After-Incident Guide

If something feels wrong, stay calm. Quick, focused steps are usually more helpful than panic.

If you ran an unknown command

What happened: you executed code without full review.

Immediate first steps: disconnect risky sessions, record command history, and stop repeated runs.

Do not panic about: not understanding everything immediately; investigation can happen in stages.

Credential rotation: rotate secrets if command touched config, shells, or token files.

Machine isolation: isolate if you see unexpected processes, outbound traffic, or privilege changes.

Expert help: ask security or IT when scope is unclear after first triage.

What happened: credential confidentiality may be lost.

Immediate first steps: revoke or rotate the key, then audit recent use logs.

Do not panic about: temporary service interruptions during key replacement.

Credential rotation: rotate immediately for public or shared exposure.

Machine isolation: usually not required unless other compromise signs appear.

Expert help: ask for help if billing spikes, abuse, or unknown API use appears.

What happened: untrusted code may have run locally.

Immediate first steps: stop running scripts, review changed files, and check persistence items.

Do not panic about: cloning alone; risk is higher when execution occurred.

Credential rotation: rotate secrets used while the repo was active.

Machine isolation: isolate if startup entries or unknown binaries were added.

Expert help: ask experts for forensic review if system behavior changed.

What happened: install scripts may have executed unintended actions.

Immediate first steps: remove package, clear caches where needed, and inspect install logs.

Do not panic about: needing to rebuild dependencies cleanly; that is normal recovery.

Credential rotation: rotate tokens if environment files or build secrets were accessible.

Machine isolation: isolate when persistence or privilege changes are suspected.

Expert help: escalate when signs point beyond a single dependency issue.