ClauseLens MCP
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@ClauseLens MCPAnalyze contract https://example.com/contract from buyer perspective"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
ClauseLens MCP
ClauseLens turns any MCP-capable AI (Claude, Cursor, etc.) into a contract analyst. Point it at a lease, NDA, employment offer, SaaS agreement, or Terms of Service and it walks the AI through a disciplined workflow: fetch the document, split it into clauses, classify each against a risk taxonomy, score severity from your side of the deal, and β critically β verify every quote is real before showing it to you.
It's a remote Model Context Protocol server. The connecting AI does all the reasoning; the server just gives it sharp, safe tools and a rigorous process to follow.
π Live server:
https://clauselens-mcp-production.up.railway.app/mcpNo sign-up, no API key β add the URL to Claude and start analyzing.
Why it's built this way
Three design decisions make ClauseLens different from "just paste your contract into ChatGPT":
Zero server-side LLM calls. The server never talks to an LLM and needs no
ANTHROPIC_API_KEY. All intelligence lives in the AI that connects to it. The server's job is to be a trustworthy instrument β fetch, segment, verify β not a second brain. This makes it cheap, fast, stateless, and model-agnostic.Grounding guardrail against hallucination. AIs love to paraphrase and occasionally invent contract language. ClauseLens forces the model to call
verify_spansand prove every quote it intends to show appears verbatim at the exact character offsets in the source. Anything that doesn't verify gets dropped. You never see a fabricated clause.No document retention. Contracts are sensitive. Every byte is processed in memory during the request and then gone β nothing is stored, logged, or persisted. Ever.
Related MCP server: clio-mcp
How it works
The analysis flow
When you ask Claude to "analyze this contract," the analyze_contract prompt injects a 7-step workflow that drives the tools in order:
You: "Analyze this freelance agreement from the contractor's side: <url>"
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β 1. fetch_document(url) β clean text (SSRF-hardened) β
β 2. segment_clauses(text) β clauses w/ exact char offsets β
β 3. read clauselens://taxonomy + severity-rubric resources β
β 4. classify each clause against the 15 risk categories β
β 5. judge risk FROM THE CHOSEN SIDE (contractor here) β
β 6. score severity (lowβcritical) + confidence (0.0β1.0) β
β 7. verify_spans(text, quotes) β drop anything not verbatim β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
You get: an overall risk score, a severity breakdown, and per-clause
findings β each with a verbatim quote, plain-English meaning, why it
matters to you, and what you might do about it.The AI is told to pick a side first (tenant vs. landlord, contractor vs. client), because the same indemnification clause that endangers a freelancer protects the company. Risk is always relative to who's signing.
System architecture
βββββββββββββββββββββββ
β Claude / Cursor β does all reasoning Β· zero server-side LLM calls
βββββββββββ¬ββββββββββββ
β HTTPS Β· Streamable HTTP (MCP)
βΌ
βββββββββββββββββββββββ
β Railway β TLS termination Β· public HTTPS URL
βββββββββββ¬ββββββββββββ
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β FastMCP 3.x (Streamable HTTP transport) β
β β
β Middleware β
β β’ IP rate limiting (60 req/hr, returns 429) β
β β’ /health bypass β
β β
β Tools β
β fetch_document β SSRF-hardened, streaming, capped fetch β
β segment_clauses β offset-exact clause splitter β
β verify_spans β verbatim-quote grounding guardrail β
β get_risk_taxonomyβ the 15-category risk reference β
β β
β Resources β
β clauselens://taxonomy (15 risk categories) β
β clauselens://severity-rubric (low / med / high / crit) β
β β
β Prompt β
β analyze_contract (injects the 7-step workflow) β
β β
β No document retention β everything in-memory β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββIntegrating with AI tools
Claude.ai (web)
Go to Settings β Connectors β Add custom connector
Name it
ClauseLensand paste the URL:https://clauselens-mcp-production.up.railway.app/mcpClick Add / Connect β no sign-in required.
Start a chat and try: "Use ClauseLens to analyze this Terms of Service from the customer's side: https://example.com/terms"
Claude Desktop
Add to ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):
{
"mcpServers": {
"clauselens": {
"url": "https://clauselens-mcp-production.up.railway.app/mcp"
}
}
}Restart Claude Desktop. ClauseLens tools appear in the π menu.
Cursor
In Settings β MCP β Add new MCP server, choose transport HTTP and enter the same URL. ClauseLens tools become available to the agent.
