/install afrexai-incident-response
Incident Response Playbook
Structured incident response for business and IT teams. Guides you through detection, triage, containment, resolution, and post-mortem — with auto-generated timelines and action items.
What It Does
When triggered with an incident description, this skill:
- Classifies severity (P1-P4) based on impact and urgency
- Generates a response checklist tailored to incident type (outage, data breach, security event, service degradation, vendor failure)
- Builds a communication plan — who to notify, when, what channels
- Creates a real-time timeline as you log updates
- Produces a post-mortem template with root cause analysis and prevention steps
Usage
Tell your agent about an incident:
"Production API is returning 500 errors for 20% of requests. Started 10 minutes ago."
Or trigger proactively:
"Create an incident response plan for a potential data breach scenario"
Incident Types Covered
- Service outages — full or partial downtime
- Security incidents — breaches, unauthorized access, phishing
- Data incidents — corruption, loss, privacy violations
- Vendor failures — third-party SLA breaches
- Performance degradation — latency spikes, capacity issues
Severity Matrix
| Level | Impact | Response Time | Escalation |
|---|---|---|---|
| P1 - Critical | Business stopped | Immediate | Executive + all hands |
| P2 - High | Major feature down | \x3C 30 min | Engineering lead + PM |
| P3 - Medium | Degraded experience | \x3C 2 hours | On-call team |
| P4 - Low | Minor issue | Next business day | Ticket queue |
Response Framework
1. Detection & Triage (First 5 minutes)
- Confirm the incident is real (not a false alarm)
- Classify severity using the matrix above
- Assign incident commander
- Open a dedicated communication channel
2. Containment (First 30 minutes)
- Identify blast radius — what's affected?
- Apply immediate mitigation (rollback, feature flag, scaling)
- Communicate status to stakeholders
3. Resolution
- Root cause investigation
- Implement fix with verification
- Monitor for recurrence
- Update all stakeholders
4. Post-Mortem (Within 48 hours)
- Timeline of events
- Root cause analysis (5 Whys)
- What went well / what didn't
- Action items with owners and deadlines
- Process improvements
Integration
Works with any monitoring stack. Feed alerts from PagerDuty, Datadog, Grafana, or manual reports.
Pro Tip
Pair this with a full AI Operations Context Pack for your industry. Pre-built incident taxonomies, compliance-aware escalation paths, and automated stakeholder templates.
Browse packs: https://afrexai-cto.github.io/context-packs/
Free tools:
- AI Revenue Calculator: https://afrexai-cto.github.io/ai-revenue-calculator/
- Agent Setup Wizard: https://afrexai-cto.github.io/agent-setup/
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install afrexai-incident-response - After installation, invoke the skill by name or use
/afrexai-incident-response - Provide required inputs per the skill's parameter spec and get structured output
What is Incident Response Playbook?
Guides business and IT teams through incident detection, severity classification, containment, resolution, communication, and post-mortem with automated time... It is an AI Agent Skill for Claude Code / OpenClaw, with 795 downloads so far.
How do I install Incident Response Playbook?
Run "/install afrexai-incident-response" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Incident Response Playbook free?
Yes, Incident Response Playbook is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Incident Response Playbook support?
Incident Response Playbook is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Incident Response Playbook?
It is built and maintained by 1kalin (@1kalin); the current version is v1.0.0.