nwave-ai/nw-investigation-techniques
nWave/skills/nw-investigation-techniques/SKILL.md
Evidence collection methods, problem categorization, analysis techniques, and solution design patterns
$ install --global
skillsauthnpx skillsauth add nwave-ai/nwave nw-investigation-techniquesInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 24, 2026, 8:41 PM1.8s1 file scanned
SKILL.md
- name:
- nw-investigation-techniques
- description:
- Evidence collection methods, problem categorization, analysis techniques, and solution design patterns
- user-invocable:
- false
- disable-model-invocation:
- true
Investigation Techniques
Problem Categorization
Technical Problems
| Category | Sub-Category | Common Symptoms | |----------|-------------|-----------------| | System Failures | App crashes, memory leaks, deadlocks, data corruption | Service unavailability, resource exhaustion, integrity errors | | System Failures | Hardware, network, database, security | Connectivity loss, capacity limits, access failures | | Performance | Response time: slow queries, latency, algorithmic inefficiency | High p95/p99, user-reported slowness | | Performance | Throughput: thread pool exhaustion, connection limits, queue backlog | Reduced capacity, growing queues | | Integration | Internal: component comms, data format, version conflicts | Interface errors, serialization failures | | Integration | External: third-party availability, API changes, auth failures | Timeouts, contract violations |
Operational Problems
| Category | Common Symptoms | |----------|-----------------| | Deployment: script failures, config drift, migration errors | Failed releases, environment inconsistencies | | Monitoring: alerting gaps, backup failures, incident response | Missed incidents, slow recovery | | Human factors: communication gaps, knowledge silos, skill gaps | Repeated mistakes, slow onboarding |
Evidence Collection
Technical Evidence Sources
Logs: application (timestamp correlation) | system/infrastructure | database | network traces
Metrics: performance/resource utilization | error rates/response time trends | user behavior/transaction patterns | infrastructure health/capacity
Configuration: system/deployment settings | code changes/VCS history (git log, blame) | env vars/dependencies | security/access controls
Evidence Validation
- Cross-reference: verify from multiple independent sources
- Timestamp validation: confirm event sequence accuracy
- Completeness check: identify data gaps/corruption
- Correlation vs causation: distinguish co-occurrence from causation
Analysis Techniques
Quantitative
- Trend: time series of metrics, error pattern frequency
- Distribution: response time percentiles, error rate across components
- Pattern recognition: log anomalies, behavior patterns, error clustering
Qualitative
- Timeline reconstruction: detailed incident timeline, correlate changes with symptoms
- Process analysis: workflow disruptions, communication flow, decision chains
- Environmental: recent changes, system load, external factors, related incidents
Solution Design Patterns
Immediate Mitigations (restore service)
Quick fixes | workarounds to minimize impact | emergency procedures | monitoring enhancements
Permanent Fixes (prevent recurrence)
Architecture modifications | code quality/defensive programming | config management/environment consistency | testing/validation improvements
Early Detection (catch faster)
Leading indicators | anomaly detection/predictive alerting | automated quality gates | threshold tuning from learnings
Solution Prioritization Matrix
| Priority | Criteria | Action | |----------|----------|--------| | P0 | Active incident, users impacted | Immediate mitigation, hours | | P1 | Root cause fix for recurring issue | Permanent fix, current sprint | | P2 | Prevention for potential issues | Next sprint | | P3 | Systemic improvement | Backlog with evidence |
Related Skills
nwave-ai/nw-distill
testing
VerifiedTrustedCommunity
Acceptance test creation methodology for the DISTILL wave. Domain knowledge for the acceptance designer agent: port-to-port principle, prior wave reading, wave-decision reconciliation, graceful degradation, and document back-propagation.
504SKILL.mdUpdated May 21, 2026
nwave-ai/nw-test-optimization
testing
VerifiedTrustedCommunity
Methodology for minimizing test count while maximizing behavioral coverage - behavior definition, anti-pattern catalog, consolidation patterns, stopping criterion, coverage-preserving validation
504SKILL.mdUpdated May 5, 2026
nwave-ai/nw-test-optimization
testing
VerifiedTrustedCommunity
Methodology for minimizing test count while maximizing behavioral coverage - behavior definition, anti-pattern catalog, consolidation patterns, stopping criterion, coverage-preserving validation
504SKILL.mdUpdated May 5, 2026
nwave-ai/nw-test-design-mandates
development
VerifiedTrustedCommunity
Design mandates for acceptance tests - hexagonal boundary, business language abstraction, user journey completeness, pure function extraction, 3 Pillars (domain language / chained narrative / production composition), and the layered ATD discipline (Universe-bound assertion, layer-dependent PBT mode, two-tier acceptance, example-based sad paths)
504SKILL.mdUpdated Apr 16, 2026