← 返回 Skills 市场
Incident Postmortem Generator
作者
charlie-morrison
· GitHub ↗
· v1.0.0
· MIT-0
90
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install incident-postmortem-generator
功能描述
Generate structured, blame-free incident postmortem reports from logs, timeline data, and incident metadata. Produces root cause analysis, impact assessment,...
使用说明 (SKILL.md)
Incident Postmortem
Generate structured, blame-free incident postmortem reports with timeline reconstruction, log analysis, and action item tracking.
Quick Start
# Create a postmortem from scratch (fills in template sections)
python3 scripts/generate_postmortem.py --title "Database outage" --severity P1
# Parse logs to auto-extract timeline events
python3 scripts/generate_postmortem.py --title "API latency" --log /var/log/app.log --since 2h
# Load a complete incident from JSON
python3 scripts/generate_postmortem.py --from incident.json --output html -o postmortem.html
# Combine logs + manual timeline
python3 scripts/generate_postmortem.py --title "Deploy failure" --log /var/log/deploy.log --timeline events.json
# Check existing document for blameful language
python3 scripts/generate_postmortem.py --check-blame existing-report.md
Features
- Log parsing — Auto-detects syslog, JSON, Apache/Nginx, Python tracebacks, Docker, generic timestamped formats. Extracts errors, warnings, and notable events into a timeline.
- Timeline reconstruction — Merges log-extracted events with manual timeline JSON. Sorted chronologically with event type labels (detection, action, escalation, resolution).
- Blame-free language — Built-in checker scans for blameful patterns and suggests alternatives. Use
--check-blameon any document. - Severity classification — P0 (critical) through P3 (low) with appropriate descriptions.
- Multiple outputs — Markdown (default), HTML (styled), JSON (structured).
- CI-friendly exit codes — 0 (clean), 1 (errors found), 2 (critical severity).
- Template sections — Summary, impact, timeline, root cause, detection, resolution, lessons learned, action items.
Options
| Flag | Default | Description |
|---|---|---|
--title |
required | Incident title |
--severity |
P2 | P0, P1, P2, or P3 |
--date |
today | Incident date |
--duration |
TBD | How long it lasted |
--summary |
— | Brief summary text |
--log |
— | Log file path (repeatable) |
--since |
all | Time filter for logs (1h, 24h, 7d) |
--timeline |
— | Timeline JSON file |
--from |
— | Load full incident from JSON |
--output |
markdown | Output format: markdown, html, json |
-o |
stdout | Output file path |
--check-blame |
— | Check file for blameful language |
Workflow
After an Incident
- Gather logs:
--log /var/log/app.log --log /var/log/nginx/error.log --since 4h - Generate draft:
python3 scripts/generate_postmortem.py --title "..." --severity P1 --log ... -o draft.md - Fill in template sections (summary, root cause, impact, resolution)
- Run blame check:
--check-blame draft.md - Add action items and share
From Structured Data
- Create
incident.jsonwith full details (seereferences/templates.mdfor schema) - Generate:
--from incident.json --output html -o postmortem.html
Periodic Review
Use JSON output to track action item completion across multiple postmortems.
References
- templates.md — Full JSON schema, timeline event types, blame-free language guide with replacements
安全使用建议
This skill appears to do what it says: parse logs, merge timelines, and produce postmortems. Before installing or running it in production: (1) review the bundled script to confirm there are no network calls or unexpected behavior (the provided code shows none), (2) run it with least privilege and only on logs you intend to process (logs often contain credentials or PII), (3) avoid pointing it at directories you don't control, and (4) if you plan to store outputs centrally (HTML/JSON), ensure the destination is trusted. If you need higher assurance, run the script in an isolated environment and/or audit the remainder of the script (the truncated portion appears to be report formatting; verify there are no hidden endpoints).
功能分析
Type: OpenClaw Skill
Name: incident-postmortem-generator
Version: 1.0.0
The skill bundle provides a utility for generating incident postmortem reports by parsing log files and timeline data. The core logic in `scripts/generate_postmortem.py` uses standard Python libraries to perform regex-based log analysis and format reports in Markdown, HTML, or JSON. No evidence of data exfiltration, unauthorized network access, or malicious execution (such as `eval` or `os.system`) was found. While the script reads arbitrary files provided via the `--log` argument and lacks HTML entity escaping in its report generator, these are functional risks or minor vulnerabilities rather than intentional malicious behavior.
能力标签
能力评估
Purpose & Capability
Name/description, SKILL.md examples, and the included Python script all focus on parsing logs, merging timeline JSON, checking blameful language, and rendering outputs. No unrelated binaries, cloud credentials, or external services are requested—requirements and capabilities are coherent.
Instruction Scope
Runtime instructions and the script read arbitrary log and JSON files (examples reference /var/log/* and passing --log, --from, --timeline paths). This is expected for a log-parsing postmortem tool, but it means the tool will access any files you point it to; that can expose sensitive data (secrets, PII) if logs contain them. There are no instructions to exfiltrate data or send it to external endpoints in the provided files.
Install Mechanism
No install spec is provided (instruction-only plus a bundled Python script). No external downloads, package registry installs, or archive extraction are present—risk from installation mechanism is low. The script claims to use only Python stdlib.
Credentials
The skill declares no required environment variables, credentials, or config paths. The script operates on files provided via CLI flags and does not require secrets; this is proportionate to the stated functionality.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent privileges. It does not modify other skills or system-wide agent settings in the provided materials. Autonomous invocation is allowed by platform default but not exceptional here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install incident-postmortem-generator - 安装完成后,直接呼叫该 Skill 的名称或使用
/incident-postmortem-generator触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
常见问题
Incident Postmortem Generator 是什么?
Generate structured, blame-free incident postmortem reports from logs, timeline data, and incident metadata. Produces root cause analysis, impact assessment,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 90 次。
如何安装 Incident Postmortem Generator?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install incident-postmortem-generator」即可一键安装,无需额外配置。
Incident Postmortem Generator 是免费的吗?
是的,Incident Postmortem Generator 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Incident Postmortem Generator 支持哪些平台?
Incident Postmortem Generator 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Incident Postmortem Generator?
由 charlie-morrison(@charlie-morrison)开发并维护,当前版本 v1.0.0。
推荐 Skills