← Back to Skills Marketplace
Cyber Ir Playbook
by
Muhammad Mazhar Saeed
· GitHub ↗
· v0.1.0
358
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install cyber-ir-playbook
Description
Build incident response timelines and report packs from event logs. Use for detection-to-recovery reporting, phase tracking, and stakeholder-ready incident s...
README (SKILL.md)
Cyber IR Playbook
Overview
Convert incident events into a standardized response timeline and phase-based report.
Workflow
- Ingest incident events with timestamps.
- Classify events into detection, containment, eradication, recovery, or post-incident phases.
- Build ordered timeline and summarize current phase completion.
- Produce a report artifact for internal and executive audiences.
Use Bundled Resources
- Run
scripts/ir_timeline_report.pyto generate a deterministic timeline report. - Read
references/ir-phase-guide.mdfor phase mapping guidance.
Guardrails
- Focus on defensive incident handling and post-incident learning.
- Do not provide offensive exploitation instructions.
Usage Guidance
This skill appears coherent and low-risk: it converts user-supplied event JSON into timeline reports and ships with a small Python script and a phase guide. Before running, (1) review the script yourself (it's short and readable) and ensure you run it in a trusted environment with a Python 3 runtime, (2) only pass input files you trust (logs may contain sensitive data), and (3) specify an output path that won't overwrite important system or sensitive files. If you need networked or automated ingestion of live logs, inspect or extend the skill carefully — as provided it does not perform any network I/O or credential handling.
Capability Analysis
Type: OpenClaw Skill
Name: cyber-ir-playbook
Version: 0.1.0
The skill bundle is benign. The `SKILL.md` and `agents/openai.yaml` files contain clear, defensive instructions for the AI agent, aligning with the stated purpose of incident response reporting and showing no signs of prompt injection. The `scripts/ir_timeline_report.py` script performs its stated function of processing incident data and generating reports using standard Python libraries. It handles file input/output (reading JSON, writing JSON/Markdown/CSV reports) as expected for its purpose, includes a `MAX_INPUT_BYTES` limit for input files, and does not contain any malicious code such as data exfiltration, remote execution, persistence mechanisms, or obfuscation. While file I/O can be a vector for vulnerabilities if the executing environment is not properly sandboxed, the script itself does not exhibit malicious intent or attempt to exploit such vulnerabilities.
Capability Assessment
Purpose & Capability
Name, description, and included files (reference guide and a Python report generator) align: the bundled script ingests event JSON and produces timeline reports. No unrelated binaries, env vars, or external services are requested.
Instruction Scope
SKILL.md instructs running the included script and reading the provided phase guide; the script only reads a user-supplied input file (max 1 MiB) and writes an output artifact in the chosen format. Note: the script will write to whatever output path is supplied, so callers should avoid pointing it at sensitive system files or locations where overwriting is dangerous.
Install Mechanism
No install spec — the skill is instruction + a small Python script. No remote downloads or package installs are declared, which keeps install risk low. Users need a Python runtime to execute the script.
Credentials
The skill requests no environment variables, credentials, or config paths. The script does not read environment variables or network endpoints; required data is provided via the input file argument.
Persistence & Privilege
always is false and the skill does not attempt to persist configuration, modify other skills, or elevate privileges. It operates only on files passed to it.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install cyber-ir-playbook - After installation, invoke the skill by name or use
/cyber-ir-playbook - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release of cyber-ir-playbook.
- Generates incident response timelines and phase-based reports from event logs.
- Classifies events into detection, containment, eradication, recovery, or post-incident phases.
- Produces ordered incident timelines and stakeholder-ready summaries.
- Includes scripts and guides for report generation and phase mapping.
- Emphasizes defensive incident handling; avoids offensive exploitation content.
Metadata
Frequently Asked Questions
What is Cyber Ir Playbook?
Build incident response timelines and report packs from event logs. Use for detection-to-recovery reporting, phase tracking, and stakeholder-ready incident s... It is an AI Agent Skill for Claude Code / OpenClaw, with 358 downloads so far.
How do I install Cyber Ir Playbook?
Run "/install cyber-ir-playbook" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Cyber Ir Playbook free?
Yes, Cyber Ir Playbook is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Cyber Ir Playbook support?
Cyber Ir Playbook is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Cyber Ir Playbook?
It is built and maintained by Muhammad Mazhar Saeed (@0x-professor); the current version is v0.1.0.
More Skills