Diablo_Rain/Diablo_ClaudeMD_Ricing_example
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
8b47d8e2b8
Diablo_ClaudeMD_Ricing_example/skills/crashcart/SKILL.md
diablo 50fa79407d
Some checks are pending
CI — CoM Config Validation / Validate JSON Configs (push) Waiting to run
Details
CI — CoM Config Validation / Validate YAML Configs (push) Waiting to run
Details
CI — CoM Config Validation / Lint Shell Scripts (push) Waiting to run
Details
CI — CoM Config Validation / Secret Detection (push) Waiting to run
Details
CI — CoM Config Validation / Lint Markdown (push) Waiting to run
Details
CI — CoM Config Validation / Validate CODEOWNERS (push) Waiting to run
Details
CoM Claude Command Center — sanitized public configuration 
Public, sanitized mirror of an AI orchestration command center: agents, skills,
MCP servers, slash-command workflows. All infrastructure identifiers, hostnames,
mesh IPs/subnets, repo paths, maintainer identity, and hardware fleet specifics
scrubbed to <placeholders>; session debug logs and host-specific memory removed.
No live credentials. Verified clean by automated leak sweep. See SANITIZATION.md.

churchofmalware.org . authorized research only
2026-06-10 02:02:03 -04:00

2.2 KiB
Raw Blame History

name description argument-hint allowed-tools
crashcart Incident response and emergency diagnostics workflow. Builds CrashCart IR procedures, tests triage scripts, and generates chain-of-custody documentation. Targets Syn_OS v25 "CrashCart" milestone.
action
triage|build|test|doc
Bash, Read, Grep, Glob, Agent, WebSearch

CrashCart IR workflow for Syn_OS.

Action: $ARGUMENTS (default: triage)

If action is "triage" (live system diagnostics):

Run rapid system assessment:

  1. Disk health, memory pressure, CPU load
  2. Network state (open ports, active connections, ARP table, routing)
  3. Running processes (sorted by resource usage, flag unknowns)
  4. Windows Defender / security status
  5. ARCANUM mesh node reachability ()
  6. Recent event log entries (errors/warnings in last 24h) Output: Compact triage report with severity flags.

If action is "build" (develop CrashCart components):

Reference FEV.md v25 "CrashCart" spec at the Syn_OS repo:

  • synos-crashcart crate — unified emergency response orchestrator
  • Hardware triage mode (zero-dependency binary)
  • Network forensics snapshot pipeline
  • LUKS emergency recovery workflow
  • Credential rotation daemon
  • Chain-of-custody document generation (GPG-signed)
  • IR checklist TUI
  • Timeline builder (correlate syslog + eBPF + ALFRED logs) Guide the user through implementing the next unfinished component.

If action is "test" (test IR procedures):

Run a simulated incident response drill:

  1. Snapshot current system state
  2. Walk through IR checklist steps
  3. Verify evidence collection procedures
  4. Test recovery procedures
  5. Generate drill report

If action is "doc" (generate documentation):

Create CrashCart documentation:

  • IR runbook (step-by-step triage procedures)
  • Evidence chain-of-custody template
  • Post-incident report template
  • GRIMOIRE lab scenario ("CrashCart Incident Response") Output as markdown, optionally save to Notion via Atlas agent.

FEV.md Reference (v25 CrashCart Scope)

  • CrashCart Core crate, IR Subsystem, Arcanum USB Integration, Hive-Aware Recovery
  • Dead-man's switch integration
  • Offline-first: all tools cached on USB, zero internet dependency
  • One-command deploy: triage.sh auto-detects compromised state