ClawHub

Retro

v1.0.0

Deep blameless postmortem workflow—timeline, impact, root cause vs contributing factors, what went well/poorly, action items with owners, and follow-through....

0· 190·5 current·5 all-time
by@clawkk

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for clawkk/retro.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Retro" (clawkk/retro) from ClawHub.
Skill page: https://clawhub.ai/clawkk/retro
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install retro

ClawHub CLI

Package manager switcher

npx clawhub@latest install retro
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description (postmortem/retro workflow) match the SKILL.md content. The skill requests no binaries, env vars, or config paths — consistent with a facilitator/template-style instruction set.
Instruction Scope
Runtime instructions are procedural guidance (stages, checklists, tips). They do not instruct the agent to read arbitrary host files, call external endpoints, or exfiltrate data. The only operational suggestions are linking traces/metrics/logs and redacting PII, which are appropriate for the stated purpose.
Install Mechanism
No install spec or code files are present. As an instruction-only skill, it introduces no installation risk or downloaded code.
Credentials
The skill itself requires no credentials or environment access. However, the guidance suggests linking traces, metrics and logs in appendices; if you allow an agent to gather those artifacts, you must separately grant whichever integrations/credentials are needed. That potential need for log/trace access is expected for its purpose but worth guarding (read-only access, PII redaction).
Persistence & Privilege
The skill is not always-enabled and does not request persistent system presence or modify other skills. Default autonomous invocation is allowed by the platform but this skill's content does not demand elevated privileges.
Assessment
This skill is an instruction-only retro/postmortem workflow and appears coherent and low-risk. Before using it with an agent that can access your systems: (1) verify any integrations you enable for attaching logs/traces have minimal, read-only scope and appropriate retention controls; (2) ensure PII and sensitive security details are redacted per the skill's own advice; (3) for security incidents, follow your org's legal/infosec process rather than publishing details; and (4) review any auto-generated postmortem content before it is shared externally. No credentials or installs are required by the skill itself.

Like a lobster shell, security has layers — review code before you run it.

latestvk972q47cc7fn6vfvw7aqs9txvn83pa7x
190downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@clawkk
latest
Download

Postmortems

A good postmortem learns without blaming individuals. It produces owned actions that reduce recurrence or improve detection—not generic “communicate better” platitudes.

When to Offer This Workflow

Trigger conditions:

  • SEV incidents, customer-visible outages, data-loss scares
  • Near-misses worth documenting
  • Need facilitation structure in a blame-prone culture

Initial offer:

Use six stages: (1) scope & audience, (2) timeline & impact, (3) root cause analysis, (4) what worked / didn’t, (5) action items, (6) communication & follow-up). Confirm internal-only vs customer-facing summary.

Stage 1: Scope & Audience

Goal: Define readers (exec, engineering, CS) and redact PII or sensitive security details.

Practices

  • Blameless framing in the invite and template

Exit condition: Template chosen; owner for the final document.

Stage 2: Timeline & Impact

Goal: Minute-resolution timeline in UTC: detection → onset → mitigation → resolution.

Impact

  • Users affected, duration, data integrity if relevant, SLA breach

Exit condition: Facts align with any external customer communication.

Stage 3: Root Cause Analysis

Goal: Use five whys or fishbone as tools, not rituals. Separate root cause (fix that stops the class of failure) from contributing factors (process gaps, missing tests).

Practices

  • Do not name an individual as the “root cause”

Exit condition: Evidence-backed causal chain; contributing factors listed.

Stage 4: What Worked / Didn’t

Goal: Reinforce positives (runbooks followed, clear comms) and negatives (missing dashboards, slow escalation).

Stage 5: Action Items

Goal: Specific tickets with owners and dates; categorize prevent / detect / recover / process.

Practices

  • Avoid vague “add monitoring”—name metrics or signals

Exit condition: Items linked in the issue tracker.

Stage 6: Communication & Follow-Up

Goal: Share summary internally; external postmortem only when policy requires; track completion in 30/60 days.

Final Review Checklist

  • Blameless tone; timeline and facts accurate
  • Impact quantified where possible
  • Root cause vs contributing factors distinguished
  • Action items owned, dated, tracked
  • Follow-up review scheduled

Tips for Effective Guidance

  • Match depth to severity; lightweight retro for minor incidents.
  • Link traces, metrics, and logs in an appendix for engineers.
  • Psychological safety enables honesty—leadership models it.

Handling Deviations

  • Security incidents: coordinate with legal/infosec before public detail.

Comments

Loading comments...