← Back to Skills Marketplace
Incident Response Runbook
by
charlie-morrison
· GitHub ↗
· v1.0.0
· MIT-0
52
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install incident-response-runbook
Description
Create, maintain, and execute detailed incident response runbooks to guide triage, communication, and post-incident reviews for production outages.
README (SKILL.md)
Incident Response Runbook
Generate, maintain, and execute incident response runbooks for production systems. Use when setting up incident workflows, responding to outages, or documenting post-incident learnings.
Usage
Generate Runbook
Create an incident response runbook for [service/system].
Infrastructure: [cloud provider, key services].
Common failure modes: [list known issues].
During Incident
Incident: [description]. Severity: [1-4].
Current symptoms: [what's happening].
Help me triage and respond.
Post-Incident
Generate a post-incident review for: [incident summary].
Timeline: [key events with timestamps].
Resolution: [what fixed it].
Runbook Structure
Generated runbooks follow this template:
# [Service] Incident Response Runbook
## Quick Reference
- **On-call:** [rotation link]
- **Dashboards:** [monitoring links]
- **Escalation:** [contact chain]
## Severity Levels
- **SEV1**: Complete outage, revenue impact → respond in 5 min
- **SEV2**: Degraded service, user-facing → respond in 15 min
- **SEV3**: Internal impact, no users affected → respond in 1 hour
- **SEV4**: Cosmetic or minor, no urgency → next business day
## Triage Steps
1. Confirm the issue (check dashboards, reproduce)
2. Assess blast radius (which users/services affected)
3. Assign severity level
4. Start incident channel/thread
5. Communicate to stakeholders
## Failure Modes
### [Failure Mode 1: e.g., Database Connection Pool Exhaustion]
**Symptoms:** [what you'll see]
**Diagnosis:** [commands to run, logs to check]
**Mitigation:** [immediate steps to restore service]
**Root Fix:** [permanent solution]
### [Failure Mode 2: e.g., Memory Leak in Worker Process]
...
## Rollback Procedures
[Service-specific rollback steps]
## Communication Templates
[Internal + external status page templates]
## Post-Incident Review Template
[Blameless review structure]
Scripts
scripts/generate_runbook.py
Generate a runbook skeleton from service metadata:
python3 scripts/generate_runbook.py --service api-gateway \
--provider aws --region us-east-1 \
--monitors datadog,pagerduty \
--output runbook-api-gateway.md
AI Enhancement
When used as an agent skill, the incident responder:
- Guides triage in real-time with diagnostic commands specific to the stack
- Correlates symptoms with known failure modes from the runbook
- Drafts status page updates and internal communications
- Generates post-incident reviews with timeline, root cause analysis, and action items
- Learns from past incidents to improve future runbooks
Usage Guidance
This skill appears coherent and benign: it provides templates and a small script to generate runbooks. Before running any agent-generated diagnostic or mitigation commands, verify the target environment and use least-privilege credentials (kubectl/AWS tokens should be restricted). Pay special attention to rollback or mitigation steps that could modify production (deploy rollbacks, DNS changes, feature-flag toggles) and require human approval for destructive actions. Also note the skill's source is unknown—consider vetting it or running the script in a sandbox first.
Capability Analysis
Type: OpenClaw Skill
Name: incident-response-runbook
Version: 1.0.0
The skill bundle is a legitimate tool for generating and managing incident response runbooks. The Python script `scripts/generate_runbook.py` safely uses string formatting to create markdown templates based on user input, and the `SKILL.md` file provides appropriate instructions for an AI agent to assist with triage and documentation without any signs of malicious intent or prompt injection attacks.
Capability Assessment
Purpose & Capability
Name/description align with contents: SKILL.md and a small helper script generate runbook markdown and provide triage templates and diagnostic commands. Nothing requested or installed is inconsistent with an incident-response runbook.
Instruction Scope
Instructions are scoped to incident lifecycle (generate, triage, post-incident). They include examples of diagnostic commands (curl, aws logs, kubectl, docker) and rollback/mitigation steps; these are expected for incident response but may require cloud/cluster credentials and can be destructive if executed without care.
Install Mechanism
No install spec; this is instruction-first with one benign helper script. Nothing is downloaded or written to disk by an install step.
Credentials
The skill does not declare or require any environment variables, credentials, or config paths. References to monitoring tools and cloud CLIs in the runbook are expected usage patterns and do not imply unnecessary credential requests by the skill itself.
Persistence & Privilege
always is false (no forced inclusion). disable-model-invocation is false (normal — agent may invoke the skill); the skill does not request elevated persistent privileges or modify other skills' configurations.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install incident-response-runbook - After installation, invoke the skill by name or use
/incident-response-runbook - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of incident-response-runbook skill:
- Generates, maintains, and executes incident response runbooks for production systems.
- Provides templates and structured guidance for incident triage, management, and post-incident reviews.
- Includes ready-to-use commands for generating runbooks, triaging incidents, and creating post-incident documentation.
- Offers scripts for automated runbook generation from service metadata.
- Enhances response workflows with real-time diagnostic guidance, communication drafts, and learning from previous incidents.
Metadata
Frequently Asked Questions
What is Incident Response Runbook?
Create, maintain, and execute detailed incident response runbooks to guide triage, communication, and post-incident reviews for production outages. It is an AI Agent Skill for Claude Code / OpenClaw, with 52 downloads so far.
How do I install Incident Response Runbook?
Run "/install incident-response-runbook" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Incident Response Runbook free?
Yes, Incident Response Runbook is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Incident Response Runbook support?
Incident Response Runbook is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Incident Response Runbook?
It is built and maintained by charlie-morrison (@charlie-morrison); the current version is v1.0.0.
More Skills