cx-incident-management
Use this skill when the user asks to "investigate incident", "triage this alert", "what's firing", "who got paged", "incident response", "check incident status", "SLO breaching", "error budget burned", "check service level", "SLI status", "who was notified", "check notification delivery", "verify alert routing", "MTTR", "incident severity", "error budget", "burn rate", "acknowledge incident", "resolve incident", "production incident", "what alerts are active", "incident timeline", "on-call triage", or wants to triage, manage, or respond to incidents using alerts, SLOs, and notifications.
51
55%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/cx-incident-management/SKILL.mdQuality
Discovery
37%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is essentially a long list of trigger phrases with no explanation of what the skill actually does. While the trigger term coverage is excellent and would help Claude match user requests, the complete absence of capability descriptions means Claude cannot assess whether this skill can actually fulfill the request. The description needs a clear 'what it does' section listing concrete actions.
Suggestions
Add a clear capability statement before the trigger phrases, e.g., 'Queries incident management systems to retrieve active alerts, check SLO status and error budgets, view notification delivery and on-call routing, and manage incident lifecycle (acknowledge, resolve, escalate).'
Restructure to lead with 'what it does' followed by 'Use when...' — currently the entire description is one long 'Use when' clause with no substance about capabilities.
Mention specific outputs or integrations (e.g., 'Returns incident timelines, MTTR metrics, burn rate calculations, and paging history from PagerDuty/Datadog/etc.') to help distinguish from other monitoring-related skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description lists no concrete actions or capabilities. It only provides trigger phrases and a vague closing clause ('triage, manage, or respond to incidents using alerts, SLOs, and notifications') but never describes what the skill actually does — no specific operations, tools, or outputs are mentioned. | 1 / 3 |
Completeness | While the 'when' is thoroughly covered with explicit trigger phrases, the 'what does this do' is essentially missing — there is no description of the skill's capabilities, actions, or outputs. The description is entirely trigger-focused with no explanation of what the skill actually performs. | 1 / 3 |
Trigger Term Quality | The description provides extensive coverage of natural trigger terms users would say, including 'investigate incident', 'what's firing', 'who got paged', 'SLO breaching', 'error budget burned', 'MTTR', 'on-call triage', and many more variations. These are realistic phrases a user would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | The incident response / SLO / alerting domain is fairly specific, and the many trigger terms help narrow the niche. However, without describing concrete capabilities, it could overlap with other monitoring, alerting, or observability skills that share similar terminology. | 2 / 3 |
Total | 7 / 12 Passed |
Implementation
72%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured incident management skill with strong actionability — every section provides executable CLI commands with practical jq filters. The progressive disclosure and organization are excellent, with clear cross-references to related skills. The main weaknesses are minor verbosity in explanatory text and the absence of validation/error-recovery steps in the triage workflow, which is important for high-stakes incident response operations.
Suggestions
Add validation checkpoints and error handling guidance to the triage workflow (e.g., 'If cx incidents acknowledge returns an error, verify the incident status is TRIGGERED before retrying').
Trim filler sentences like 'Get an overview of what's happening' and 'Review the incident timeline and related events to understand scope and progression' — the commands and section headers already convey intent.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Generally efficient with good use of tables and code blocks, but includes some unnecessary filler phrases ('Get an overview of what's happening', 'Review the incident timeline and related events to understand scope and progression') and the Key Principles section restates things Claude would naturally do. Could be tightened by ~20%. | 2 / 3 |
Actionability | Provides fully executable, copy-paste-ready CLI commands throughout, including jq filters for structured output parsing. Every workflow step has concrete commands with real flags and options, and examples cover filtering, creating, testing, and debugging scenarios. | 3 / 3 |
Workflow Clarity | The 6-step triage workflow is clearly sequenced and logical, and the notification debugging section has a good 3-step process. However, there are no explicit validation checkpoints or error recovery feedback loops — e.g., no guidance on what to do if an acknowledge fails, if SLO data looks stale, or if notification tests fail. For incident management (a potentially destructive/high-stakes domain), this is a gap. | 2 / 3 |
Progressive Disclosure | Content is well-organized with clear sections (triage workflow, incident actions, SLO management, notification debugging, aggregations). References to related skills (cx-alerts, cx-telemetry-querying, cx-observability-setup) are clearly signaled and one level deep. The CLI command table at the top serves as an effective overview/index. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- coralogix/cx-cli
- Commit
34d6303
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.