Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From lc-essentials
Generates sensor health and status reports across LimaCharlie organizations using parallel subagents. For queries on sensor connectivity, offline status, data availability, and fleet health.
npx claudepluginhub refractionpoint/lc-ai --plugin lc-essentialsHow this skill is triggered — by the user, by Claude, or both
Slash command
/lc-essentials:sensor-healthThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
This skill orchestrates parallel sensor health checks across multiple LimaCharlie organizations for fast, comprehensive fleet reporting.
Tracks LimaCharlie sensor coverage across orgs, detects gaps like stale/silent endpoints and Shadow IT, calculates risk scores, validates telemetry health, and inventories assets. Use for fleet health checks and compliance audits.
Sends tasks to EDR sensors via LimaCharlie CLI for live response, data collection, forensics, and fleet operations. Handles offline agents with reliable-tasking and collects responses via LCQL.
Manages Blumira agents and devices: lists inventory with filters and pagination, checks health via last_seen timestamps, audits coverage by OS/status, handles deployment keys.
Share bugs, ideas, or general feedback.
This skill orchestrates parallel sensor health checks across multiple LimaCharlie organizations for fast, comprehensive fleet reporting.
Prerequisites: Run
/init-lcto initialize LimaCharlie context.
All LimaCharlie operations use the limacharlie CLI directly:
limacharlie <noun> <verb> --oid <oid> --output yaml [flags]
For command help and discovery: limacharlie <command> --ai-help
| Rule | Wrong | Right |
|---|---|---|
| CLI Access | Call MCP tools or spawn api-executor | Use Bash("limacharlie ...") directly |
| Output Format | --output json | --output yaml (more token-efficient) |
| Filter Output | Pipe to jq/yq | Use --filter JMESPATH to select fields |
| LCQL Queries | Write query syntax manually | Use limacharlie ai generate-query first |
| Timestamps | Calculate epoch values | Use date +%s or date -d '7 days ago' +%s |
| OID | Use org name | Use UUID (call limacharlie org list if needed) |
Use this skill when the user asks about:
This skill orchestrates sensor health reporting by:
lc-essentials:sensor-health-reporter agents (one per org)Key Advantage: By running one agent per organization in parallel, this skill can check dozens of organizations simultaneously, dramatically reducing execution time.
Identify the key parameters:
Use the LimaCharlie CLI to get the user's organizations:
limacharlie org list --output yaml
For each organization, spawn a lc-essentials:sensor-health-reporter agent in parallel:
Task(
subagent_type="lc-essentials:sensor-health-reporter",
prompt="Check sensors in organization '{org_name}' (OID: {oid}) that are online but have not sent telemetry in the last {timeframe}."
)
CRITICAL: Spawn ALL agents in a SINGLE message with multiple Task tool calls to run them in parallel:
<message with multiple Task blocks>
Task 1: Check org 1
Task 2: Check org 2
Task 3: Check org 3
...
</message>
Do NOT spawn them sequentially - that defeats the purpose of parallelization.
Once all agents return:
Present a unified report with:
User Query: "Show me sensors online but not reporting events in the last hour"
Step 1: Get current timestamp and calculate 1 hour ago
current=$(date +%s)
one_hour_ago=$(date -d '1 hour ago' +%s)
Step 2: Get org list
limacharlie org list --output yaml
Step 3: Spawn parallel agents (example with 3 orgs)
# Single message with 3 Task calls
Task(subagent_type="lc-essentials:sensor-health-reporter", prompt="Check org1...")
Task(subagent_type="lc-essentials:sensor-health-reporter", prompt="Check org2...")
Task(subagent_type="lc-essentials:sensor-health-reporter", prompt="Check org3...")
Step 4: Aggregate
Org1: 5 sensors with no data
Org2: 12 sensors with no data
Org3: 0 sensors with issues
Total: 17 sensors
Step 5: Present report
## Sensors Online But Without Events (Last Hour)
**Total: 17 sensors across 2 organizations**
### org1 (5 sensors)
- sensor-id-1
- sensor-id-2
...
### org2 (12 sensors)
- sensor-id-6
...
### Analysis
These sensors are connected but not generating events...
Use bash to calculate timestamps:
# Current time
date +%s
# X hours ago
date -d 'X hours ago' +%s
# X days ago
date -d 'X days ago' +%s
# X weeks ago
date -d 'X weeks ago' +%s
If an agent fails:
## {Query Title}
**Summary**: {Total count} sensors across {N} organizations
### {Org Name 1} ({count} sensors)
- {sensor-id-1}
- {sensor-id-2}
...
### {Org Name 2} ({count} sensors)
- {sensor-id-x}
...
### Organizations with No Issues
- {Org Name 3}
- {Org Name 4}
### Analysis
{Context about findings}
### Recommendations
{Optional suggestions}
sensor-tasking - For sending commands to sensors (live response, data collection)sensor-coverage - For comprehensive asset inventory and coverage gap analysislimacharlie org list - Get organizationslimacharlie sensor list --online --oid <oid> - Get online sensor list (used by agent)limacharlie event retention --sid <sid> --oid <oid> - Check data timeline (used by agent)limacharlie sensor list --oid <oid> - Get all sensors (used by agent for offline checks)