← Back to Skills Marketplace
atlaspa

Openclaw Triage

by AtlasPA · GitHub ↗ · v1.0.2
darwinlinuxwin32 ✓ Security Clean
1629
Downloads
1
Stars
3
Active Installs
3
Versions
Install in OpenClaw
/install openclaw-triage
Description
Incident response and forensics for agent workspaces. Investigate compromises, build timelines, assess blast radius, and collect evidence. Cross-references data from warden, ledger, signet, and sentinel for unified analysis. Free alert layer — upgrade to openclaw-triage-pro for automated containment, remediation playbooks, and evidence export.
Usage Guidance
This appears to be a coherent local triage tool, but review and treat it carefully before use: 1) Inspect the full scripts/triage.py for any network or subprocess commands that could transmit data; although the SKILL.md says 'no network calls', the code imports subprocess — verify there are none. 2) Run it against a copy of the workspace (or point --workspace to a snapshot) first to avoid accidental changes. 3) Expect it to collect and store potentially sensitive files (hashes, configs, credentials it finds) under .triage/evidence — protect that output. 4) Always run the evidence/collection command before any remediation/quarantine actions, and keep backups. 5) If you need higher assurance, run the script in an isolated environment (air‑gapped or with network blocked) and consider a quick code audit focusing on any subprocess calls, file writes, and any uses of network/socket libraries.
Capability Analysis
Type: OpenClaw Skill Name: openclaw-triage Version: 1.0.2 The OpenClaw Triage skill is a security tool designed for incident response and forensics within an agent workspace. Its code (`scripts/triage.py`) and documentation (`SKILL.md`, `README.md`) consistently describe functions for investigating, timeline building, scope assessment, evidence collection, and automated containment/remediation. The script explicitly states and adheres to 'No External Dependencies' and 'No network calls'. While it scans for credential patterns and exfiltration URLs, this is for detection and reporting, not for actual exfiltration. Actions like quarantining skills, locking critical files, and disabling suspicious hooks are defensive measures. Subprocess calls are made safely to other local OpenClaw security tools for remediation. There is no evidence of malicious intent, prompt injection, or unauthorized harmful behavior.
Capability Assessment
Purpose & Capability
Name/description describe workspace triage and the skill only requires python3 and local filesystem access. Declared cross‑references (.integrity, .ledger, .signet, .sentinel) match the checks implemented in the script.
Instruction Scope
Instructions and the script read the entire workspace, build timelines, compute hashes, and copy security tool data into .triage/evidence. This is expected for forensics, but it will access and collect potentially sensitive files (credentials, skill code, configs). The SKILL.md claims 'no network calls' and the visible code appears local‑only, but the script imports subprocess and other modules — review the remainder of the file for any network invocations before running in production.
Install Mechanism
No install spec; the skill is instruction/code only and requires only python3 on PATH. Nothing is downloaded or written to system locations outside the workspace when run.
Credentials
The skill requests no environment variables, no external credentials, and only accesses workspace files and known OpenClaw tool paths. The lack of declared secrets is proportionate to the stated purpose.
Persistence & Privilege
The tool writes state/evidence and may create quarantine/backups under .triage within the workspace (normal for a triage tool). always:false (not force‑installed). If you run remediation/quarantine actions those will modify workspace files — follow the guidance to take evidence first.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclaw-triage
  3. After installation, invoke the skill by name or use /openclaw-triage
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
- Removed all references to openclaw-triage-pro and upgrade prompts from documentation. - README and SKILL.md now describe only the core free features included with openclaw-triage. - No changes to commands, outputs, or forensic capabilities.
v1.0.1
- Updated README.md to improve formatting and clarity. - No changes to code or functionality. - Documentation provides more consistent and readable instructions for users.
v1.0.0
Initial release of openclaw-triage: unified incident response and forensics for agent workspaces. - Investigate workspace compromises, build event timelines, assess blast radius, and collect forensic evidence. - Integrates data from warden, ledger, signet, and sentinel for comprehensive analysis. - Command-line interface for full investigations, timeline creation, blast radius assessment, evidence collection, and quick status checks. - Includes incident severity scoring and exit codes for automated workflows. - No external dependencies; runs locally on Python 3 (Darwin, Linux, Win32). - Upgrade option available for advanced containment and remediation (openclaw-triage-pro).
Metadata
Slug openclaw-triage
Version 1.0.2
License
All-time Installs 3
Active Installs 3
Total Versions 3
Frequently Asked Questions

What is Openclaw Triage?

Incident response and forensics for agent workspaces. Investigate compromises, build timelines, assess blast radius, and collect evidence. Cross-references data from warden, ledger, signet, and sentinel for unified analysis. Free alert layer — upgrade to openclaw-triage-pro for automated containment, remediation playbooks, and evidence export. It is an AI Agent Skill for Claude Code / OpenClaw, with 1629 downloads so far.

How do I install Openclaw Triage?

Run "/install openclaw-triage" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Openclaw Triage free?

Yes, Openclaw Triage is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Openclaw Triage support?

Openclaw Triage is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux, win32).

Who created Openclaw Triage?

It is built and maintained by AtlasPA (@atlaspa); the current version is v1.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments