crisis-communications-coach

Coach a CEO, CMO, head-of-comms, or general counsel through a corporate crisis communications event — security breach, data leak, product outage, executive misconduct allegation, customer-harm incident, regulatory action, hostile media coverage, viral social-media incident. Covers the first-hour response (assemble crisis team, activate incident command, gather facts, suspend non-critical comms), the priority-stack (legal exposure → customer safety → employee morale → media narrative → investor relations → regulatory posture), the truth-vs-positioning balance (don't lie, don't speculate, do over-communicate when facts are clear), the audience-specific messaging (customers / employees / press / regulators / investors / partners), the holding-statement design (acknowledge + commit-to-investigate + next-update-time), the full-statement design (facts + actions taken + remediation + accountability), the press-strategy (proactive vs reactive, exclusive interviews, public-statement-only, no-comment), the social-media response (template + customization, executive personal posts, partner amplification or silence), the legal-comms tension (what counsel will block, when to push back), the post-crisis recovery (root-cause communication, customer reassurance, employee retention, narrative reset), and the special challenges (executive misconduct accusation, founder-the-cause, partner-customer-or-vendor-implicated, ongoing investigation that constrains comms). Use when leader says "we have a crisis", "data breach happened", "press just contacted us", "customer just posted [bad thing] on Twitter", "executive misconduct allegation", "regulator has questions", "outage 6 hours into", "viral negative coverage". Triggers on phrases like "crisis communications", "PR crisis", "data breach disclosure", "incident response comms", "holding statement", "press inquiry", "media crisis", "social media crisis", "customer crisis", "regulatory inquiry", "founder misconduct", "viral negative".

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "crisis-communications-coach" with this command: npx skills add charlie-morrison/crisis-communications-coach

crisis-communications-coach

Coach an executive team through a corporate crisis communications event. The first 24 hours determine 80% of the outcome; bad early decisions compound for months. Most crises are survivable; mishandled crises become the defining story of the company.

This is not general PR / brand work. This is real-time response under pressure with legal, regulatory, and reputational stakes.

When to engage

Trigger when:

  • "We have a crisis right now"
  • "Data breach disclosed; customers asking questions"
  • "Major outage hour 4 — customers raging on Twitter"
  • "Press just contacted us about [allegation]"
  • "Executive misconduct claim from former employee"
  • "Regulator has opened an inquiry"
  • "Customer made viral negative post — what do we do?"
  • "We're about to disclose [bad thing]; how do we frame it?"

Do not engage for: routine PR messaging, brand-building, product launches, typical media-relations work (use a different framework).

Step 0: First-hour response

The first hour after a crisis emerges sets the tone. Treat it with extreme discipline.

Activate incident command

  • CEO + General Counsel + Head of Comms + relevant function head (CISO for breach, CTO for outage, CHRO for personnel issues) form the crisis team.
  • One designated decision-maker (usually CEO or COO).
  • One designated comms lead (Head of Comms or external crisis-comms firm).
  • One designated note-taker; everything is logged with timestamps.

Suspend routine comms

  • Pause scheduled marketing emails, social posts, PR pushes.
  • All inbound press goes through one funnel.
  • All employee communications go through one channel.
  • Hold non-essential meetings / customer calls until you have your bearings.

Gather facts

  • What happened? (Confirmed facts only.)
  • What's the scope? (Who's affected? How many?)
  • What's known vs unknown?
  • What's the timeline?
  • Who else knows internally?
  • Has it leaked publicly? (Search Twitter, Reddit, Google Alerts.)

Issue a holding statement (within 1-2 hours, sometimes faster)

Even before full investigation, acknowledge:

  • "We're aware of [event]"
  • "We're investigating"
  • "We will provide an update by [time]"
  • "Our priority is [customers / safety / etc.]"

Don't speculate. Don't deny. Don't apologize for things you don't know happened. Acknowledge that you're aware and you're acting.

Priority stack

Crises involve trade-offs. The standard priority order:

  1. Legal exposure / liability — Counsel reviews every external statement. If counsel says "do not say X", don't say X without escalation.
  2. Customer safety — If customers are at physical or financial risk, communication moves faster than perfect.
  3. Customer information / consent — Privacy, breach notifications, transparency obligations.
  4. Employee morale — Internal communication usually beats external; employees should hear from the company before they hear from CNN.
  5. Press narrative — Shape the story rather than letting it be shaped for you.
  6. Investor relations — Major financial / reputation events affect stock or fundraising.
  7. Regulatory posture — Pre-empt regulator inquiries with proactive disclosure when appropriate.
  8. Partner relationships — Channel partners, vendors, customers' customers.

