← Back to Skills Marketplace
charlie-morrison

Incident Postmortem Generator

by charlie-morrison · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
90
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install incident-postmortem-generator
Description
Generate structured, blame-free incident postmortem reports from logs, timeline data, and incident metadata. Produces root cause analysis, impact assessment,...
README (SKILL.md)

Incident Postmortem

Generate structured, blame-free incident postmortem reports with timeline reconstruction, log analysis, and action item tracking.

Quick Start

# Create a postmortem from scratch (fills in template sections)
python3 scripts/generate_postmortem.py --title "Database outage" --severity P1

# Parse logs to auto-extract timeline events
python3 scripts/generate_postmortem.py --title "API latency" --log /var/log/app.log --since 2h

# Load a complete incident from JSON
python3 scripts/generate_postmortem.py --from incident.json --output html -o postmortem.html

# Combine logs + manual timeline
python3 scripts/generate_postmortem.py --title "Deploy failure" --log /var/log/deploy.log --timeline events.json

# Check existing document for blameful language
python3 scripts/generate_postmortem.py --check-blame existing-report.md

Features

  1. Log parsing — Auto-detects syslog, JSON, Apache/Nginx, Python tracebacks, Docker, generic timestamped formats. Extracts errors, warnings, and notable events into a timeline.
  2. Timeline reconstruction — Merges log-extracted events with manual timeline JSON. Sorted chronologically with event type labels (detection, action, escalation, resolution).
  3. Blame-free language — Built-in checker scans for blameful patterns and suggests alternatives. Use --check-blame on any document.
  4. Severity classification — P0 (critical) through P3 (low) with appropriate descriptions.
  5. Multiple outputs — Markdown (default), HTML (styled), JSON (structured).
  6. CI-friendly exit codes — 0 (clean), 1 (errors found), 2 (critical severity).
  7. Template sections — Summary, impact, timeline, root cause, detection, resolution, lessons learned, action items.

Options

Flag Default Description
--title required Incident title
--severity P2 P0, P1, P2, or P3
--date today Incident date
--duration TBD How long it lasted
--summary Brief summary text
--log Log file path (repeatable)
--since all Time filter for logs (1h, 24h, 7d)
--timeline Timeline JSON file
--from Load full incident from JSON
--output markdown Output format: markdown, html, json
-o stdout Output file path
--check-blame Check file for blameful language

Workflow

After an Incident

  1. Gather logs: --log /var/log/app.log --log /var/log/nginx/error.log --since 4h
  2. Generate draft: python3 scripts/generate_postmortem.py --title "..." --severity P1 --log ... -o draft.md
  3. Fill in template sections (summary, root cause, impact, resolution)
  4. Run blame check: --check-blame draft.md
  5. Add action items and share

From Structured Data

  1. Create incident.json with full details (see references/templates.md for schema)
  2. Generate: --from incident.json --output html -o postmortem.html

Periodic Review

Use JSON output to track action item completion across multiple postmortems.

References

  • templates.md — Full JSON schema, timeline event types, blame-free language guide with replacements
Usage Guidance
This skill appears to do what it says: parse logs, merge timelines, and produce postmortems. Before installing or running it in production: (1) review the bundled script to confirm there are no network calls or unexpected behavior (the provided code shows none), (2) run it with least privilege and only on logs you intend to process (logs often contain credentials or PII), (3) avoid pointing it at directories you don't control, and (4) if you plan to store outputs centrally (HTML/JSON), ensure the destination is trusted. If you need higher assurance, run the script in an isolated environment and/or audit the remainder of the script (the truncated portion appears to be report formatting; verify there are no hidden endpoints).
Capability Analysis
Type: OpenClaw Skill Name: incident-postmortem-generator Version: 1.0.0 The skill bundle provides a utility for generating incident postmortem reports by parsing log files and timeline data. The core logic in `scripts/generate_postmortem.py` uses standard Python libraries to perform regex-based log analysis and format reports in Markdown, HTML, or JSON. No evidence of data exfiltration, unauthorized network access, or malicious execution (such as `eval` or `os.system`) was found. While the script reads arbitrary files provided via the `--log` argument and lacks HTML entity escaping in its report generator, these are functional risks or minor vulnerabilities rather than intentional malicious behavior.
Capability Tags
cryptocan-make-purchases
Capability Assessment
Purpose & Capability
Name/description, SKILL.md examples, and the included Python script all focus on parsing logs, merging timeline JSON, checking blameful language, and rendering outputs. No unrelated binaries, cloud credentials, or external services are requested—requirements and capabilities are coherent.
Instruction Scope
Runtime instructions and the script read arbitrary log and JSON files (examples reference /var/log/* and passing --log, --from, --timeline paths). This is expected for a log-parsing postmortem tool, but it means the tool will access any files you point it to; that can expose sensitive data (secrets, PII) if logs contain them. There are no instructions to exfiltrate data or send it to external endpoints in the provided files.
Install Mechanism
No install spec is provided (instruction-only plus a bundled Python script). No external downloads, package registry installs, or archive extraction are present—risk from installation mechanism is low. The script claims to use only Python stdlib.
Credentials
The skill declares no required environment variables, credentials, or config paths. The script operates on files provided via CLI flags and does not require secrets; this is proportionate to the stated functionality.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent privileges. It does not modify other skills or system-wide agent settings in the provided materials. Autonomous invocation is allowed by platform default but not exceptional here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install incident-postmortem-generator
  3. After installation, invoke the skill by name or use /incident-postmortem-generator
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Slug incident-postmortem-generator
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Incident Postmortem Generator?

Generate structured, blame-free incident postmortem reports from logs, timeline data, and incident metadata. Produces root cause analysis, impact assessment,... It is an AI Agent Skill for Claude Code / OpenClaw, with 90 downloads so far.

How do I install Incident Postmortem Generator?

Run "/install incident-postmortem-generator" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Incident Postmortem Generator free?

Yes, Incident Postmortem Generator is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Incident Postmortem Generator support?

Incident Postmortem Generator is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Incident Postmortem Generator?

It is built and maintained by charlie-morrison (@charlie-morrison); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments