Incident Commander
v2.1.1Incident Commander Skill
⭐ 0· 829·7 current·7 all-time
byAlireza Rezvani@alirezarezvani
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The skill name, description, README, SKILL.md, templates, sample data, expected outputs, and the included Python scripts all align with an incident response/PIR/runbook generation tool. The requested resources (none) and claimed features match the files present.
Instruction Scope
SKILL.md and README are focused on processing incident descriptions/events and generating reports/runbooks. Some examples and runbook text include commands (curl, kubectl, psql/select statements) and suggestions to pull events from monitoring APIs; these are presented as integration examples or operator runbook steps rather than mandatory automated behavior. Still, the skill instructs agents to run bundled Python scripts on input data and shows examples that could touch external endpoints if the operator follows them.
Install Mechanism
There is no install spec — instruction-only with bundled scripts. Nothing is downloaded from external URLs and no package installs are declared.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. The resources requested are proportionate to the stated purpose.
Persistence & Privilege
always is false and the skill does not request elevated or persistent platform privileges. Model invocation is enabled (default), which is normal for skills and reasonable for this type of tool.
Assessment
This package appears coherent for generating incident classifications, timelines, and PIRs, but it includes substantial bundled Python scripts (non-trivial sizes) that will run on any host that executes them. Before installing or running: 1) Review the actual Python source for any network calls, subprocess.exec usage, or filesystem access beyond processing the provided input files. 2) Run the scripts in a sandboxed environment with sample input first (do not point them at production endpoints). 3) Search the code for hardcoded endpoints, telemetry/phone-home logic, or attempts to read environment/config files. 4) If you plan to integrate with monitoring/CI/CD, only wire in credentials and endpoints after you audit the code. 5) Prefer running with least privilege (non-admin account) and checking outputs against the expected_output files. If you want, provide the contents of the Python scripts and I can scan them for suspicious patterns (network requests, subprocess calls, credential access) and give a more confident judgement.Like a lobster shell, security has layers — review code before you run it.
latestvk9795xhkre6n8jab5rj7sc03rn82n6yv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.