← 返回 Skills 市场

Cyber Ir Playbook

Name: Cyber Ir Playbook
Author: 0x-professor

作者 Muhammad Mazhar Saeed · GitHub ↗ · v0.1.0

cross-platform ✓ 安全检测通过

358

总下载

当前安装

版本数

在 OpenClaw 中安装

/install cyber-ir-playbook

功能描述

Build incident response timelines and report packs from event logs. Use for detection-to-recovery reporting, phase tracking, and stakeholder-ready incident s...

使用说明 (SKILL.md)

Cyber IR Playbook

Overview

Convert incident events into a standardized response timeline and phase-based report.

Workflow

Ingest incident events with timestamps.
Classify events into detection, containment, eradication, recovery, or post-incident phases.
Build ordered timeline and summarize current phase completion.
Produce a report artifact for internal and executive audiences.

Use Bundled Resources

Run scripts/ir_timeline_report.py to generate a deterministic timeline report.
Read references/ir-phase-guide.md for phase mapping guidance.

Guardrails

Focus on defensive incident handling and post-incident learning.
Do not provide offensive exploitation instructions.

安全使用建议

This skill appears coherent and low-risk: it converts user-supplied event JSON into timeline reports and ships with a small Python script and a phase guide. Before running, (1) review the script yourself (it's short and readable) and ensure you run it in a trusted environment with a Python 3 runtime, (2) only pass input files you trust (logs may contain sensitive data), and (3) specify an output path that won't overwrite important system or sensitive files. If you need networked or automated ingestion of live logs, inspect or extend the skill carefully — as provided it does not perform any network I/O or credential handling.

功能分析

Type: OpenClaw Skill Name: cyber-ir-playbook Version: 0.1.0 The skill bundle is benign. The `SKILL.md` and `agents/openai.yaml` files contain clear, defensive instructions for the AI agent, aligning with the stated purpose of incident response reporting and showing no signs of prompt injection. The `scripts/ir_timeline_report.py` script performs its stated function of processing incident data and generating reports using standard Python libraries. It handles file input/output (reading JSON, writing JSON/Markdown/CSV reports) as expected for its purpose, includes a `MAX_INPUT_BYTES` limit for input files, and does not contain any malicious code such as data exfiltration, remote execution, persistence mechanisms, or obfuscation. While file I/O can be a vector for vulnerabilities if the executing environment is not properly sandboxed, the script itself does not exhibit malicious intent or attempt to exploit such vulnerabilities.

能力评估

✓ Purpose & Capability

Name, description, and included files (reference guide and a Python report generator) align: the bundled script ingests event JSON and produces timeline reports. No unrelated binaries, env vars, or external services are requested.

ℹ Instruction Scope

SKILL.md instructs running the included script and reading the provided phase guide; the script only reads a user-supplied input file (max 1 MiB) and writes an output artifact in the chosen format. Note: the script will write to whatever output path is supplied, so callers should avoid pointing it at sensitive system files or locations where overwriting is dangerous.

✓ Install Mechanism

No install spec — the skill is instruction + a small Python script. No remote downloads or package installs are declared, which keeps install risk low. Users need a Python runtime to execute the script.

✓ Credentials

The skill requests no environment variables, credentials, or config paths. The script does not read environment variables or network endpoints; required data is provided via the input file argument.

✓ Persistence & Privilege

always is false and the skill does not attempt to persist configuration, modify other skills, or elevate privileges. It operates only on files passed to it.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install cyber-ir-playbook
安装完成后，直接呼叫该 Skill 的名称或使用 /cyber-ir-playbook 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.0

Initial release of cyber-ir-playbook. - Generates incident response timelines and phase-based reports from event logs. - Classifies events into detection, containment, eradication, recovery, or post-incident phases. - Produces ordered incident timelines and stakeholder-ready summaries. - Includes scripts and guides for report generation and phase mapping. - Emphasizes defensive incident handling; avoids offensive exploitation content.

元数据

Slug cyber-ir-playbook

版本 0.1.0

许可证 —

累计安装 2

当前安装数 1

历史版本数 1

常见问题