ClawHub

Incident Response Playbook

v1.0.0

Guides business and IT teams through incident detection, severity classification, containment, resolution, communication, and post-mortem with automated time...

0· 754·2 current·2 all-time
by@1kalin
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name and the SKILL.md content align: it describes classification, checklists, communication plans, timelines, and post-mortems. No unrelated credentials, binaries, or installs are required.
Instruction Scope
Runtime instructions are limited to generating playbooks, timelines, and communication plans based on user-provided incident descriptions. The SKILL.md does not tell the agent to read system files, access environment variables, or contact hidden endpoints.
Install Mechanism
There is no install spec and no code files—this is instruction-only, so nothing is written to disk or downloaded during install.
Credentials
The skill requires no environment variables, credentials, or config paths. Suggested integrations (PagerDuty, Datadog, Grafana) are referenced generically and are not required by the skill itself.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It uses the platform's normal autonomous-invocation model by default.
Assessment
This skill is an instruction-only incident response playbook and appears internally consistent. Before installing or using it, avoid pasting sensitive PII or credentials into prompts, verify any recommended actions against your organization's runbooks and change control policies, and be cautious if you later connect the agent to real monitoring/notification systems (PagerDuty, Datadog, etc.) — those integrations will require separate credentials and should be granted using least privilege. If you want higher assurance, review the external links (afrexai-cto.github.io) and confirm the publisher's trustworthiness.

Like a lobster shell, security has layers — review code before you run it.

devopsvk973abtgn1a9qz3kpcfehe83sn812h8jincidentvk973abtgn1a9qz3kpcfehe83sn812h8jlatestvk973abtgn1a9qz3kpcfehe83sn812h8joperationsvk973abtgn1a9qz3kpcfehe83sn812h8joutagevk973abtgn1a9qz3kpcfehe83sn812h8jpost-mortemvk973abtgn1a9qz3kpcfehe83sn812h8jresponsevk973abtgn1a9qz3kpcfehe83sn812h8jsecurityvk973abtgn1a9qz3kpcfehe83sn812h8jsrevk973abtgn1a9qz3kpcfehe83sn812h8j
754downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@1kalin
devopsincidentlatestoperationsoutagepost-mortemresponsesecuritysre
Download

Incident Response Playbook

Structured incident response for business and IT teams. Guides you through detection, triage, containment, resolution, and post-mortem — with auto-generated timelines and action items.

What It Does

When triggered with an incident description, this skill:

  1. Classifies severity (P1-P4) based on impact and urgency
  2. Generates a response checklist tailored to incident type (outage, data breach, security event, service degradation, vendor failure)
  3. Builds a communication plan — who to notify, when, what channels
  4. Creates a real-time timeline as you log updates
  5. Produces a post-mortem template with root cause analysis and prevention steps

Usage

Tell your agent about an incident:

"Production API is returning 500 errors for 20% of requests. Started 10 minutes ago."

Or trigger proactively:

"Create an incident response plan for a potential data breach scenario"

Incident Types Covered

  • Service outages — full or partial downtime
  • Security incidents — breaches, unauthorized access, phishing
  • Data incidents — corruption, loss, privacy violations
  • Vendor failures — third-party SLA breaches
  • Performance degradation — latency spikes, capacity issues

Severity Matrix

LevelImpactResponse TimeEscalation
P1 - CriticalBusiness stoppedImmediateExecutive + all hands
P2 - HighMajor feature down< 30 minEngineering lead + PM
P3 - MediumDegraded experience< 2 hoursOn-call team
P4 - LowMinor issueNext business dayTicket queue

Response Framework

1. Detection & Triage (First 5 minutes)

  • Confirm the incident is real (not a false alarm)
  • Classify severity using the matrix above
  • Assign incident commander
  • Open a dedicated communication channel

2. Containment (First 30 minutes)

  • Identify blast radius — what's affected?
  • Apply immediate mitigation (rollback, feature flag, scaling)
  • Communicate status to stakeholders

3. Resolution

  • Root cause investigation
  • Implement fix with verification
  • Monitor for recurrence
  • Update all stakeholders

4. Post-Mortem (Within 48 hours)

  • Timeline of events
  • Root cause analysis (5 Whys)
  • What went well / what didn't
  • Action items with owners and deadlines
  • Process improvements

Integration

Works with any monitoring stack. Feed alerts from PagerDuty, Datadog, Grafana, or manual reports.

Pro Tip

Pair this with a full AI Operations Context Pack for your industry. Pre-built incident taxonomies, compliance-aware escalation paths, and automated stakeholder templates.

Browse packs: https://afrexai-cto.github.io/context-packs/

Free tools:

Comments

Loading comments...