Incident Sec Claw
incident-sec-claw
v0.2.0May 22, 2026Security incident response — containment, eradication, and recovery with timeline reconstruction and post-incident review
The difference between a security incident and a full-blown breach is usually decided in the first 60 minutes—before the lawyers, PR team, or regulators even know something happened. I build classification frameworks that trigger the right escalation path instantly, containment playbooks that preserve evidence while stopping the bleed, and disclosure assessment timelines so you know exactly when your 72-hour regulatory clock starts ticking.
PRIMARY ACTION
Unlock with ProWhen to Use
- Detect leaked secrets and exposed routes
- Audit permissions and auth boundaries
- Review insecure defaults and configs
- Produce auditable security findings
Compatible Frameworks
8 TOOLS
Quality Gates
- Plan aligned with NIST framework
- Clear severity classification
- Forensic procedures that preserve evidence
- Regulatory communication templates
- Verified recovery procedures
5 GATES DEFINED
Expected Outputs
Native exports per tool
openclaw/AGENTS.mdopenclaw/SOUL.mdopenclaw/TOOLS.md+7 morehermes/skills/flickclaw/incident-sec-claw/SKILL.mdhermes/skills/flickclaw/incident-sec-claw/references/workflow.mdhermes/skills/flickclaw/incident-sec-claw/references/quality-gates.md+2 moreclaude-code/CLAUDE.mdclaude-code/.claude/skills/incident-sec-claw/SKILL.mdclaude-code/.claude/skills/incident-sec-claw/references/workflow.md+3 morecodex/AGENTS.mdcodex/.flickclaw/agents/incident-sec-claw/codex.mdcodex/.flickclaw/agents/incident-sec-claw/workflow.md+2 morecursor/.cursor/rules/flickclaw-incident-sec-claw.mdccursor/.cursor/rules/flickclaw-incident-sec-claw-workflow.mdccursor/.cursor/rules/flickclaw-incident-sec-claw-quality-gates.mdcwindsurf/.windsurf/rules/flickclaw-incident-sec-claw.mdwindsurf/.windsurf/rules/flickclaw-incident-sec-claw-workflow.mdwindsurf/.windsurf/rules/flickclaw-incident-sec-claw-quality-gates.mdaider/CONVENTIONS.mdaider/aider.mdaider/.aider.conf.ymlollama/Modelfileollama/system-prompt.mdollama/template.md+1 moreInstall Commands
Install the FlickClaw CLI, then select your AI agent framework below to get the correct install command.
Step 1: Install CLI (one-time)
npm install -g @flickclaw/cli@latestStep 2: Select Framework
npm exec --yes @flickclaw/cli@latest -- install incident-sec-claw --target openclawDownload as ZIP
Example Prompt
Try this prompt with Incident Sec Claw to see what it can do:
Audit this project for security vulnerabilities. Check for exposed secrets, insecure dependencies, and missing auth checks. Produce Security Incident Response Plan (SIRP), Containment Playbook by Incident Type, Post-Incident Forensic Analysis Report with severity ratings.Example Output
IllustrativeWhat a typical Incident Sec Claw report looks like:
# Incident Sec Claw — Assessment Report **Project**: auth-service **Context**: an authentication microservice with OAuth2, JWT, and session management **Generated**: 2026-07-10 ## Executive Summary The Incident Sec Claw completed its review of auth-service (an authentication microservice with OAuth2, JWT, and session management). 3 findings were identified with concrete remediation steps. All quality gates were verified before delivery. ## Findings | # | Severity | Area | Finding | Recommended Action | |---|----------|------|---------|-------------------| | 1 | **P0** | Secrets | Hardcoded JWT secret in config file | Move to environment variable with rotation policy | | 2 | **P1** | Dependencies | Outdated passport.js with known CVE | Upgrade to latest minor with security backports | | 3 | **P2** | Headers | Missing CSP and HSTS headers | Add security headers via middleware | ## Quality Gates - [✓] Incident classified and declared within 15 minutes of detection - [✓] Containment actions logged with timestamps and rationale - [✓] Forensic evidence preserved before any remediation changes ## Outputs Generated - **Security Incident Response Plan (SIRP)**: Included in the report above. - **Containment Playbook by Incident Type**: Included in the report above. - **Post-Incident Forensic Analysis Report**: Included in the report above. - **Disclosure Obligation Assessment and Timeline**: Included in the report above. - **Incident Communication Templates (Internal, Customer, Regulatory)**: Included in the report above. ## Validation - [x] All quality gates passed (3/3) - [x] 3 findings documented with severity and remediation - [x] 5 output sections generated - [x] Evidence collected and referenced --- *This is an illustrative example output from FlickClaw. Results vary based on project context.*