Stats
Actions
Tags
'%20stop-opacity%3D'0.16'%2F%3E%3Cstop%20offset%3D'1'%20stop-color%3D'rgb(200%2C90%2C60)'%20stop-opacity%3D'0.03'%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Crect%20width%3D'320'%20height%3D'200'%20fill%3D'url(%23g)'%2F%3E%3Ccircle%20cx%3D'250'%20cy%3D'56'%20r%3D'92'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.06'%2F%3E%3Ccircle%20cx%3D'64'%20cy%3D'172'%20r%3D'58'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.05'%2F%3E%3C%2Fsvg%3E)
From pluggedin
Record a critical failure — data loss, production incident, security breach, or cascade failure — into permanent shock memory. Shocks never decay and are always surfaced in memory-resume briefs.
How this skill is triggered — by the user, by Claude, or both
Slash command
/pluggedin:memory-capture-shockThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
> **SECURITY — Two-Layer Defence (PCI-DSS 4.0 · ISO/IEC 27001:2022 · GDPR · SOC 2)**
SECURITY — Two-Layer Defence (PCI-DSS 4.0 · ISO/IEC 27001:2022 · GDPR · SOC 2)
Layer 1 (automatic): The hook script pipes all content through
pci-scrub.pybefore sending to the API. Catches: emails, API keys (OpenAI/Anthropic/AWS/GitHub/…), IPv4/IPv6, credit card numbers, national IDs (US SSN, UK NI, EU VAT, Aadhaar, …), connection string credentials, home paths, phone numbers.Layer 2 (YOU): Regex cannot catch everything. Before calling any memory tool, apply semantic judgment. Do NOT record:
- Person names, usernames, employee IDs → replace with
[PERSON]- Company / customer names →
[COMPANY]- Passwords, MFA codes, session tokens, cookies →
[REDACTED]- Health / medical data (HIPAA PHI) →
[REDACTED]- Financial account numbers, balances →
[REDACTED]- Precise location data (GPS, home address) →
[ADDRESS]- Anything business-confidential (pricing, contracts) →
[REDACTED]When in doubt, leave it out. Over-redaction is always preferable to a compliance violation.
CRITICAL IMPORTANCE: Shocks are permanent. They never decay. They are always surfaced in memory-resume briefs. Use this ring for incidents that must never be forgotten — even years later.
Do NOT use for ordinary bugs or recoverable errors — those go to longterm.
SHOCK: <short name, e.g., "prod-db-truncate-2026-03">
SEVERITY: critical | high
DATE: <YYYY-MM-DD>
WHAT HAPPENED:
<exact description of what failed and how>
BLAST RADIUS:
<what was affected: data, users, systems, duration>
ROOT CAUSE:
<why it happened>
HOW TO DETECT:
<early warning signs, monitoring alerts that would catch this>
HOW TO PREVENT:
<exact guard rails: checks, flags, confirmations required before the action>
RECOVERY:
<how it was recovered from, or "not recoverable">
pluggedin_memory_observe with:
sessionUuid: current session UUIDobservationType: failure_patterncontent: the full shock textoutcome: "failure"metadata: {"ring": "shocks", "severity": "critical", "shock_name": "<name>"}This skill fires automatically when critical failure keywords are detected:
SHOCK: accidental-db-migrate-direct-2026-01
SEVERITY: critical
DATE: 2026-01-15
WHAT HAPPENED:
Applied Drizzle migration directly with raw SQL ALTER TABLE on prod database
instead of using pnpm db:migrate. Foreign key constraint dropped silently.
Downstream queries started failing 20 minutes later.
BLAST RADIUS:
~200 API requests failed over 45 minutes. No data loss but
3 tables had inconsistent FK state requiring manual repair.
ROOT CAUSE:
Bypassed pnpm db:migrate workflow to "save time". Direct SQL has no
rollback trail and no idempotency check.
HOW TO DETECT:
DB query errors on FK-constrained tables after schema change.
Monitor: constraint_violations metric in pg_stat_user_tables.
HOW TO PREVENT:
ALWAYS use pnpm db:generate then pnpm db:migrate.
NEVER run raw ALTER TABLE on prod.
Add pre-commit hook that rejects .sql files in migration runs.
RECOVERY:
Manual FK reconstruction from schema.ts definitions.
Full process took 2 hours.
Skip this skill if:
ls, checked a file, viewed a README)<private> block wraps the relevant content — respect user opt-outnpx claudepluginhub veriteknik/pluggedin-plugin --plugin pluggedinExecutes structured production incident response: triages P1-P3 severity, contains blast radius (rollback, mitigation), root-causes after stabilization, logs timeline, generates postmortem. Triggers on outages or 'incident'.
Activate for: incident, outage, system failure, post-mortem, incident post-mortem, root cause analysis, RCA, five whys, corrective action, lessons learned, incident log, incident report, P1, P2, major incident, incident review, incident timeline, what went wrong, service outage, payment failure, data breach incident, incident response, MTTD, MTTR, incident management, on-call, escalation, incident retrospective, corrective action tracker, lessons learned brief. NOT for: change impact assessment (use official /change-request), risk register building (use official risk-assessment auto-skill), compliance obligation mapping (use official compliance-tracking auto-skill).
Stores important decisions, patterns, bug fixes, and lessons into Cortex persistent memory. Use after resolving bugs, making architecture choices, or when the user asks to remember something.