ClawHub

Afrexai Incident Response.Skip

v1.0.0

Guides IT and business teams through incident classification, checklist creation, communication plans, timelines, and post-mortems for effective response.

0· 70·0 current·0 all-time
by@shark1973·fork of @1kalin/afrexai-incident-response (1.0.0)
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description (incident response playbook) align with the SKILL.md instructions (classification, checklists, comms, timelines, post-mortems). No unexpected credentials, binaries, or config paths are required. Note: package metadata in _meta.json differs from the registry metadata (different ownerId and slug vs registry slug 'afrexai-incident-response-skip'), which looks like a packaging/metadata inconsistency but does not change runtime behavior.
Instruction Scope
Runtime instructions are procedural guidance (triage, containment, resolution, post-mortem) and do not direct the agent to read local files, access system credentials, or transmit data to unknown endpoints. External links are only to documentation/context packs; the SKILL.md does not instruct data exfiltration.
Install Mechanism
No install spec and no code files — instruction-only skill. This minimizes disk writes and execution of third-party code.
Credentials
The skill requires no environment variables, credentials, or config paths. There are no disproportionate secret requests.
Persistence & Privilege
always is false and the skill is user-invocable. The skill allows normal autonomous invocation (disable-model-invocation is false) which is the platform default and acceptable here; it does not request elevated or persistent system-wide privileges.
Assessment
This skill appears coherent and low-risk because it is instruction-only and requests no credentials or installs. Before installing: 1) verify the publisher/source (registry metadata differs from the _meta.json owner/slug — could be an accidental copy/paste); 2) inspect any external context packs or links before following them (they may be hosted separately or be paid); 3) when using the skill, avoid pasting sensitive credentials or large amounts of personal data into incident descriptions; and 4) consider testing the skill in a non-production environment to confirm it behaves as expected.

Like a lobster shell, security has layers — review code before you run it.

latestvk978d22117wgjwrdfwecjpdb958441fq
70downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
@shark1973
latest
Download

Incident Response Playbook

Structured incident response for business and IT teams. Guides you through detection, triage, containment, resolution, and post-mortem — with auto-generated timelines and action items.

What It Does

When triggered with an incident description, this skill:

  1. Classifies severity (P1-P4) based on impact and urgency
  2. Generates a response checklist tailored to incident type (outage, data breach, security event, service degradation, vendor failure)
  3. Builds a communication plan — who to notify, when, what channels
  4. Creates a real-time timeline as you log updates
  5. Produces a post-mortem template with root cause analysis and prevention steps

Usage

Tell your agent about an incident:

"Production API is returning 500 errors for 20% of requests. Started 10 minutes ago."

Or trigger proactively:

"Create an incident response plan for a potential data breach scenario"

Incident Types Covered

  • Service outages — full or partial downtime
  • Security incidents — breaches, unauthorized access, phishing
  • Data incidents — corruption, loss, privacy violations
  • Vendor failures — third-party SLA breaches
  • Performance degradation — latency spikes, capacity issues

Severity Matrix

LevelImpactResponse TimeEscalation
P1 - CriticalBusiness stoppedImmediateExecutive + all hands
P2 - HighMajor feature down< 30 minEngineering lead + PM
P3 - MediumDegraded experience< 2 hoursOn-call team
P4 - LowMinor issueNext business dayTicket queue

Response Framework

1. Detection & Triage (First 5 minutes)

  • Confirm the incident is real (not a false alarm)
  • Classify severity using the matrix above
  • Assign incident commander
  • Open a dedicated communication channel

2. Containment (First 30 minutes)

  • Identify blast radius — what's affected?
  • Apply immediate mitigation (rollback, feature flag, scaling)
  • Communicate status to stakeholders

3. Resolution

  • Root cause investigation
  • Implement fix with verification
  • Monitor for recurrence
  • Update all stakeholders

4. Post-Mortem (Within 48 hours)

  • Timeline of events
  • Root cause analysis (5 Whys)
  • What went well / what didn't
  • Action items with owners and deadlines
  • Process improvements

Integration

Works with any monitoring stack. Feed alerts from PagerDuty, Datadog, Grafana, or manual reports.

Pro Tip

Pair this with a full AI Operations Context Pack for your industry. Pre-built incident taxonomies, compliance-aware escalation paths, and automated stakeholder templates.

Browse packs: https://afrexai-cto.github.io/context-packs/

Free tools:

Comments

Loading comments...