ClawHub

Security Incident Command

v1.0.0

Command and manage an active security incident from declaration through remediation handoff using the incident management framework (Google's IMAG, derived f...

0· 97·0 current·0 all-time
byHung Quoc To@quochungto
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name, description, and declared tasks (declare, staff, secure investigation, run forensics loop, handoff) align with the instructions in SKILL.md. It requests no binaries, env vars, or installs, which is proportionate for a playbook-style incident command guide.
Instruction Scope
SKILL.md is a prescriptive playbook for live incident command and references actions such as creating new channels, clean machines, and running forensics. Those are within the expected scope. The instructions do not declare or reference system file paths, secrets, or unrelated environment variables in the provided excerpt. Because it runs during live incidents, operators should review the full SKILL.md to confirm there are no open-ended directives (e.g., 'gather whatever context you need') that would grant broad autonomous access.
Install Mechanism
No install spec or code files are present — instruction-only, which minimizes risk. There is no downloadable code or archive that would be written to disk or executed.
Credentials
The skill requests no environment variables, credentials, or config paths. That matches its role as a procedural playbook and is proportionate to its stated purpose.
Persistence & Privilege
always is false and there is no attempt to persist or modify other skills or system-wide agent settings. The default model-invocation behavior remains enabled (normal for skills); combine this with the playbook's live-incident nature and ensure human oversight during any automated actions.
Assessment
This skill is a written incident-command playbook and appears coherent and low-risk: it doesn't ask for credentials or install code. Before using it during a live incident, read the full SKILL.md top-to-bottom to confirm there are no open-ended directives that would let the agent autonomously access production systems or secrets. Prefer human-in-the-loop operation for any destructive or high-impact steps (e.g., isolating systems, creating accounts, registering domains). If you plan to let the agent perform shell actions (Bash/Grep tools are listed as optional), restrict those to non-production copies or require explicit human approval per action. Finally, check the referenced dependency (incident-response-team-setup) so you understand any cross-skill expectations.

Like a lobster shell, security has layers — review code before you run it.

bookforgevk975hz3dqtq42mf83mbyeg4zyx84g653latestvk975hz3dqtq42mf83mbyeg4zyx84g653tags:vk975hz3dqtq42mf83mbyeg4zyx84g653

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📚 Clawdis

Comments