{"id":"3478dc30-e7f5-4ecd-afb8-12dc50b0c15f","shortId":"X2wWYC","kind":"skill","title":"pilot-incident-response-setup","tagline":"Deploy an incident response pipeline with 4 agents. Use this skill when: 1. User wants to set up automated incident detection and response 2. User is configuring a detector, triage, remediation, or notification agent 3. User asks about automated alerting, remediation, or escalat","description":"# Incident Response Setup\n\nDeploy 4 agents: detector, triage, remediator, and notifier.\n\n## Roles\n\n| Role | Hostname | Skills | Purpose |\n|------|----------|--------|---------|\n| detector | `-detector` | pilot-watchdog, pilot-alert, pilot-audit-log, pilot-metrics | Monitors for anomalies |\n| triage | `-triage` | pilot-alert, pilot-event-filter, pilot-priority-queue, pilot-sla | Classifies and routes incidents |\n| remediator | `-remediator` | pilot-task-router, pilot-cron, pilot-audit-log, pilot-quarantine | Executes automated fixes |\n| notifier | `-notifier` | pilot-slack-bridge, pilot-email-bridge, pilot-webhook-bridge, pilot-audit-log | Notifies humans |\n\n## Setup Procedure\n\n**Step 1:** Ask the user which role this agent should play and what prefix to use.\n\n**Step 2:** Install the skills for the chosen role:\n```bash\n# For detector:\nclawhub install pilot-watchdog pilot-alert pilot-audit-log pilot-metrics\n# For triage:\nclawhub install pilot-alert pilot-event-filter pilot-priority-queue pilot-sla\n# For remediator:\nclawhub install pilot-task-router pilot-cron pilot-audit-log pilot-quarantine\n# For notifier:\nclawhub install pilot-slack-bridge pilot-email-bridge pilot-webhook-bridge pilot-audit-log\n```\n\n**Step 3:** Set the hostname and write the manifest to `~/.pilot/setups/incident-response.json`.\n\n**Step 4:** Tell the user to initiate handshakes.\n\n## Manifest Templates Per Role\n\n### detector\n```json\n{\n \"setup\": \"incident-response\", \"role\": \"detector\", \"role_name\": \"Anomaly Detector\",\n \"hostname\": \"-detector\",\n \"skills\": {\n \"pilot-watchdog\": \"Monitor for unusual traffic, error spikes, resource exhaustion.\",\n \"pilot-alert\": \"Emit structured anomaly alerts to triage.\",\n \"pilot-audit-log\": \"Log all detected anomalies for forensics.\",\n \"pilot-metrics\": \"Track detection rates, false positive ratios.\"\n },\n \"data_flows\": [{ \"direction\": \"send\", \"peer\": \"-triage\", \"port\": 1002, \"topic\": \"anomaly-detected\", \"description\": \"Raw anomaly alerts\" }],\n \"handshakes_needed\": [\"-triage\"]\n}\n```\n\n### triage\n```json\n{\n \"setup\": \"incident-response\", \"role\": \"triage\", \"role_name\": \"Incident Triage\",\n \"hostname\": \"-triage\",\n \"skills\": {\n \"pilot-alert\": \"Receive raw alerts, classify severity (P1-P4).\",\n \"pilot-event-filter\": \"Filter noise and duplicates.\",\n \"pilot-priority-queue\": \"Queue incidents by priority for routing.\",\n \"pilot-sla\": \"Apply SLA policies to determine response deadlines.\"\n },\n \"data_flows\": [\n { \"direction\": \"receive\", \"peer\": \"-detector\", \"port\": 1002, \"topic\": \"anomaly-detected\", \"description\": \"Raw alerts\" },\n { \"direction\": \"send\", \"peer\": \"-remediator\", \"port\": 1002, \"topic\": \"incident-action\", \"description\": \"Actionable incidents\" },\n { \"direction\": \"send\", \"peer\": \"-notifier\", \"port\": 1002, \"topic\": \"incident-alert\", \"description\": \"Classified incidents\" }\n ],\n \"handshakes_needed\": [\"-detector\", \"-remediator\", \"-notifier\"]\n}\n```\n\n### remediator\n```json\n{\n \"setup\": \"incident-response\", \"role\": \"remediator\", \"role_name\": \"Auto-Remediator\",\n \"hostname\": \"-remediator\",\n \"skills\": {\n \"pilot-task-router\": \"Execute remediation actions (restart, scale, quarantine).