Investigate and remediate email-borne threats in Proofpoint Email Protection — query TAP threat events, decode URL Defense links, manage quarantined messages, identify high-risk users (VAPs), and generate security posture reports across MSP client environments
View recent TAP threat events including blocked messages, delivered threats, and click activity
Decode a Proofpoint URL Defense rewritten URL back to the original URL
Deep-dive threat investigation with forensics, campaign context, and remediation options
Release one or more quarantined messages to their intended recipients
Search quarantined messages in Proofpoint by sender, recipient, subject, or reason
Use this agent when auditing email security posture across Proofpoint-protected organizations, investigating threats via TAP intelligence, tracing specific emails, analyzing Very Attacked Persons (VAPs), or generating per-org security reports for MSP clients. Trigger for: Proofpoint threat investigation, TAP threat data, SIEM click events, proofpoint phishing, email security audit Proofpoint, Very Attacked Persons, VAP analysis, proofpoint message trace, blocked email Proofpoint, campaign intelligence. Examples: "Pull today's Proofpoint TAP threat data for the fleet", "Which users clicked on permitted phishing URLs this week?", "An email isn't arriving for our Proofpoint client — trace it", "Generate the monthly email security report for all Proofpoint orgs"
Use this agent when analyzing Very Attacked Persons (VAPs) in Proofpoint — tracking executives and high-value targets who receive the most sophisticated or highest-volume attacks, surfacing patterns over time, and recommending enhanced protections for the highest-risk users across the MSP client portfolio. Trigger for: VAP analysis, Very Attacked Person, Proofpoint VAP, high-value targets email, most targeted users, executive targeting, VIP email protection, Proofpoint targeted users, high-risk users Proofpoint, email attack concentration, VAP report, user threat exposure. Examples: "Who are our most attacked users across all Proofpoint clients this month?", "Generate a VAP report for the executive team at Acme Corp", "Which CFOs in our portfolio are receiving the most sophisticated attacks?", "Identify the highest-risk users in Proofpoint and recommend enhanced protections"
Use this skill when working with the Proofpoint API - authentication using HTTP Basic Auth with service principal and secret, base URLs, rate limits, pagination, error codes, and common integration patterns. Covers TAP SIEM API, quarantine API, people API, and URL Defense API authentication and usage patterns.
Use this skill when working with Proofpoint forensics and threat response - auto-pull, search and destroy, message trace, evidence collection, and remediation workflows. Covers post-delivery remediation, message investigation, and incident response procedures for email-borne threats.
Use this skill when working with Proofpoint people-centric security - Very Attacked People (VAP) reports, top clickers, user risk scoring, attack index, and user-level threat analytics. Covers identifying high-risk users, measuring user susceptibility, and implementing targeted security controls for the most attacked people.
Use this skill when working with Proofpoint email quarantine - listing, searching, releasing, and deleting quarantined messages. Covers quarantine reasons, sender and recipient filtering, bulk operations, quarantine folders, and message preview. Essential for MSP help desk teams managing quarantined email for clients.
Use this skill when working with Proofpoint Targeted Attack Protection (TAP) - retrieving threat events, click tracking, message delivery and blocking data, SIEM integration feeds, and threat type analysis. Covers URL threats, attachment threats, message-level threats, permitted and blocked clicks, and campaign correlation. Essential for MSP security analysts monitoring email threat activity.
Uses power tools
Uses Bash, Write, or Edit tools
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimnpx claudepluginhub wyre-technology/msp-claude-plugins --plugin proofpointBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
One command to supercharge Claude Code for MSP workflows.
/plugin marketplace add wyre-technology/msp-claude-plugins
Then restart Claude Code. That's it.
