Stats
Actions
Available In
Tags
Help us improve
Share bugs, ideas, or general feedback.
Plugin
lc-essentials
Conduct LimaCharlie security operations through the CLI: create and test detection rules, investigate incidents, task sensors for live response, monitor fleet health, and search documentation.
$
npx claudepluginhub refractionpoint/lc-ai --plugin lc-essentialsPopularity
Stars
Med: 0·Avg: 273
Installs
Med: 0·Avg: 1
What's Inside
Slash Commands2
Ask LimaCharlie Documentation
/ask
Ask a question about LimaCharlie and get an answer from the documentation. Usage: /lc-essentials:ask <your question>
init-lc
/init-lc
Initialize the current working directory's CLAUDE.md with LimaCharlie CLI guidelines. Merges AUTOINIT.md content into a '# Using LimaCharlie' section. Safe to run multiple times.
Agents3
dr-replay-tester
/dr-replay-tester
Test D&R rules via historical replay against a SINGLE LimaCharlie organization. Designed to be spawned in parallel (one instance per org) by the detection-engineering skill. Returns summarized results (stats, samples, patterns) instead of all matches.
sensor-health-reporter
/sensor-health-reporter
Check sensor health for a SINGLE LimaCharlie organization. This agent is designed to be spawned in parallel (one instance per org) by the sensor-health skill. Accepts org ID and parameters in the prompt, returns findings for that org only.
sensor-tasking-executor
/sensor-tasking-executor
Execute sensor tasks (live response commands) on a single sensor and return results. Designed for parallel execution by parent skills. Handles online verification, task execution, and result formatting.
Skills9
detection-engineering
/detection-engineering
Expert Detection Engineer assistant for creating and testing D&R rules in LimaCharlie. Guides through understanding threats, researching event data (Schema, LCQL, Timeline), generating detection logic, testing rules against sample and historical data, and deploying validated rules. Use for building detections, writing D&R rules, testing detection logic, or when user wants to detect specific behaviors or threats.
detection-tuner
/detection-tuner
Investigate noisy/common alerts and create false positive (FP) rules to suppress benign detections. Analyzes detection frequency over 7 days, identifies patterns, generates and tests FP rules with operator approval before deployment. Use for tuning detection noise, reducing alert fatigue, suppressing known-safe activity, or when specific detections need filtering. Human-in-the-loop workflow ensures no FP rules are deployed without explicit approval.
fleet-payload-tasking
/fleet-payload-tasking
Deploy payloads and shell commands fleet-wide using reliable tasking. Execute scripts, collect data, or run commands across all endpoints with automatic handling of offline sensors. Use for vulnerability scanning, data collection, software inventory, compliance checks, or any fleet-wide operation.
case-investigation
/investigation-creation
Investigate security cases from the LimaCharlie Cases extension. Performs HOLISTIC investigations - not just process trees, but initial access hunting, org-wide scope assessment, lateral movement detection, and full host context. Enriches cases with telemetry references, entities/IOCs, analyst notes, and investigation summary/conclusion. Use for SOC triage, incident investigation, threat hunting, alert triage, or building SOC working reports. Supports case lifecycle management (triage, classify, resolve).
lookup-lc-doc
/lookup-lc-doc
Search and retrieve LimaCharlie documentation from GitHub repositories. Use when users ask about LimaCharlie platform features, SDKs, APIs, D&R rules, LCQL, sensors, outputs, extensions, integrations, AI skills, agents, or any LimaCharlie-related topics.
Stats
Version3.1.0
LanguageJinja
Stars24
Forks3
MaintenanceExcellent
LicenseApache-2.0
Last Commit
Added
Available In
Safety Signals
Caution
Uses power tools
Uses Bash, Write, or Edit tools
Tags
Help us improve
Share bugs, ideas, or general feedback.