\",\n \"pilot-cron\": \"Run scheduled health checks.\",\n \"pilot-audit-log\": \"Log all remediation actions.\",\n \"pilot-quarantine\": \"Isolate compromised nodes.\"\n },\n \"data_flows\": [\n { \"direction\": \"receive\", \"peer\": \"-triage\", \"port\": 1002, \"topic\": \"incident-action\", \"description\": \"Actionable incidents\" },\n { \"direction\": \"send\", \"peer\": \"-notifier\", \"port\": 1002, \"topic\": \"remediation-complete\", \"description\": \"Remediation reports\" }\n ],\n \"handshakes_needed\": [\"-triage\", \"-notifier\"]\n}\n```\n\n### notifier\n```json\n{\n \"setup\": \"incident-response\", \"role\": \"notifier\", \"role_name\": \"Human Notifier\",\n \"hostname\": \"-notifier\",\n \"skills\": {\n \"pilot-slack-bridge\": \"Post incident alerts to Slack channels.\",\n \"pilot-email-bridge\": \"Send escalation emails for P1 incidents.\",\n \"pilot-webhook-bridge\": \"Trigger external integrations (PagerDuty, Opsgenie).\",\n \"pilot-audit-log\": \"Log all notifications sent.\"\n },\n \"data_flows\": [\n { \"direction\": \"receive\", \"peer\": \"-triage\", \"port\": 1002, \"topic\": \"incident-alert\", \"description\": \"Classified incidents\" },\n { \"direction\": \"receive\", \"peer\": \"-remediator\", \"port\": 1002, \"topic\": \"remediation-complete\", \"description\": \"Remediation reports\" }\n ],\n \"handshakes_needed\": [\"-triage\", \"-remediator\"]\n}\n```\n\n## Data Flows\n\n- `detector → triage` : raw anomaly alerts (port 1002)\n- `triage → remediator` : actionable incidents (port 1002)\n- `triage → notifier` : classified incidents (port 1002)\n- `remediator → notifier` : remediation reports (port 1002)\n\n## Workflow Example\n\n```bash\n# On detector:\npilotctl --json publish -triage anomaly-detected '{\"source\":\"web-01\",\"type\":\"error_spike\",\"rate\":450}'\n# On triage:\npilotctl --json publish -remediator incident-action '{\"id\":\"INC-2847\",\"severity\":\"P1\",\"action\":\"restart_service\"}'\npilotctl --json publish -notifier incident-alert '{\"id\":\"INC-2847\",\"severity\":\"P1\",\"summary\":\"Error spike on web-01\"}'\n# On remediator:\npilotctl --json publish -notifier remediation-complete '{\"id\":\"INC-2847\",\"action\":\"restart_service\",\"result\":\"success\"}'\n```\n\n## Dependencies\n\nRequires `pilot-protocol` skill, `pilotctl` binary, `clawhub` binary, and a running daemon.","tags":["pilot","incident","response","setup","skills","teoslayer","agent-skills","ai-agents","clawhub","networking","openclaw","overlay-network"],"capabilities":["skill","source-teoslayer","skill-pilot-incident-response-setup","topic-agent-skills","topic-ai-agents","topic-clawhub","topic-networking","topic-openclaw","topic-overlay-network","topic-p2p","topic-pilot-protocol"],"categories":["pilot-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/TeoSlayer/pilot-skills/pilot-incident-response-setup","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add TeoSlayer/pilot-skills","source_repo":"https://github.com/TeoSlayer/pilot-skills","install_from":"skills.sh"}},"qualityScore":"0.453","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 