Cross-vendor compliance evidence collection and control drift detection — maps live tenant configuration and documentation to CIS/SOC 2/HIPAA controls and cyber-insurance questionnaire line items.
Report control and configuration drift since the last known-good baseline for a client or the whole portfolio
Build a source-cited compliance evidence package for a client against a named framework
Draft evidence-backed answers to the standard cyber-insurance questionnaire for a client
Use this agent when an MSP needs to know what has changed in a client's compliance posture since the last known-good baseline, prioritized by how much each change actually matters. Trigger for: control drift, configuration drift report, standards drift, has anything changed, drift detection, what changed, unauthorized change report, security drift review. Examples: "Has anything drifted for Acme Corp since our last check?", "Run a control drift report across the portfolio this week", "Did anything change on Meridian Health's tenant that we should know about?"
Use this agent when an MSP needs to gather and assemble compliance evidence for a client against a named framework or control set, producing a source-cited package an auditor or client can review. Trigger for: compliance evidence, gather evidence for audit, build evidence package, SOC2 evidence, HIPAA evidence, CIS evidence, audit prep, evidence for auditor, control evidence package. Examples: "Build a SOC 2 evidence package for Meridian Health", "Gather HIPAA evidence for Riverside Medical before Friday's audit", "Put together CIS control evidence across the whole portfolio"
Use this agent when a client needs its cyber-insurance renewal or new-business questionnaire drafted using live tool evidence rather than best-guess answers. Trigger for: insurance questionnaire, fill out cyber insurance form, answer security questionnaire, cyber insurance renewal, underwriter questions, insurance application security section. Examples: "Fill out the cyber insurance questionnaire for Acme Corp's renewal", "We need to answer the underwriter's security questions for Riverside Medical", "Draft the security section of Meridian Health's insurance application"
Use this skill when a compliance control (CIS, SOC 2, HIPAA, or a cyber-insurance questionnaire line item) needs to be traced to concrete, retrievable evidence from connected MSP tooling rather than answered from memory or assumption. Covers how to resolve a control statement to specific gateway tool calls across CIPP (M365/Entra), Liongard (infrastructure inspections), and IT Glue/Hudu (documentation), and the critical distinction between evidence that proves a control is actually met versus evidence that only proves the control is written down as policy.
Use this skill when drafting answers to a cyber-insurance renewal or new-business questionnaire for an MSP client. Covers the standard recurring question set (MFA everywhere, EDR deployed, backups tested, incident response plan documented, employee security training) and how to answer each type by pulling live evidence from connected tools rather than guessing, plus how to flag questions that cannot be answered with current tool coverage instead of submitting an unverified answer.
Use this skill when a client's live configuration needs to be compared against a previously established baseline or standard to detect drift. Covers CIPP standards checks and Best Practice Analyser results, Liongard change detection and inspection timelines, what qualifies as drift versus normal operational change, how to distinguish intentional/authorized change from unauthorized or risky drift, and how to prioritize which drift findings matter most when several surface at once.
External network access
Connects to servers outside your machine
Uses power tools
Uses Bash, Write, or Edit tools
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
One command to supercharge Claude Code for MSP workflows.
/plugin marketplace add wyre-technology/msp-claude-plugins
Then restart Claude Code. That's it.
