← 返回 Skills 市场
ggettert

Incident Triage

作者 Grace Gettert · GitHub ↗ · v0.3.0 · MIT-0
cross-platform ✓ 安全检测通过
152
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install incident-triage
功能描述
Structured incident triage for alerts from any monitoring source. Five-step framework: classify severity, scope blast radius, correlate with recent changes,...
使用说明 (SKILL.md)

Incident Triage

Structured incident triage for alerts from any monitoring source. Five steps, consistent every time.

Pass in the raw alert message, a link to the alert, or a description of what's happening.

Triage Process

When an alert appears:

  1. Classify — what type and severity?
  2. Scope — blast radius: who's affected, which environment, since when?
  3. Correlate — what changed recently? Check deploys, merges, config changes
  4. Investigate — guided checks based on alert type
  5. Act — summarize, create ticket, escalate or close

Read references/triage-framework.md for the full framework with checklists and bash snippets for each step.

Alert Parsing

Before starting the triage framework, identify the alert source and extract key fields.

Read references/alert-patterns.md for patterns covering PagerDuty, Datadog, CloudWatch, Sentry, uptime monitors, GitHub Actions, AWS SNS/EventBridge, and custom webhooks.

Escalation

When to page, when to watch, when to close. Severity-based response times and communication templates.

Read references/escalation-guide.md for defaults — customize for your team's on-call structure.

Runbook

During Step 4 (Investigate), load references/runbook-template.md to find service health endpoints, dashboards, log locations, and common fixes.

⚠️ This file is a template — it must be filled in before use. If it still contains \x3C!-- placeholder comments, tell the user to populate it with their actual infrastructure before relying on it during an incident.

Scripts

The scripts/ directory contains helper scripts for the correlation and action steps:

  • scripts/correlate-recent-deploys.sh — list recent CI/CD runs for a repo (Step 3)
  • scripts/correlate-recent-merges.sh — list recently merged PRs for a repo (Step 3)
  • scripts/create-incident-issue.sh — create a GitHub incident issue (Step 5)

Works Well With

  • github (Step 3 — Correlate): check recent deploys, merged PRs, and CI run history for affected repos
  • aws-ecs-monitor (Step 4 — Investigate): ECS service health, ALB targets, and CloudWatch logs for downtime and resource alerts
  • gh-issues (Step 5 — Act): create incident tickets automatically

References

安全使用建议
This skill appears coherent and implements a structured triage workflow. Before installing or running it: (1) ensure the `gh` CLI is installed and authenticated with a GitHub token that has only the scopes you intend (issue creation / repo read as needed); the helper scripts call `gh` locally and rely on that existing auth. (2) Populate the runbook template (references/runbook-template.md) with your real endpoints, on-call contacts, and accounts — do not rely on placeholder content during a real incident. (3) Confirm that any agent identity you give permission to invoke this skill has least privilege (e.g., narrow GitHub repo access) because the skill can create issues and query runs. (4) If you do not want the agent to take automated actions (create tickets) consider limiting autonomous invocation or requiring explicit user confirmation before running the action scripts. (5) Test the scripts in a non-production repo/environment first so you can validate behavior and permissions.
功能分析
Type: OpenClaw Skill Name: incident-triage Version: 0.3.0 The incident-triage skill bundle provides a structured framework and helper scripts for managing system alerts. The scripts (correlate-recent-deploys.sh, correlate-recent-merges.sh, and create-incident-issue.sh) use the official GitHub CLI (gh) to perform actions consistent with the stated purpose of triaging deployments and creating incident tickets. No evidence of data exfiltration, malicious execution, or prompt injection was found.
能力标签
requires-sensitive-credentials
能力评估
Purpose & Capability
The name/description (incident triage, correlate deploys/merges, create incident issues) match the included assets: triage docs, runbook template, and three small helper scripts that use the `gh` CLI. There are no requests for unrelated capabilities (no unexpected cloud credentials, remote downloads, or unrelated binaries).
Instruction Scope
SKILL.md stays within triage responsibilities: classify, scope, correlate, investigate, act. It references local reference files and the helper scripts and tells operators to consult dashboards and logs. It does not instruct the agent to read arbitrary system files or exfiltrate data. Note: the runbook template explicitly contains placeholders and must be populated before use; the skill warns about this.
Install Mechanism
No install spec — instruction-only with three small scripts included. No remote downloads or archive extraction. This is low-risk from an install standpoint.
Credentials
The skill does not declare required env vars, but the scripts and docs rely on external tooling (notably the `gh` CLI) and access to monitoring/UIs (PagerDuty, Datadog, CloudWatch, Sentry, etc.). This is coherent but users must provide appropriate CLI configuration / credentials externally. The skill does not itself demand unrelated secrets, but creating issues or querying runs requires GitHub credentials (via `gh` auth) and deeper investigation will require service-specific credentials which are not provided by the skill.
Persistence & Privilege
always is false and the skill does not request persistent system-level privileges. It can be invoked autonomously by the agent (platform default) — normal for skills. There is no evidence it modifies other skills or system-wide settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install incident-triage
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /incident-triage 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.3.0
Add scripts/ for deploy correlation and incident ticket creation; add TOC to alert-patterns.md and triage-framework.md; improve Works Well With section with step-level guidance; add runbook template warning; fix GNU date format bug in correlate-recent-deploys.sh
v0.2.0
Beta release. Five-step triage framework covering classify, scope, correlate, investigate, and act. Supports PagerDuty, Datadog, CloudWatch, Sentry, GitHub Actions, uptime monitors, and custom webhooks. Includes customizable escalation guide and runbook template.
元数据
Slug incident-triage
版本 0.3.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

Incident Triage 是什么?

Structured incident triage for alerts from any monitoring source. Five-step framework: classify severity, scope blast radius, correlate with recent changes,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 152 次。

如何安装 Incident Triage?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install incident-triage」即可一键安装,无需额外配置。

Incident Triage 是免费的吗?

是的,Incident Triage 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Incident Triage 支持哪些平台?

Incident Triage 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Incident Triage?

由 Grace Gettert(@ggettert)开发并维护,当前版本 v0.3.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论