📦 S³ Incident Runbook Templates — 应急响应手册
v1.0.0一键生成结构化应急响应手册,包含分步流程、升级路径与恢复动作,帮助团队快速构建与执行事件响应方案。
0· 152·0 当前·0 累计
by 下载技能包
最后更新
2026/4/22
安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
This skill is coherent for building incident runbooks, but treat it as a recipe for human operators rather than something to run automatically. Before installing or letting an agent execute these instructions: 1) Do not provide DB or cloud credentials to the skill; supply examples or redact secrets. 2) Require explicit human confirmation for any destructive command (rollbacks, pg_terminate_backend, kubectl apply/scale). 3) Limit the agent's execution environment and Kubernetes/DB permissions (us...详细分析 ▾
ℹ 用途与能力
Name and description match the contents: templates and step-by-step operational runbooks for incident response. The commands and sections (kubectl, psql, curl, rollout undo, scaling, network policy) are plausible and expected in an on-call/infrastructure runbook. However, some items (internal endpoints, Sentry/Grafana links, feature-flag APIs) are placeholder/organization-specific and the SKILL.md assumes access to internal infrastructure without declaring those needs.
⚠ 指令范围
The instructions include concrete, executable commands (kubectl, psql, curl, kubectl apply, pg_terminate_backend, rollout undo, scaling) that would perform destructive or high-privilege actions if executed. They reference environment variables ($DB_HOST, $DB_USER) and internal endpoints (api.company.com, prometheus, grafana, sentry) that are not declared in requires.env. The skill also suggests applying network policies and terminating DB backends — actions beyond mere read-only diagnostics. Because SKILL.md could be used to drive an agent to run these commands, the lack of explicit guardrails (explicitly requiring human confirmation or declaring that commands are examples only) is a concern.
✓ 安装机制
Instruction-only skill (no install spec, no code files). This minimizes disk/installation risk because nothing is written or downloaded by the skill itself.
⚠ 凭证需求
The skill declares no required environment variables or credentials but the runbooks reference sensitive values and services (DB_HOST, DB_USER, internal API endpoints, PagerDuty/Slack/Pager integrations, psql auth). That mismatch means the instructions assume access to secrets and internal systems without declaring or justifying them. Users should not supply full DB or cloud credentials to this skill without strict controls.
ℹ 持久化与权限
The skill is not always-enabled and doesn't request persistent privileges or modify other skills. However, it instructs high-privilege operational steps; combined with the platform default that the agent can invoke the skill autonomously, this increases the blast radius if the agent is permitted to execute commands. There are no special install-time persistence concerns.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/20
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install s3-incident-runbooks
镜像加速npx clawhub@latest install s3-incident-runbooks --registry https://cn.longxiaskill.com