ClawHub

Cyber Ir Playbook

v0.1.0

Build incident response timelines and report packs from event logs. Use for detection-to-recovery reporting, phase tracking, and stakeholder-ready incident s...

0· 292·2 current·2 all-time
byMuhammad Mazhar Saeed@0x-professor
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and included files (reference guide and a Python report generator) align: the bundled script ingests event JSON and produces timeline reports. No unrelated binaries, env vars, or external services are requested.
Instruction Scope
SKILL.md instructs running the included script and reading the provided phase guide; the script only reads a user-supplied input file (max 1 MiB) and writes an output artifact in the chosen format. Note: the script will write to whatever output path is supplied, so callers should avoid pointing it at sensitive system files or locations where overwriting is dangerous.
Install Mechanism
No install spec — the skill is instruction + a small Python script. No remote downloads or package installs are declared, which keeps install risk low. Users need a Python runtime to execute the script.
Credentials
The skill requests no environment variables, credentials, or config paths. The script does not read environment variables or network endpoints; required data is provided via the input file argument.
Persistence & Privilege
always is false and the skill does not attempt to persist configuration, modify other skills, or elevate privileges. It operates only on files passed to it.
Assessment
This skill appears coherent and low-risk: it converts user-supplied event JSON into timeline reports and ships with a small Python script and a phase guide. Before running, (1) review the script yourself (it's short and readable) and ensure you run it in a trusted environment with a Python 3 runtime, (2) only pass input files you trust (logs may contain sensitive data), and (3) specify an output path that won't overwrite important system or sensitive files. If you need networked or automated ingestion of live logs, inspect or extend the skill carefully — as provided it does not perform any network I/O or credential handling.

Like a lobster shell, security has layers — review code before you run it.

latestvk97df5q762t1efjfb07q7n920981w19y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Cyber IR Playbook

Overview

Convert incident events into a standardized response timeline and phase-based report.

Workflow

  1. Ingest incident events with timestamps.
  2. Classify events into detection, containment, eradication, recovery, or post-incident phases.
  3. Build ordered timeline and summarize current phase completion.
  4. Produce a report artifact for internal and executive audiences.

Use Bundled Resources

  • Run scripts/ir_timeline_report.py to generate a deterministic timeline report.
  • Read references/ir-phase-guide.md for phase mapping guidance.

Guardrails

  • Focus on defensive incident handling and post-incident learning.
  • Do not provide offensive exploitation instructions.

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…