • Recommended additions with draft language
  • Relevant regulatory references and citations
  • Cross-references to related agreements

/legal:risk-assessment

Evaluate legal risks in any document:

/legal:risk-assessment vendor agreement for SaaS procurement

Output includes:

  • Risk matrix (high/medium/low) with visual indicators
  • Specific risk areas and their potential impact
  • Mitigation recommendations with alternative language
  • Precedent references where applicable

/legal:vendor-check

Check vendor agreement status and obligations:

/legal:vendor-check Acme Corp current agreement status

Output includes:

  • Current agreement status and expiration dates
  • Key obligations and SLA commitments
  • Renewal terms and auto-renewal flags
  • Outstanding compliance requirements

/legal:brief

Generate contextual legal briefings:

/legal:brief daily summary of pending legal matters

Briefing types:

  • Daily Brief: Summary of pending items, upcoming deadlines, and priority actions
  • Topic Research: In-depth research on specific legal topics or questions
  • Incident Response: Rapid briefing for time-sensitive legal matters

/legal:respond

Create templated responses for common legal inquiries:

/legal:respond data subject access request from EU customer

Response types:

  • Data subject access requests (DSAR)
  • Discovery holds and litigation preservation notices
  • Standard contract inquiries
  • Compliance certification requests

Practical Example: How Contract Review Works

Here's what a typical contract review looks like in practice:

  1. Upload a contract PDF to your Cowork workspace folder
  2. Run /legal:review-contract in the Cowork chat
  3. Claude reads the entire document, understanding how clauses interact
  4. Output: A structured report where each clause is flagged:
    • GREEN clauses that match your playbook—safe to proceed
    • YELLOW clauses that deviate from preferred terms—worth discussing
    • RED clauses that pose significant risk—need negotiation
  5. Redline suggestions with specific alternative language aligned to your organization's standards

The system doesn't just scan for keywords. It understands context—for instance, an uncapped indemnity clause that might look alarming on its own could be partially mitigated by a broad limitation of liability elsewhere in the agreement.

Real-World Workflows

Contract Review Queue

For incoming contracts:

I have 10 vendor contracts to review this week. Triage them by risk level
and give me a summary of the top issues in each.

NDA Processing at Scale

For high-volume NDA requests:

Review these 5 NDAs from potential partners. Which can I approve with
standard terms? Which need modifications?

Compliance Audit Prep

Before audits:

Review our data processing agreements against current GDPR requirements.
Flag any gaps and suggest updates.

M&A Due Diligence

For acquisitions:

Analyze these 50 contracts from the target company. Summarize key
obligations, change of control provisions, and potential liabilities.

Vendor Agreement Monitoring

For ongoing vendor management:

Check all vendor agreements expiring in the next 90 days. Flag any
with auto-renewal clauses and list the notification deadlines.

Regulatory Change Response

When regulations change:

Our data processing agreements were written for GDPR compliance. Review
them against the new requirements under the EU AI Act and flag gaps.

Customization for Your Organization

Add Your Contract Playbook

Create a playbook.md file with your standard positions:

## Indemnification
- Standard position: Mutual indemnification for breaches
- Acceptable: Cap at contract value
- Red line: Unlimited liability

## IP Ownership
- Standard: Customer owns all work product
- Acceptable: Joint ownership with license back
- Red line: Vendor retains any customer data rights

## Limitation of Liability
- Standard: Aggregate cap at 12 months of fees
- Acceptable: Aggregate cap at contract value
- Red line: No limitation of liability clause

## Data Protection
- Standard: Full GDPR-compliant DPA attached
- Acceptable: DPA references with standard clauses
- Red line: No data processing provisions

Define Your Risk Thresholds

Add risk classification rules:

## Auto-Approve Criteria
- Contract value under $10,000
- Standard NDA terms
- Existing approved vendor
- Term under 12 months

## Escalation Triggers
- Unlimited liability provisions
- IP assignment clauses
- Non-standard governing law
- Contracts over $100,000
- Auto-renewal terms exceeding 12 months
- Non-compete or exclusivity provisions

Set Up Routing Rules

Configure automatic routing:

Contracts flagged as high-risk → Senior Counsel
Standard NDAs → Paralegal approval
IP-related agreements → IP Counsel
Data processing agreements → Privacy team
Cross-border contracts → International Counsel

How to Customize the Plugin in Cowork

While viewing an installed plugin in Cowork, click the "Customize" button in the upper right corner. This will automatically prompt Claude to help customize the plugin. Click "Let's go" to start working with Claude to adjust skills, commands, and connectors for your organization.

