Install
openclaw skills install @mohitagw15856/agent-incident-postmortemRun a blameless postmortem for an incident caused by an AI agent or LLM feature — hallucinated facts shipped to users, runaway tool use, prompt injection, cost blowouts, or wrong actions taken autonomously. Use when asked to write up an AI incident, analyse why an agent did something wrong, or produce corrective actions after an LLM failure. Produces a structured postmortem with trace reconstruction, a root-cause layer analysis, and corrective actions including a permanent regression case. For non-AI production incidents use incident-postmortem.
openclaw skills install @mohitagw15856/agent-incident-postmortemAI incidents differ from outages: the system didn't go down — it did something wrong, confidently, and maybe only once. This skill adapts blameless postmortem practice to nondeterministic systems, where "can we reproduce it?" needs traces, not just steps.
Ask for (if not already provided):
Walk the layers in order; the root cause is usually the earliest layer that could have prevented the outcome. "The model was wrong" is a starting point, never the conclusion — models are known to be fallible, so the question is what let a fallible output become an incident.
| Layer | Ask |
|---|---|
| Input / context | Was the context wrong, stale, contradictory, or poisoned (injection)? Did retrieval feed it bad ground truth? |
| Model behaviour | Given that context, was the output a foreseeable failure mode (fabrication under missing data, over-compliance with injected text)? |
| Guardrails | What check should have caught this output and didn't exist / didn't fire? (schema validation, groundedness check, action allow-list) |
| Action layer | Why could the wrong output become a real action or reach a user without the appropriate gate for its risk level? |
| Detection | Why did we learn about it this way, this late? What signal would have caught it in minutes? |
Severity: [level] · Status: [resolved/monitoring] · Owner: [name]
Summary: [3 sentences: what the agent did, impact, root cause layer]
Impact: [users/requests affected, window, cost, trust/regulatory dimension]
Timeline: [first bad output → detection → mitigation → resolution, with the detection gap called out]
Trace reconstruction: [what was in the window; which tool calls ran; where the path diverged from intended behaviour]
Root cause by layer:
| Layer | Finding |
|---|---|
| Input/context | |
| Model behaviour | |
| Guardrails | |
| Action layer | |
| Detection |
Reproduction: [replayed? failure frequency over N runs / not reproducible — evidence is the trace]
Corrective actions:
| Action | Layer | Owner | Due |
|---|---|---|---|
| Add this trace as a permanent regression case | eval | ||
| [guardrail/monitor/context fix] |
What went well / what got lucky: [both, honestly]