From security-incident-responder
Assists with security incident response, investigation, and remediation. This skill is triggered when the user requests help with incident response, mentions specific incident types (e.g., data breach, ransomware, DDoS), or uses terms like "incident response plan", "containment", "eradication", or "post-incident activity". It guides the user through the incident response lifecycle, from preparation to post-incident analysis. It is useful for classifying incidents, creating response playbooks, collecting evidence, constructing timelines, and generating remediation steps. Use this skill when needing to respond to a "security incident".
How this skill is triggered — by the user, by Claude, or both
Slash command
/security-incident-responder:security-incident-responderThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
This skill empowers Claude to guide you through the security incident response process, ensuring a structured and effective approach to handling security breaches and attacks. It helps you classify incidents, develop response strategies, gather crucial evidence, and implement remediation steps to minimize damage and prevent future occurrences.
This skill empowers Claude to guide you through the security incident response process, ensuring a structured and effective approach to handling security breaches and attacks. It helps you classify incidents, develop response strategies, gather crucial evidence, and implement remediation steps to minimize damage and prevent future occurrences.
This skill activates when you need to:
User request: "We've been hit with a ransomware attack. What should we do?"
The skill will:
User request: "Investigate a potential data breach on our customer database."
The skill will:
This skill can be integrated with other security tools and plugins to automate tasks such as vulnerability scanning, log analysis, and threat intelligence gathering. It can also be used in conjunction with project management tools to track incident response tasks and assign responsibilities.
Guides completion of development work by verifying tests, detecting environment, and presenting structured options for merge, PR, or cleanup.
Guides creation and editing of skills using test-driven development with pressure scenarios and subagents to verify agent compliance.
Dispatches multiple subagents concurrently for independent tasks without shared state. Use when facing 2+ unrelated failures or subsystems that can be investigated in parallel.
3plugins reuse this skill
First indexed Jul 13, 2026
npx claudepluginhub dorucioclea/claude-code-plugins-plus --plugin security-incident-responder