← 返回 Skills 市场
broedkrummen

Incident Hotfix

作者 Broedkrummen · GitHub ↗ · v0.1.0
cross-platform ⚠ suspicious
408
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install incident-hotfix
功能描述
Coder-focused incident response and hotfix execution for production issues. Use when you need reproducible triage, patch/rollback decisions, CI-safe hotfix b...
使用说明 (SKILL.md)

Incident Hotfix

Use this alongside broader incident-response skills when code-level action is required.

Workflow

  1. Classify severity using references/severity-matrix.md
  2. Create hotfix branch from current production tag/commit
  3. Reproduce and isolate with minimal failing test
  4. Patch with rollback plan
  5. Run focused CI checks
  6. Capture evidence bundle
  7. Merge + verify + postmortem actions

Step 1 — Create incident workspace

bash scripts/start_hotfix.sh --id INC-1234 --base main

This creates:

  • hotfix/INC-1234-\x3Cslug> branch
  • docs/incidents/INC-1234/ folder
  • starter files for timeline, rollback, and actions

Step 2 — Evidence capture

bash scripts/capture_evidence.sh --id INC-1234

Collects into docs/incidents/INC-1234/evidence/:

  • latest commits + diff summary
  • changed files list
  • local env snapshot (safe subset)
  • test output logs

Step 3 — Patch gate

Before PR/merge, ensure:

  • failing case reproduced (or clearly documented)
  • minimal patch scope
  • rollback command documented in ROLLBACK.md
  • focused tests pass + no new lint/type failures

Step 4 — Postmortem actions

Use references/action-template.md to convert findings into concrete tasks:

  • owner
  • due date
  • verification criteria

Required outputs

  • docs/incidents/\x3Cid>/TIMELINE.md
  • docs/incidents/\x3Cid>/ROLLBACK.md
  • docs/incidents/\x3Cid>/ACTIONS.md
  • docs/incidents/\x3Cid>/evidence/ bundle

Notes

  • Prefer smallest safe patch over broad refactor during incident.
  • If root cause is uncertain, ship containment first, then permanent fix.
  • Never merge hotfix without rollback path.
安全使用建议
This skill looks like a legitimate incident-hotfix helper, but review and limit its evidence capture before use. Specific recommendations: - Inspect scripts locally before running. The capture script writes env-safe.txt including any variables starting with GITHUB_ (which can include tokens). - Run the scripts only in a trusted environment (no live secrets in process env), or modify scripts to exclude token-like variables (e.g., filter out *_TOKEN, *PASSWORD, GITHUB_TOKEN). - Do not push docs/incidents/.../evidence/ to remote without reviewing its contents; add the evidence directory to .gitignore or ensure it is stored in a secure artifact store instead of the repo. - If you accidentally capture secrets, rotate them immediately (e.g., GitHub tokens). - If you want the skill to be safer, request the author to: (1) avoid capturing GITHUB_* by default, (2) redact token-like values, and (3) document explicit data-handling and retention policies in SKILL.md. Given these issues the skill is coherent but potentially exposes secrets unless adjusted — treat as suspicious until mitigations are applied.
功能分析
Type: OpenClaw Skill Name: incident-hotfix Version: 0.1.0 The skill is classified as suspicious due to shell injection vulnerabilities. Specifically, `scripts/start_hotfix.sh` uses the `--base` argument directly in `git checkout "$BASE"` without sanitization, creating a potential command injection risk if an attacker can control this input. Additionally, the `--id` argument, while sanitized for branch names, is used unsanitized in `mkdir -p "docs/incidents/${ID}/evidence"` and for creating other filenames in both `scripts/start_hotfix.sh` and `scripts/capture_evidence.sh`, which could lead to file system manipulation. There is no evidence of intentional malicious behavior like data exfiltration or persistence, and the `env` capture is appropriately filtered.
能力评估
Purpose & Capability
Name/description, SKILL.md, and scripts all align: they create a hotfix branch, seed incident docs, run lightweight git operations, and collect a focused evidence bundle. No unrelated network endpoints or unusual binaries are requested.
Instruction Scope
The SKILL.md instructs running scripts that capture a local environment snapshot and git metadata into docs/incidents/<id>/evidence/. Capturing environment variables is within triage scope, but the included script indiscriminately greps for variables with prefix GITHUB_ (and other patterns) and writes them to a file in the repository; that can store secrets (e.g., GITHUB_TOKEN, GH_* tokens) in plain text in the repo. The instructions do not warn about sanitizing or excluding secrets, or about not committing the evidence folder.
Install Mechanism
No install spec; this is instruction + small scripts only. No downloads or external installs are performed by the skill itself.
Credentials
The metadata declares no required environment variables, but scripts read the environment and capture variables matching '^(NODE_ENV|ENV|APP_ENV|CI|GITHUB_)'. That mismatch (no declared env but runtime reading of env) is a proportionality concern because it may copy sensitive variables into project files without explicit consent or declaration.
Persistence & Privilege
The skill does not request always-on presence or modify other skills. It writes files and branches inside the repository (TIMELINE.md, ROLLBACK.md, ACTIONS.md, evidence/), which is expected behavior for a hotfix workflow but requires repository write access to take effect.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install incident-hotfix
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /incident-hotfix 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release: coder-focused incident hotfix workflow with branch scaffolding, evidence capture, rollback, and corrective action templates.
元数据
Slug incident-hotfix
版本 0.1.0
许可证
累计安装 1
当前安装数 1
历史版本数 1
常见问题

Incident Hotfix 是什么?

Coder-focused incident response and hotfix execution for production issues. Use when you need reproducible triage, patch/rollback decisions, CI-safe hotfix b... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 408 次。

如何安装 Incident Hotfix?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install incident-hotfix」即可一键安装,无需额外配置。

Incident Hotfix 是免费的吗?

是的,Incident Hotfix 完全免费(开源免费),可自由下载、安装和使用。

Incident Hotfix 支持哪些平台?

Incident Hotfix 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Incident Hotfix?

由 Broedkrummen(@broedkrummen)开发并维护,当前版本 v0.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论