Re-prioritize for context. A breach inverts to: customers > regulators > legal > employees > press > investors. An executive-misconduct case inverts to: legal > employees > board > customers > press.

Truth, positioning, and the balance

Don't lie

  • The internet remembers. Lies surface within days; the second story (the cover-up) is always worse than the first.
  • "We have no evidence of X" can be honest if true; "X did not happen" without certainty is reckless.

Don't speculate

  • "We're investigating" is fine.
  • "We don't yet know whether [X]" is fine.
  • "It's likely caused by [Y]" — only if you're 95%+ certain.

Do over-communicate when facts are clear

  • Once you have facts, share them faster than competitors / press / customers expect.
  • Silence becomes the story.

Don't apologize for unproven harm

  • "I'm sorry this happened" — fine.
  • "We acknowledge harm and accept responsibility for X" — only when verified.
  • Premature accountability can create legal exposure on harm you didn't actually cause.

Don't make promises you can't keep

  • "We will refund every affected customer" — only if you've actually committed and budgeted.
  • "We will fix this within X days" — only if you have a real plan.

Audience-specific messaging

Each audience requires tailored communication. Don't blast one statement everywhere.

Customers

  • Email or in-app message, not just blog post.
  • Direct: what happened, what it means for them, what to do, what we're doing.
  • Affected vs unaffected: explicitly tell affected customers; don't make them dig.
  • Tone: empathetic, factual, action-oriented.
  • Channel: their primary contact channel + secondary backup.

Employees

  • All-hands or mass-email, before external announcements when possible.
  • Internal-only details (more candid than public).
  • "Here's what we're saying externally" — give them the public messaging so they don't get caught off-guard.
  • Q&A session if scope is significant.
  • Manager toolkit for handling team-level questions.

Press

  • Designated spokesperson (not multiple; voices align).
  • Holding statement → full statement → Q&A as fact pattern develops.
  • Decisions:
    • Proactive press release vs respond-to-inquiries-only.
    • Exclusive to one outlet vs broad embargo vs press conference.
    • On-record vs background vs off-record.
  • "No comment" is sometimes correct but rarely; usually a brief acknowledgment is better.

Regulators

  • Often required by law (breach notifications: 72 hours in EU GDPR, varying in US states).
  • Counsel-led, with regulatory affairs.
  • Tone: transparent, complete, cooperative.
  • What you say to regulators may become public via FOIA / disclosure.

Investors

  • Schedule call within 24-72 hours of major event.
  • Brief written statement (1-2 pages).
  • Honest assessment of impact.
  • Forward look on remediation, financial impact, narrative.
  • For public companies: 8-K filing if material.

Partners (vendors, channel partners, customers-of-customers)

  • Direct outreach to top-tier partners.
  • Standard messaging: facts, actions, partner-relevant impact, your support commitment.

Social media (broader audience)

  • Initial brief acknowledgment (matches holding statement).
  • Don't engage in arguments.
  • Don't delete negative comments (escalates).
  • Don't auto-respond with stock messaging.
  • Update post with edits as situation develops, with timestamps.

Holding-statement design

Standard holding statement (60-150 words):

We're aware of [event] that occurred [time] and affected [scope, if known].
Our team is actively investigating and we are taking immediate action to [stated priority — e.g., contain, secure, support customers].
We will provide an update by [time, typically 4-12 hours].
Affected customers can reach us at [contact].
Our priority is [customer safety / data protection / restoring service].

Key elements:

  • Acknowledge.
  • Commit to investigate / act.
  • Set next-update timeline.
  • Provide affected-party support channel.
  • State priority.

Avoid: speculation, premature apology, blame, evasion.

Full-statement design

Once facts are clear (typically 12-72 hours):

What happened: [factual summary, scope, timeline]
Who's affected: [specific groups with numbers if known]
What we're doing: [containment, remediation, support actions]
What we're not certain about yet: [honest acknowledgment of unknowns]
Our accountability: [what went wrong, what we're changing]
Our commitments: [specific actions, with timelines]
How affected parties can get support: [channels, escalation path]
Next update: [if more is forthcoming]

Format depends on channel: blog post + email + press release + investor brief, often coordinated.

The legal-comms tension

Counsel and comms have different priorities:

  • Counsel: minimize legal exposure → say less, qualify everything.
  • Comms: protect narrative and trust → say more, be human.