Documentation: mcp.wyre.ai
Thirty-three vendor-specific plugins with domain knowledge for PSA, RMM, documentation, security, accounting, CRM, and productivity tools:
| Plugin | Description |
|---|---|
| Autotask PSA | Kaseya Autotask PSA - tickets, service calls, CRM, projects, contracts, billing |
| Datto RMM | Datto remote monitoring - devices, alerts, jobs, patches |
| IT Glue | IT documentation - organizations, assets, passwords, flexible assets |
| Hudu | IT documentation - companies, assets, articles, passwords, websites |
| RocketCyber | Managed SOC - incidents, agents, events, threat detection |
| Syncro | All-in-one PSA/RMM - tickets, customers, assets, invoicing |
| Atera | RMM/PSA platform - tickets, agents, customers, alerts, SNMP/HTTP monitors |
| SuperOps.ai | Modern PSA/RMM with GraphQL - tickets, assets, clients, runbooks |
| HaloPSA | Enterprise PSA with OAuth - tickets, clients, assets, contracts |
| Liongard | Configuration monitoring - environments, inspections, systems, detections, alerts |
| ConnectWise Manage | Industry-leading PSA - tickets, companies, contacts, projects, time (cloud and self-hosted) |
| ConnectWise Automate | Enterprise RMM - computers, clients, scripts, monitors, alerts |
| NinjaOne | NinjaOne RMM - devices, organizations, alerts, ticketing |
| SalesBuildr | Sales CRM - contacts, companies, opportunities, quotes |
| Pax8 | Cloud marketplace - companies, products, subscriptions, orders, invoices |
| Xero | Accounting - contacts, invoices, payments, accounts, reports |
| QuickBooks Online | Accounting - customers, invoices, expenses, payments, reports |
| Microsoft 365 | M365 admin - users, mailboxes, Teams, OneDrive, licensing, security |
| Rootly | Incident management - incidents, alerts, on-call, AI analysis, postmortems |
| Huntress | Managed threat detection and response - agents, incidents, reports |
| Blumira | Cloud SIEM - detections, findings, alerts, automated response |
| SentinelOne | XDR platform - endpoints, threats, incidents, Purple AI integration |
| Abnormal Security | AI-native email security - threats, cases, abuse mailbox |
| Avanan | Check Point Harmony Email & Collaboration - email security, DLP |
| Ironscales | AI-powered anti-phishing - incidents, simulations, threat intel |
| Mimecast | Email security - message tracking, threat protection, compliance |
| SpamTitan | Email security by TitanHQ - spam filtering, quarantine, policies |
| Proofpoint | Targeted Attack Protection - threat intel, campaigns, forensics |
| KnowBe4 | Security awareness training - phishing simulations, PhishER, training |
| HubSpot | CRM platform - contacts, companies, deals, tickets, marketing |
| PandaDoc | Document automation - proposals, quotes, e-signatures, templates |
| BetterStack | Uptime monitoring and on-call - monitors, incidents, heartbeats |
| PagerDuty | Incident management and on-call - incidents, services, escalations |
Plus shared skills for MSP terminology, ticket triage, cross-vendor incident correlation, and billing reconciliation.
npx claudepluginhub wyre-technology/msp-claude-plugins --plugin compliance-packSaaS Alerts - SaaS security monitoring and alerting for M365 / Google Workspace: alerts, events, anomaly detection, and multi-tenant response
Claude plugins for Checkpoint Harmony Email & Collaboration (Avanan) - email security, anti-phishing, threat detection, quarantine management
Vendor-agnostic MSP skills — terminology, ticket triage, incident correlation, and billing reconciliation
Claude plugins for Better Stack - uptime monitoring, incident management, status pages, on-call schedules, and log management (Logtail) for MSPs
Claude plugins for KnowBe4 - security awareness training, phishing simulation, user risk management
Cross-vendor security alert triage and incident response — normalizes severity, runs containment playbooks, and builds incident timelines across whatever EDR/MDR/SIEM stack you have connected.
Upstash Context7 MCP server for up-to-date documentation lookup. Pull version-specific documentation and code examples directly from source repositories into your LLM context.
v9.54.0 — Reliability wave: tangle contextual review correction loop with hard round ceiling, progress-supervised review rounds (per-agent stall watch, descendant-tree kills), council diversity and agy pin fixes, marketplace generator source-of-truth fix, provider troubleshooting runbook and cost-expectations docs. Run /octo:setup.
Consult multiple AI coding agents (Gemini, OpenAI, Grok, Perplexity, plus codex, antigravity, and grok CLIs when installed) to get diverse perspectives on coding problems
Comprehensive startup business analysis with market sizing (TAM/SAM/SOM), financial modeling, team planning, and strategic research
Complete creative writing suite with 10 specialized agents covering the full writing process: research gathering, character development, story architecture, world-building, dialogue coaching, editing/review, outlining, content strategy, believability auditing, and prose style/voice analysis. Includes genre-specific guides, templates, and quality checklists.