Any MCP client
ClauseLens speaks standard MCP over Streamable HTTP at /mcp. Any compliant client can connect with just the URL β there are no auth headers to configure.
MCP surface reference
Tools
Tool | Description |
| Fetches a public URL and returns cleaned readable text (via trafilatura). SSRF-hardened, streams the body with a 2 MB cap, 10s timeout, 100k-char text cap. Returns |
| Splits contract text into clauses with exact character offsets. Guarantees the invariant |
| Grounding guardrail. Confirms each quoted span matches the source verbatim at its offsets. The AI must drop any clause that fails. Returns |
| Returns the 15 risk categories with definitions and signal language. Returns |
Resources
URI | Description |
| The 15 risk categories in markdown |
| The 4-level severity scale and confidence calibration guidance |
Prompt
analyze_contract(document, is_url=False, perspective=None) β injects the full 7-step analysis workflow.
Parameter | Type | Description |
|
| Contract text, or a URL if |
|
| Whether |
|
| The side you're on (e.g. |
The 15 risk categories
auto_renewal Β· unilateral_change Β· liability_limitation Β· indemnification Β· arbitration_or_class_waiver Β· data_sharing_or_privacy Β· ip_assignment Β· non_compete_or_non_solicit Β· termination_terms Β· payment_fees_penalties Β· confidentiality Β· governing_law_jurisdiction Β· warranty_disclaimer Β· assignment_or_transfer Β· other
Security
SSRF hardening. fetch_document blocks requests to private IP ranges (RFC 1918, loopback, link-local, and cloud metadata endpoints like 169.254.169.254), allows only http/https, and enforces a 10-second timeout. It defends against DNS-rebinding (TOCTOU) by resolving the hostname once and pinning the TCP connection to that validated IP β while preserving the original hostname for TLS SNI and certificate verification. The URL is re-validated on every redirect hop, so a public URL can't 302 you into the internal network.
Memory-exhaustion protection. The response body is streamed and capped at 2 MB β the transfer aborts the instant it crosses the limit, so a hostile server can't push an unbounded payload into memory. Extracted text is further capped at 100k characters.
No document retention. All processing happens in memory during the request lifecycle. No contract text, extracted content, or analysis is stored, logged, or persisted.
Rate limiting. IP-based fixed-window limiter runs in middleware before any tool logic. Default 60 req/hour per IP; returns HTTP 429 when exceeded. Tunable via RATELIMIT_REQUESTS / RATELIMIT_WINDOW_SECONDS.
Scaling note: the rate limiter is in-process, so counters are per-instance and reset on restart β correct for the current single-instance deployment. Multiple replicas would need a shared store (e.g. Redis).
Typed I/O. All tool inputs and outputs are validated through Pydantic models.
Local development
git clone https://github.com/Jaydatta-Bade/clauselens-mcp.git
cd clauselens-mcp
pip install -r requirements.txt
python server.py # serves http://localhost:8000/mcpNo configuration is required β every environment variable is optional (see .env.example).
Running tests
pip install -r requirements-dev.txt
pytest -q44 tests cover SSRF hardening, the streaming size cap, clause segmentation offset-exactness, the grounding guardrail, rate limiting, and schema validation. CI runs them on Python 3.12 and 3.13 on every push.
Deploy your own instance
ClauseLens runs anywhere that serves a Python ASGI app. On Railway:
npm install -g @railway/cli
railway login
railway init
railway upRailway assigns a public HTTPS URL; append /mcp to get your MCP endpoint. Optional env vars:
Variable | Description | Default |
| Requests per window per IP |
|
| Window length in seconds |
|
| Server port (Railway sets this automatically) |
|
Project structure
server.py FastMCP app: tools, resources, prompt, middleware
ratelimit.py in-process IP rate limiter
schemas.py Pydantic models (DocumentText, Clause, Span, β¦)
taxonomy.py the 15 risk categories + severity rubric text
prompts.py the analyze_contract workflow prompt
tools/
fetch.py SSRF-hardened streaming document fetch
segment.py offset-exact clause segmentation
verify.py verbatim-quote grounding guardrail
tests/ 44 tests (pytest)Tech stack
FastMCP 3.x Β· Starlette/ASGI Β· Pydantic v2 Β· httpx Β· trafilatura Β· Railway Β· GitHub Actions
Disclaimer
ClauseLens provides automated information, not legal advice. It can miss issues or misread context. For decisions that matter, consult a qualified lawyer.
License
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Jaydatta-Bade/clauselens-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server