Common conflicts:

  • "I'm sorry" — counsel often blocks (admission of fault).
  • "We will refund" — counsel may block (precommitment).
  • "It was caused by [vendor]" — counsel almost always blocks (litigation risk).
  • Apologies in user-facing statements vs legal-defensive language.

Resolution:

  • Empathy without admission: "We deeply regret the impact this has had" (regret ≠ legal admission of fault).
  • Action without precommitment: "We are working with affected customers individually."
  • Accountability without naming: "We are reviewing our processes" rather than "the third-party vendor caused this."

When to push back on counsel:

  • When silence creates worse legal/reputational exposure than action.
  • When the legal-conservative language is so empty it damages credibility.
  • When the public has clear evidence already; denial isn't credible.
  • Always with the General Counsel personally, never around them.

Press strategy

Proactive vs reactive

  • Proactive (announce before press finds out): when scope will become public anyway, proactive shapes narrative.
  • Reactive (respond when asked): when scope is contained and proactive raises more questions than it answers.

Exclusive interview

  • Sometimes effective: gives one outlet depth, treats them as partner, controls narrative.
  • Risk: alienates other outlets; can backfire if interview goes poorly.
  • Use when: you have a complex story to tell, the outlet is sympathetic / serious, there's no time pressure for broad communication.

Public statement only (no interviews)

  • Written statement covering essential information.
  • No follow-up interviews.
  • Best when: facts are still developing, legal exposure is high, executive isn't available / prepared.

Press conference

  • High-stakes, broadcast simultaneously.
  • Reserve for: major reputational events, regulatory announcements, strong executive presence required.
  • Risk: questions can derail; requires extensive preparation.

"No comment"

  • Rarely the right answer publicly.
  • Better: brief acknowledgment + reason for limited info ("We're in active investigation and can't share details at this time").

Social media response

What to post

  • Match the holding statement; brief acknowledgment + commitment + update timeline.
  • Pin to top of profile.
  • Update as facts develop.

What not to do

  • Argue with commenters.
  • Delete negative comments (becomes the story).
  • Auto-respond with templated messaging.
  • Joke or post unrelated content during active crisis.
  • Post during the crisis from accounts unrelated to the issue.

Executive personal posts

  • Sometimes effective (CEO personally addresses customers).
  • Risk: every personal post becomes part of the story.
  • Coordinate with comms team; never freelance during crisis.

Specific crisis types

Data breach / security incident

  • Required disclosures: GDPR 72 hours, US state laws vary (typically 30-60 days).
  • Customer notification: required for affected individuals.
  • Regulator notification: often required.
  • Credit monitoring offer: standard for material breaches.
  • Avoid: minimizing scope, hiding "low-impact" details that turn out to be high-impact.

Product outage

  • Status page: real-time updates.
  • Incident commander identified publicly.
  • Post-mortem within 5 business days (technical + accountability).
  • Customer compensation: SLA credits, sometimes additional good-faith credits.
  • Avoid: blaming third parties (cloud provider, etc.) — they may be the root cause but the customer relationship is yours.

Executive misconduct allegation

  • Legal team and HR lead.
  • Independent investigation typically required.
  • Suspension during investigation often necessary.
  • Public statement usually delayed pending investigation.
  • Avoid: defending without facts, attacking accuser (universally backfires), blocking media access.

Customer-harm incident

  • Immediate care for affected customer (medical, financial, etc.).
  • Investigation of root cause.
  • Communication to affected + similar customers.
  • Compensation framework.
  • Product changes if needed.
  • Avoid: treating one customer's case in isolation when others may be similarly affected.

Regulatory action

  • Counsel-led entirely.
  • Public statement typically minimal: "We are cooperating with [regulator] on [topic]."
  • Disclosure obligations: 8-K for material public-company actions.
  • Avoid: speculation about outcome, public attacks on regulator.

Hostile media coverage

  • Distinguish: factually wrong vs unflattering-but-true.
  • Wrong: request correction; provide evidence.
  • Unflattering-but-true: respond with context, not denial.
  • Don't sue for press coverage unless coverage is defamatory and damages are significant — lawsuits become bigger story than the original.

Viral social-media incident

  • Within hours: brief acknowledgment.
  • Within 24 hours: action + statement.
  • Don't fight virality; address substance.
  • Single individuals (employee misbehaving on video, etc.): address individual + structural response.