You can:

  • Add company context: Drop your terminology, org structure, and processes into skill files so Claude understands your world
  • Adjust workflows: Modify skill instructions to match how your team actually does things
  • Connect tools: Edit .mcp.json to point at your specific tool stack

Claude Legal Plugin vs Specialized Legal AI Tools

How does the Legal plugin compare to dedicated legal AI platforms?

vs Harvey AI

Harvey is a purpose-built legal AI platform used by major law firms. It offers deeper legal training and more advanced legal reasoning for complex matters. The Claude Legal plugin is more general-purpose and better suited for in-house teams doing routine contract work—Harvey may be better for novel legal questions or complex litigation.

vs Legora

Legora focuses on legal research and analysis with specialized legal databases. The Claude Legal plugin covers a broader range of workflows (contracts, NDAs, compliance) but may not match Legora's depth in pure legal research.

vs Traditional Legal Tech (DocuSign CLM, Ironclad, Agiloft)

Traditional CLM tools are better for high-volume, production-grade contract management with enterprise audit trails. The Claude Legal plugin excels at flexible, ad-hoc analysis and review tasks where you need AI judgment rather than rigid workflows.

The Bottom Line

As one analyst observed: "A quick, generic review is one thing. A super-detailed one that meets your style, connects to your past data, and can tell you what is market—that's something else. High quality legal tech tools have little to fear here...for now." The real risk is for vendors selling commoditized legal AI skills—those "face something of an existential threat" from free, open-source alternatives.

Best Practices

  1. Start with templates: Upload your standard agreements as reference points for Claude
  2. Build your playbook: Document negotiable vs. non-negotiable terms in markdown files
  3. Human review required: AI assists but never replaces legal judgment—all outputs should be reviewed by licensed attorneys
  4. Track decisions: Log AI suggestions and final decisions for process improvement
  5. Regular updates: Keep skill files current with regulatory changes
  6. Start small: Begin with routine NDAs before moving to complex agreements
  7. Test against known documents: Validate Claude's analysis against contracts you've already reviewed manually

Important Limitations

  • Not legal advice: Output is analysis and workflow assistance, not legal counsel
  • Review required: All outputs should be reviewed by licensed attorneys before action
  • Regulated matters: Anthropic explicitly advises against use for regulated workloads given the agentic nature and internet access of Cowork
  • Research preview: Plugins are currently in "research preview" status
  • Confidentiality: Ensure your organization's data policies allow AI processing of legal documents
  • Desktop required: The Claude Desktop app must remain open for the session to continue
  • Local storage: Plugins are currently saved locally—organization-wide sharing is coming soon
  • Designed for routine work: Best for commercial contracts, NDAs, vendor agreements, and routine legal documents. Complex M&A agreements, securities filings, or novel legal structures still require traditional attorney review.

Security & Ethics

  • Attorney-client privilege: Consider whether AI processing affects privilege protections—consult your organization's ethics guidelines
  • Data retention: Review Anthropic's usage policies to ensure compliance with your data retention requirements
  • Conflict checking: AI review does not replace conflict checking procedures
  • Ethical obligations: All professional ethical obligations remain unchanged when using AI tools
  • Sandbox isolation: Claude Cowork runs in an isolated virtual machine environment for security
  • Permission-based access: You control exactly which folders Claude can access

Frequently Asked Questions

How do I get the Claude Legal Plugin?

Install it from the Cowork Plugins sidebar in Claude Desktop, from claude.com/plugins/legal on the web, or via the CLI with claude plugin install legal@knowledge-work-plugins. A Pro, Max, Team, or Enterprise subscription is required.

Is the Claude Legal Plugin free?

Yes—all 11 official Cowork plugins are open-source and free. However, you need a paid Claude subscription to use Cowork. Plans start at $20/month (Pro).

Does the Legal Plugin replace lawyers?

No. The plugin is a workflow accelerator for legal professionals—it handles routine triage, standardized reviews, and document generation while maintaining human attorney oversight on all substantive decisions. Anthropic's own disclaimer states: "All outputs should be reviewed by licensed attorneys."

What types of contracts can it review?

The plugin is designed for commercial contracts, NDAs, vendor agreements, data processing agreements, and routine legal documents. Complex M&A agreements, securities filings, or novel legal structures still require traditional attorney review.

Can I use it for GDPR compliance?

Yes. The /legal:compliance-check command can review data processing agreements against GDPR requirements, flag missing provisions, and suggest additions. It can also handle CCPA and other regulatory frameworks.

How do I customize it for my organization?

Click "Customize" on the installed plugin in Cowork, or manually edit the skill files and playbook.md to add your standard positions, risk thresholds, and routing rules. See the Customization section above for detailed instructions.

Is my data safe?

Claude Cowork runs in an isolated virtual machine on your Mac. You control which folders Claude can access. Review Anthropic's data policies for details on how data is handled during processing.

Learn about all 11 Claude Cowork plugins →

Security best practices →

Compare Claude Cowork vs RPA tools →

Ready to Get Started?

Put these tips into practice with Claude Cowork.