Documentation: mcp.wyre.ai
Thirty-three vendor-specific plugins with domain knowledge for PSA, RMM, documentation, security, accounting, CRM, and productivity tools:
| Plugin | Description |
|---|---|
| Autotask PSA | Kaseya Autotask PSA - tickets, service calls, CRM, projects, contracts, billing |
| Datto RMM | Datto remote monitoring - devices, alerts, jobs, patches |
| IT Glue | IT documentation - organizations, assets, passwords, flexible assets |
| Hudu | IT documentation - companies, assets, articles, passwords, websites |
| RocketCyber | Managed SOC - incidents, agents, events, threat detection |
| Syncro | All-in-one PSA/RMM - tickets, customers, assets, invoicing |
| Atera | RMM/PSA platform - tickets, agents, customers, alerts, SNMP/HTTP monitors |
| SuperOps.ai | Modern PSA/RMM with GraphQL - tickets, assets, clients, runbooks |
| HaloPSA | Enterprise PSA with OAuth - tickets, clients, assets, contracts |
| Liongard | Configuration monitoring - environments, inspections, systems, detections, alerts |
| ConnectWise Manage | Industry-leading PSA - tickets, companies, contacts, projects, time (cloud and self-hosted) |
| ConnectWise Automate | Enterprise RMM - computers, clients, scripts, monitors, alerts |
| NinjaOne | NinjaOne RMM - devices, organizations, alerts, ticketing |
| SalesBuildr | Sales CRM - contacts, companies, opportunities, quotes |
| Pax8 | Cloud marketplace - companies, products, subscriptions, orders, invoices |
| Xero | Accounting - contacts, invoices, payments, accounts, reports |
| QuickBooks Online | Accounting - customers, invoices, expenses, payments, reports |
| Microsoft 365 | M365 admin - users, mailboxes, Teams, OneDrive, licensing, security |
| Rootly | Incident management - incidents, alerts, on-call, AI analysis, postmortems |
| Huntress | Managed threat detection and response - agents, incidents, reports |
| Blumira | Cloud SIEM - detections, findings, alerts, automated response |
| SentinelOne | XDR platform - endpoints, threats, incidents, Purple AI integration |
| Abnormal Security | AI-native email security - threats, cases, abuse mailbox |
| Avanan | Check Point Harmony Email & Collaboration - email security, DLP |
| Ironscales | AI-powered anti-phishing - incidents, simulations, threat intel |
| Mimecast | Email security - message tracking, threat protection, compliance |
| SpamTitan | Email security by TitanHQ - spam filtering, quarantine, policies |
| Proofpoint | Targeted Attack Protection - threat intel, campaigns, forensics |
| KnowBe4 | Security awareness training - phishing simulations, PhishER, training |
| HubSpot | CRM platform - contacts, companies, deals, tickets, marketing |
| PandaDoc | Document automation - proposals, quotes, e-signatures, templates |
| BetterStack | Uptime monitoring and on-call - monitors, incidents, heartbeats |
| PagerDuty | Incident management and on-call - incidents, services, escalations |
Plus shared skills for MSP terminology, ticket triage, cross-vendor incident correlation, and billing reconciliation.
Claude plugins for Checkpoint Harmony Email & Collaboration (Avanan) - email security, anti-phishing, threat detection, quarantine management
Vendor-agnostic MSP skills — terminology, ticket triage, incident correlation, and billing reconciliation
Claude plugins for Better Stack - uptime monitoring, incident management, status pages, on-call schedules, and log management (Logtail) for MSPs
Claude plugins for KnowBe4 - security awareness training, phishing simulation, user risk management
Claude plugins for RunZero - asset discovery, network scanning, service inventory, OS fingerprinting, wireless detection, and vulnerability reporting for MSPs
Claude plugins for Checkpoint Harmony Email & Collaboration (Avanan) - email security, anti-phishing, threat detection, quarantine management
Advanced LimaCharlie skills for MSSP reporting, fleet coverage, threat intelligence, adapter management, IaC, onboarding, and HTML dashboards. Requires lc-essentials plugin.
SentinelOne SecOps skills for Claude: PowerQuery threat hunting and STAR/Custom Detection rules; Management Console API; Singularity Data Lake API; SDL dashboards; log parsing (OCSF); Hyperautomation SOAR; z-score anomaly baselining; autonomous DFIR alert investigation (soc-investigator); and one-prompt SDL solutions: source onboarding, asset enrichment, UEBA, ingest health, detection exclusions, Risk-Based Alerting, alert noise reduction, and Detection as Code.
Agentic SOC Platform integration for Claude Code
IT intelligence skills powered by iGPT. Tracks incidents, access requests, software license renewals, security alert signals, change requests, and IT vendor commitments — all automatically from connected email datasources.
Ultra-compressed communication mode. Cuts 65% of output tokens (measured) while keeping full technical accuracy by speaking like a caveman.