6 github stars · SKILL.md body (5,568 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:14:56.985Z","embedding":null,"createdAt":"2026-05-18T13:22:42.294Z","updatedAt":"2026-05-18T19:14:56.985Z","lastSeenAt":"2026-05-18T19:14:56.985Z","tsv":"'-01':643,683 '-2847':660,675,695 '/.pilot/setups/incident-response.json':253 '1':18,145 '1002':327,400,413,426,493,506,577,590,610,616,622,628 '2':29,161 '3':40,244 '4':12,53,255 '450':648 'action':417,419,461,479,497,499,613,657,663,696 'agent':13,39,54,152 'alert':45,72,87,179,193,294,298,335,356,359,407,430,539,581,608,672 'anomali':82,276,297,308,330,334,403,607,639 'anomaly-detect':329,402,638 'appli':386 'ask':42,146 'audit':75,114,138,182,218,241,303,474,564 'auto':450 'auto-remedi':449 'autom':24,44,120 'bash':169,631 'binari':708,710 'bridg':127,131,135,230,234,238,536,546,556 'channel':542 'check':471 'chosen':167 'classifi':99,360,432,583,619 'clawhub':172,189,207,225,709 'complet':510,594,692 'compromis':484 'configur':32 'cron':111,215,467 'daemon':714 'data':320,393,486,570,602 'deadlin':392 'depend':701 'deploy':6,52 'descript':332,405,418,431,498,511,582,595 'detect':26,307,315,331,404,640 'detector':34,55,65,66,171,266,273,277,279,398,436,604,633 'determin':390 'direct':322,395,408,421,488,501,572,585 'duplic':372 'email':130,233,545,549 'emit':295 'error':288,645,679 'escal':548 'escalat':48 'event':90,196,367 'exampl':630 'execut':119,459 'exhaust':291 'extern':558 'fals':317 'filter':91,197,368,369 'fix':121 'flow':321,394,487,571,603 'forens':310 'handshak':261,336,434,514,598 'health':470 'hostnam':62,247,278,351,452,530 'human':141,528 'id':658,673,693 'inc':659,674,694 'incid':3,8,25,49,102,270,343,349,378,416,420,429,433,443,496,500,522,538,552,580,584,614,620,656,671 'incident-act':415,495,655 'incident-alert':428,579,670 'incident-respons':269,342,442,521 'initi':260 'instal':162,173,190,208,226 'integr':559 'isol':483 'json':267,340,440,519,635,652,667,687 'log':76,115,139,183,219,242,304,305,475,476,565,566 'manifest':251,262 'metric':79,186,313 'monitor':80,284 'name':275,348,448,527 'need':337,435,515,599 'node':485 'nois':370 'notif':38,568 'notifi':59,122,123,140,224,424,438,504,517,518,525,529,531,618,624,669,689 'opsgeni':561 'p1':363,551,662,677 'p1-p4':362 'p4':364 'pagerduti':560 'peer':324,397,410,423,490,503,574,587 'per':264 'pilot':2,68,71,74,78,86,89,93,97,106,110,113,117,125,129,133,137,175,178,181,185,192,195,199,203,210,214,217,221,228,232,236,240,282,293,302,312,355,366,374,384,456,466,473,481,534,544,554,563,704 'pilot-alert':70,85,177,191,292,354 'pilot-audit-log':73,112,136,180,216,239,301,472,562 'pilot-cron':109,213,465 'pilot-email-bridg':128,231,543 'pilot-event-filt':88,194,365 'pilot-incident-response-setup':1 'pilot-metr':77,184,311 'pilot-priority-queu':92,198,373 'pilot-protocol':703 'pilot-quarantin':116,220,480 'pilot-sla':96,202,383 'pilot-slack-bridg':124,227,533 'pilot-task-rout':105,209,455 'pilot-watchdog':67,174,281 'pilot-webhook-bridg':132,235,553 'pilotctl':634,651,666,686,707 'pipelin':10 'play':154 'polici':388 'port':326,399,412,425,492,505,576,589,609,615,621,627 'posit':318 'post':537 'prefix':157 'prioriti':94,200,375,380 'procedur':143 'protocol':705 'publish':636,653,668,688 'purpos':64 'quarantin':118,222,464,482 'queue':95,201,376,377 'rate':316,647 'ratio':319 'raw':333,358,406,606 'receiv':357,396,489,573,586 