技能详情(站内镜像,无评论)
作者:Muhammad Mazhar Saeed @0x-professor
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v0.1.0
统计:⭐ 0 · 254 · 2 current installs · 2 all-time installs
⭐ 0
安装量(当前) 2
🛡 VirusTotal :良性 · OpenClaw :良性
Package:0x-professor/cyber-ir-playbook
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
The skill's code, instructions, and requirements are consistent with its stated purpose (building IR timelines and reports); it doesn't request credentials or perform network I/O.
目的
Name, description, and included files (reference guide and a Python report generator) align: the bundled script ingests event JSON and produces timeline reports. No unrelated binaries, env vars, or external services are requested.
说明范围
SKILL.md instructs running the included script and reading the provided phase guide; the script only reads a user-supplied input file (max 1 MiB) and writes an output artifact in the chosen format. Note: the script will write to whatever output path is supplied, so callers should avoid pointing it at sensitive system files or locations where overwriting is dangerous.
安装机制
No install spec — the skill is instruction + a small Python script. No remote downloads or package installs are declared, which keeps install risk low. Users need a Python runtime to execute the script.
证书
The skill requests no environment variables, credentials, or config paths. The script does not read environment variables or network endpoints; required data is provided via the input file argument.
持久
always is false and the skill does not attempt to persist configuration, modify other skills, or elevate privileges. It operates only on files passed to it.
综合结论
This skill appears coherent and low-risk: it converts user-supplied event JSON into timeline reports and ships with a small Python script and a phase guide. Before running, (1) review the script yourself (it's short and readable) and ensure you run it in a trusted environment with a Python 3 runtime, (2) only pass input files you trust (logs may contain sensitive data), and (3) specify an output path that won't overwrite important system or se…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Cyber Ir Playbook」。简介:Build incident response timelines and report packs from event logs. Use for det…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/0x-professor/cyber-ir-playbook/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: cyber-ir-playbook
description: Build incident response timelines and report packs from event logs. Use for detection-to-recovery reporting, phase tracking, and stakeholder-ready incident summaries.
---
# Cyber IR Playbook
## Overview
Convert incident events into a standardized response timeline and phase-based report.
## Workflow
1. Ingest incident events with timestamps.
2. Classify events into detection, containment, eradication, recovery, or post-incident phases.
3. Build ordered timeline and summarize current phase completion.
4. Produce a report artifact for internal and executive audiences.
## Use Bundled Resources
- Run `scripts/ir_timeline_report.py` to generate a deterministic timeline report.
- Read `references/ir-phase-guide.md` for phase mapping guidance.
## Guardrails
- Focus on defensive incident handling and post-incident learning.
- Do not provide offensive exploitation instructions.