abzhaw/incident-response
.agent/skills/incident-response/SKILL.md
Security incident handling, escalation, auto-quarantine patterns. Use when Julia's security sentinel detects a critical finding or when designing incident workflows.
testing
Updated Mar 27, 2026
$ install --global
skillsauthnpx skillsauth add abzhaw/juliaz_agents incident-responseInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 30, 2026, 11:58 AM58.8s1 file scanned
SKILL.md
- name:
- incident-response
- description:
- Security incident handling, escalation, auto-quarantine patterns. Use when Julia's security sentinel detects a critical finding or when designing incident workflows.
Incident Response
Severity Levels
| Level | Examples | Response | |-------|---------|---------| | 🟢 Info | New dependency version available | Log only | | 🟡 Medium | npm audit high severity | Notify Raphael next morning | | 🔴 High | Critical CVE in prod dependency | Immediate Telegram alert | | 🚨 Critical | Secret leaked in git, active exploit | Immediate + auto-remediation |
Incident Response Checklist
1. DETECT — sentinel finds issue, logs with timestamp
2. ASSESS — determine severity level
3. NOTIFY — alert Raphael via Telegram (if high+)
4. CONTAIN — if critical: auto-quarantine (stop service, rotate key)
5. FIX — apply patch, update deps, rotate credentials
6. VERIFY — re-run scan to confirm issue resolved
7. DOCUMENT — update memory/incidents.log with full timeline
Auto-Quarantine Pattern (for leaked secrets)
# Immediately rotate and stop the affected service
rotate_secret() {
local service=$1
echo "$(date) CRITICAL: Rotating secret for $service" >> incidents.log
pm2 stop "$service" # stop immediately
notify_raphael "🚨 CRITICAL: Rotating $service credentials NOW"
# Human must supply new credentials and restart
}
Post-Incident Log Format
[2026-02-23 07:45:00] INCIDENT-001
Severity: HIGH
Finding: npm audit — critical CVE in [email protected]
Impact: bridge, cowork-mcp potentially vulnerable
Action: npm audit fix, redeployed both services
Resolved: [2026-02-23 08:10:00]
Prevention: Add npm audit to CI and weekly cron
Related Skills
abzhaw/thesis-tracker
development
VerifiedTrustedCommunity
Fortschrittsverfolgung der Masterarbeit. Wortanzahl pro Kapitel, Fertigstellungsgrad, fehlende Elemente, Deadlines. Haelt den Ueberblick.
SKILL.mdUpdated Mar 27, 2026
abzhaw/thesis-structure
development
VerifiedTrustedCommunity
Kapitelarchitektur und Gliederung der Masterarbeit. Verwaltet die Struktur, schlaegt vor wo Inhalte hingehoeren, validiert den logischen Fluss zwischen Kapiteln.
SKILL.mdUpdated Mar 27, 2026
abzhaw/session-synthesizer
tools
VerifiedTrustedCommunity
Konvertiert Protokolleinträge und Session-Logs in thesis-fähiges deutsches Narrativ. Transformiert Entwicklungsdokumentation in akademische Prosa.
SKILL.mdUpdated Mar 27, 2026
abzhaw/research-scout
research
VerifiedTrustedCommunity
Sucht und analysiert akademische Literatur. Findet relevante Papers, erstellt strukturierte Zusammenfassungen. Zitiert NIEMALS — schlaegt nur vor.
SKILL.mdUpdated Mar 27, 2026