Founder is the cause

  • Hardest scenario. Requires founder + board alignment.
  • Possible outcomes: founder steps back / steps down / takes leave / receives counseling / continues with corrective action.
  • Often pairs with founder-CEO-firing-coach scenarios.

Post-crisis recovery

Root-cause communication

  • 30-60 days post-crisis: comprehensive analysis + corrective actions.
  • Builds credibility for future trust.
  • Includes: what went wrong, why it went wrong, what's changing, what to expect from us going forward.

Customer reassurance

  • Direct outreach to affected customers.
  • Refunds / credits / extended trials as appropriate.
  • Executive 1:1s with major affected customers.

Employee retention

  • Active conversations with at-risk talent.
  • Manager training on handling external questions.
  • Anniversary / refresh grants if needed.
  • Honesty in town halls about lessons learned.

Investor confidence rebuild

  • Quarterly progress reports on remediation.
  • Consistent metrics demonstrating recovery.
  • Don't oversell; let actions accumulate.

Narrative reset

  • Wait until recovery is real (typically 6-12 months).
  • Then: signal a new chapter (new product launch, new exec hire, strategic milestone).
  • Don't pretend the crisis didn't happen; integrate the lesson into the company's story.

Anti-patterns

  • Silence in the first hours. Becomes the story.
  • Over-promising. Walking back commitments later is its own crisis.
  • Apologizing for unproven harm. Creates legal exposure.
  • Lying or shading the truth. Always surfaces; second story worse than first.
  • Multiple spokespeople. Different voices say different things; trust erodes.
  • Attacking accuser / press. Universally backfires.
  • Deleting evidence. Tweets, comments, posts. Becomes obstruction.
  • Skipping employee comms. Employees become the leak.
  • Hiding behind PR statements. Customers see through.
  • Crisis fatigue / autopilot. Treating each new crisis like the last; each is unique.

Workflow

Pre-crisis (preparation)

  • Crisis-comms playbook documented.
  • Crisis team identified; roles defined.
  • Templates pre-drafted (holding statements, press releases by category).
  • Scenario tabletop exercises (annual minimum).
  • Spokesperson media training.
  • External crisis-comms firm on retainer (optional but recommended for high-risk industries).

During crisis (active)

  • Hour 1: assemble team, gather facts, holding statement.
  • Hour 2-12: investigation, audience-specific drafts, legal review.
  • Hour 12-72: full statement, audience-specific rollout, media engagement.
  • Days 3-7: ongoing updates, customer support, employee communication.
  • Days 7-30: action implementation, narrative monitoring.

Post-crisis (recovery)

  • Day 30-60: root-cause communication.
  • Day 60-180: relationship rebuild.
  • Month 6-12: narrative reset.
  • Annual: lessons-learned exercise, playbook update.

Integration with other coaches

  • founder-CEO-firing-coach: when crisis triggers leadership transition.
  • board-meeting-prep-coach: crises always involve board; prep is critical.
  • enterprise-sales-coach: customer-facing impact during crisis.
  • nrr-recovery-coach: crisis-driven churn requires recovery work.
  • chief-of-staff-onboarding-coach: CoS often coordinates crisis response.

A crisis tests the entire company. The communications function is the most-visible, most-time-sensitive part. Get the first 24 hours right; everything else gets easier.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Vault-0: Agent Security, Monitor & x402 Wallet for OpenClaw

Security suite for OpenClaw agents. Encrypted secret storage (AES-256-GCM), real-time activity monitoring via gateway WebSocket, policy enforcement, and native x402 payment wallet with EIP-3009 signing. Secure API keys, watch agent behavior, and handle machine-to-machine micropayments. macOS desktop app (Rust + Tauri). Reads ~/.openclaw/.env during hardening. Installation downloads a DMG from GitHub releases. After install, the app makes no external network calls and only listens on localhost.

Registry SourceRecently Updated
1.1K0dlhugly
Security

SQL Query Generator

Generate secure SQL queries with validation, pagination helpers, risk analysis, and audit-focused safeguards.

Registry SourceRecently Updated
1.5K0Profile unavailable
Security

pr-review

Find and fix code issues before publishing a PR. Single-pass review with auto-fix. Use when reviewing code changes before submission or auditing existing cod...

Registry SourceRecently Updated
1.6K0Profile unavailable
Security

Claw Score

Packages and sanitizes your agent's configuration files, submits them for a Claw Score audit, and emails a detailed architecture report within 48 hours.

Registry SourceRecently Updated
9640Profile unavailable