Skill

runZero Wireless

Lists RunZero-discovered wireless networks, identifies rogue access points, analyzes encryption security, and audits SSIDs for authorized networks.

security

monitoring

Install

npx claudepluginhub wyre-technology/msp-claude-plugins --plugin runzero

Tool Access

This skill uses the workspace's default tool permissions.

Preview

RunZero discovers wireless networks visible from explorer locations, including authorized corporate networks, guest networks, and potential rogue access points. Wireless discovery helps MSPs maintain visibility into the RF environment and identify unauthorized network infrastructure.

SKILL.md

Similar Skills

cache-components

Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.

cache-components

139.0k

claude-opus-4-5-migration

2 files

Migrates code, prompts, and API calls from Claude Sonnet 4.0/4.5 or Opus 4.1 to Opus 4.5, updating model strings on Anthropic, AWS, GCP, Azure platforms.

claude-opus-4-5-migration

83.2k

bmad-editorial-review-prose

Reviews prose for communication issues impeding comprehension, outputs minimal fixes in a three-column table per Microsoft Writing Style Guide. Useful for 'review prose' or 'improve prose' requests.

bmad-pro-skills

43.8k

Stats

Parent Repo Stars12

Parent Repo Forks8

Last CommitApr 5, 2026

Actions

View Source View Plugin View on GitHub View README

RunZero Wireless

Overview

Key Concepts

Wireless Network Attributes

Each discovered wireless network includes:

Attribute	Description
`essid`	The network name (SSID)
`bssid`	The access point MAC address
`channel`	The wireless channel
`encryption`	Security protocol (WPA2, WPA3, WEP, Open)
`signal`	Signal strength
`type`	Infrastructure or ad-hoc
`vendor`	AP hardware vendor (from OUI lookup)
`first_seen`	When the network was first discovered
`last_seen`	When the network was last observed
`site_id`	The site where the network was detected

Encryption Types

Encryption	Security Level	Notes
WPA3	Strong	Recommended standard
WPA2-Enterprise	Strong	Requires RADIUS
WPA2-Personal	Moderate	Vulnerable to offline brute force
WPA	Weak	Deprecated; upgrade recommended
WEP	Critical	Trivially breakable; must replace
Open	None	No encryption; use only for guest with captive portal

Rogue AP Detection

A rogue access point is an unauthorized AP connected to the corporate network. Indicators include:

Unknown BSSID not in the authorized AP list
SSID spoofing a corporate network name
Unexpected vendor or hardware
AP on a channel not used by corporate infrastructure

API Patterns

List Wireless Networks

runzero_wireless_list

Parameters:

site_id -- Filter by site
search -- RunZero query string
count -- Results per page
offset -- Pagination offset

Example response:

{
  "wireless": [
    {
      "id": "wireless-uuid-123",
      "essid": "ACME-Corporate",
      "bssid": "AA:BB:CC:DD:EE:FF",
      "channel": 6,
      "encryption": "WPA2-Enterprise",
      "signal": -45,
      "vendor": "Cisco Meraki",
      "type": "infrastructure",
      "first_seen": "2026-01-15T10:00:00Z",
      "last_seen": "2026-03-27T08:30:00Z",
      "site_id": "site-uuid-456"
    }
  ]
}

Get Wireless Network Details

runzero_wireless_get

Parameters:

wireless_id -- The specific wireless network UUID

Common Workflows

Wireless Security Audit

List all wireless networks for a site: runzero_wireless_list
Check encryption types -- flag WEP, WPA, and Open networks
Identify networks with weak security
Recommend upgrades to WPA2-Enterprise or WPA3
Generate a wireless security posture report

Rogue AP Detection

Export all wireless networks for the site
Compare BSSIDs against the authorized AP inventory
Flag unknown BSSIDs as potential rogues
Check for SSID spoofing (matching corporate SSID with unknown BSSID)
Investigate vendor and location of suspicious APs
Report findings with recommended actions

Wireless Inventory

List all wireless networks across sites
Group by SSID, encryption type, and vendor
Count unique access points per site
Generate per-client wireless infrastructure summary

Channel Conflict Analysis

Export wireless networks for a site
Group by channel
Identify channels with multiple APs (potential interference)
Recommend channel planning adjustments

Error Handling

No Wireless Data

Cause: Explorer does not have a wireless adapter, or wireless scanning is disabled Solution: Verify explorer has wireless capability; enable wireless scanning in scan configuration

Limited Coverage

Cause: Explorer can only detect APs within radio range Solution: Deploy explorers at multiple physical locations for comprehensive coverage

Best Practices

Run wireless scans regularly to detect new rogue APs
Maintain an authorized AP inventory for comparison
Flag any WEP or Open networks immediately for remediation
Monitor for SSID spoofing of corporate network names
Document wireless infrastructure per site for compliance
Cross-reference wireless vendor (OUI) with procurement records

Related Skills

api-patterns - Query language and pagination
assets - Assets associated with wireless networks
sites - Sites where wireless networks are detected
tasks - Scans that discover wireless networks