'remedi':36,46,57,103,104,206,411,437,439,446,451,453,460,478,509,512,588,593,596,601,612,623,625,654,685,691 'remediation-complet':508,592,690 'report':513,597,626 'requir':702 'resourc':290 'respons':4,9,28,50,271,344,391,444,523 'restart':462,664,697 'result':699 'role':60,61,150,168,265,272,274,345,347,445,447,524,526 'rout':101,382 'router':108,212,458 'run':468,713 'scale':463 'schedul':469 'send':323,409,422,502,547 'sent':569 'servic':665,698 'set':22,245 'setup':5,51,142,268,341,441,520 'sever':361,661,676 'skill':16,63,164,280,353,454,532,706 'skill-pilot-incident-response-setup' 'sla':98,204,385,387 'slack':126,229,535,541 'sourc':641 'source-teoslayer' 'spike':289,646,680 'step':144,160,243,254 'structur':296 'success':700 'summari':678 'task':107,211,457 'tell':256 'templat':263 'topic':328,401,414,427,494,507,578,591 'topic-agent-skills' 'topic-ai-agents' 'topic-clawhub' 'topic-networking' 'topic-openclaw' 'topic-overlay-network' 'topic-p2p' 'topic-pilot-protocol' 'track':314 'traffic':287 'triag':35,56,83,84,188,300,325,338,339,346,350,352,491,516,575,600,605,611,617,637,650 'trigger':557 'type':644 'unusu':286 'use':14,159 'user':19,30,41,148,258 'want':20 'watchdog':69,176,283 'web':642,682 'webhook':134,237,555 'workflow':629 'write':249","prices":[{"id":"8afabbbb-417b-4064-a2ea-fad3e2f18692","listingId":"3478dc30-e7f5-4ecd-afb8-12dc50b0c15f","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"TeoSlayer","category":"pilot-skills","install_from":"skills.sh"},"createdAt":"2026-05-18T13:22:42.294Z"}],"sources":[{"listingId":"3478dc30-e7f5-4ecd-afb8-12dc50b0c15f","source":"github","sourceId":"TeoSlayer/pilot-skills/pilot-incident-response-setup","sourceUrl":"https://github.com/TeoSlayer/pilot-skills/tree/main/skills/pilot-incident-response-setup","isPrimary":false,"firstSeenAt":"2026-05-18T13:22:42.294Z","lastSeenAt":"2026-05-18T19:14:56.985Z"}],"details":{"listingId":"3478dc30-e7f5-4ecd-afb8-12dc50b0c15f","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"TeoSlayer","slug":"pilot-incident-response-setup","github":{"repo":"TeoSlayer/pilot-skills","stars":6,"topics":["agent-skills","ai-agents","clawhub","networking","openclaw","overlay-network","p2p","pilot-protocol"],"license":"agpl-3.0","html_url":"https://github.com/TeoSlayer/pilot-skills","pushed_at":"2026-05-13T06:08:49Z","description":"80+ agent skills for Pilot Protocol — communication, file transfer, trust, task routing, swarm coordination, and more","skill_md_sha":"461383ec0a2075a1517e8e99fd9cf93ff2606484","skill_md_path":"skills/pilot-incident-response-setup/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/TeoSlayer/pilot-skills/tree/main/skills/pilot-incident-response-setup"},"layout":"multi","source":"github","category":"pilot-skills","frontmatter":{"name":"pilot-incident-response-setup","license":"AGPL-3.0","description":"Deploy an incident response pipeline with 4 agents. Use this skill when: 1. User wants to set up automated incident detection and response 2. User is configuring a detector, triage, remediation, or notification agent 3. User asks about automated alerting, remediation, or escalation workflows Do NOT use this skill when: - User wants a single watchdog check (use pilot-watchdog instead) - User wants to send a one-off alert (use pilot-alert instead)"},"skills_sh_url":"https://skills.sh/TeoSlayer/pilot-skills/pilot-incident-response-setup"},"updatedAt":"2026-05-18T19:14:56.985Z"}}