Agents Reference
Agents are specialized subagents that perform multi-step MSP workflows autonomously. There are 80 agents across all plugins.
What are Agents?
Agents combine skills, commands, and domain knowledge to execute higher-level tasks — auditing a tenant, reconciling billing, triaging an alert — without you walking Claude through every step. Each agent is scoped to a clear role and a focused set of tools.
/agent identity-auditor "Audit Acme Corp's M365 tenant"Agents by Category
Auditing & Compliance
Agents that audit configurations, identities, devices, and surface compliance gaps.
| Agent | Plugin | Description |
|---|---|---|
compliance-reporter | Blumira | Use this agent when generating compliance-oriented security reports from Blumira SIEM data — not for live incident investigation, but for producing evidence packages, coverage gap assessments, and log source health summaries for frameworks like SOC 2, HIPAA, and CIS. |
tenant-policy-auditor | Checkpoint Avanan | Use this agent when an MSP needs to audit email security policy completeness and correctness across Avanan (Check Point Harmony Email & Collaboration) managed tenants — verifying anti-phishing coverage, attachment sandboxing, impersonation protection, DLP rules, and exception hygiene. |
rmm-health-auditor | Datto RMM | Use this agent when an MSP needs a comprehensive health audit of their Datto RMM managed device fleet. |
documentation-auditor | Hudu | Use this agent when an MSP technician or vCIO needs to find and fix documentation debt in Hudu. |
runbook-freshness-auditor | Hudu | Use this agent when an MSP needs to audit the currency and coverage of runbooks and SOPs in Hudu. |
documentation-auditor | IT Glue | Use this agent when an MSP needs to audit documentation completeness and freshness across their IT Glue client portfolio. |
identity-auditor | Microsoft 365 | Use this agent when an MSP needs to perform a comprehensive Microsoft 365 tenant security audit. |
license-auditor | Microsoft 365 | Use this agent when an MSP needs to audit Microsoft 365 license costs and find savings opportunities across a client tenant. |
device-health-auditor | NinjaOne (NinjaRMM) | Use this agent when an MSP needs a comprehensive device health audit across their NinjaOne-managed organization portfolio. |
patch-compliance-reporter | NinjaOne (NinjaRMM) | Use this agent when an MSP needs dedicated patch compliance reporting across their NinjaOne-managed portfolio — not a general health check, but a focused analysis of OS patch levels, third-party application versions, missing critical patches, devices pending reboot, and patch policy exceptions. |
email-security-auditor | Proofpoint | Use this agent when auditing email security posture across Proofpoint-protected organizations, investigating threats via TAP intelligence, tracing specific emails, analyzing Very Attacked Persons (VAPs), or generating per-org security reports for MSP clients. |
endpoint-hardening-auditor | SentinelOne | Use this agent when an MSP needs to audit and harden SentinelOne endpoint configuration across client sites — not to investigate active threats, but to proactively identify gaps before attackers can exploit them. |
billing-auditor | Syncro MSP | Use this agent when an MSP owner, billing coordinator, or service manager needs a billing completeness and accuracy audit in Syncro — finding tickets that haven't been billed, identifying recurring billing discrepancies, checking invoice accuracy against contracts, and flagging draft invoices overdue for finalization. |
fleet-health-auditor | Threatlocker | Use this agent when producing ThreatLocker fleet inventory and hygiene reports — computer inventory by OS or group, offline-agent identification with check-in age tiering, computer-group hygiene analysis (orphans, oversized groups, OS-mismatched assignments), and multi-tenant pivots across child organizations. |
Health & Monitoring
Agents that watch backups, automation, uptime, and overall customer health.
| Agent | Plugin | Description |
|---|---|---|
customer-health-scorer | Atera | Use this agent when an MSP account manager, service manager, or owner needs to score and rank client health across the Atera portfolio — not live operations management, but a structured assessment of each client based on device health trends, ticket velocity, recurring issues, patch compliance, and alert frequency. |
sla-uptime-reporter | BetterStack | Use this agent when an MSP needs to generate SLA-focused uptime reports for clients, calculate SLA achievement percentages, identify chronic underperforming monitors, or produce client-facing availability summaries. |
uptime-incident-responder | BetterStack | Use this agent when an MSP needs to respond to a BetterStack uptime incident, investigate monitor failures, coordinate on-call response, or produce an incident report. |
automation-health-checker | ConnectWise Automate | Use this agent when an MSP technician or engineer needs to audit the health of their ConnectWise Automate RMM environment. |
backup-health-monitor | Datto RMM | Use this agent when an MSP needs to audit backup and BC/DR health across their Datto RMM managed client portfolio — not a general fleet health check, but a focused review of backup job success rates, last successful backups per device, retention policy compliance, offsite replication status, and restore test records. |
rmm-health-auditor | Datto RMM | Use this agent when an MSP needs a comprehensive health audit of their Datto RMM managed device fleet. |
device-health-auditor | NinjaOne (NinjaRMM) | Use this agent when an MSP needs a comprehensive device health audit across their NinjaOne-managed organization portfolio. |
fleet-health-auditor | Threatlocker | Use this agent when producing ThreatLocker fleet inventory and hygiene reports — computer inventory by OS or group, offline-agent identification with check-in age tiering, computer-group hygiene analysis (orphans, oversized groups, OS-mismatched assignments), and multi-tenant pivots across child organizations. |
pipeline-health-reporter | HubSpot CRM | Use this agent when an MSP sales manager or leadership needs to analyze pipeline health, deal velocity, stage conversion rates, or forecast accuracy in HubSpot. |
Incident & Service Desk
Agents that triage alerts, drive incidents, and run service desk operations.
| Agent | Plugin | Description |
|---|---|---|
uptime-incident-responder | BetterStack | Use this agent when an MSP needs to respond to a BetterStack uptime incident, investigate monitor failures, coordinate on-call response, or produce an incident report. |
service-desk-ops | ConnectWise PSA | Use this agent when an MSP dispatcher, service manager, or team lead needs to review the current state of the ConnectWise Manage service desk. |
service-desk-ops | HaloPSA | Use this agent when an MSP dispatcher, team lead, or service manager needs to triage and manage the HaloPSA ticket queue. |
incident-responder | Huntress | Use this agent when triaging Huntress incidents, reviewing SOC escalations, approving or rejecting endpoint remediations, investigating security signals, or managing the Huntress agent fleet across MSP client organizations. |
change-detective | Liongard | Use this agent when an MSP needs to detect unauthorized or unexpected configuration changes, audit compliance drift, or surface undocumented systems across their client environments. |
incident-commander | PagerDuty | Use this agent when an MSP engineer, SRE, or incident manager needs to command an active incident or review the state of open PagerDuty incidents. |
soc-alert-investigator | RocketCyber | Use this agent when an MSP needs to investigate and triage RocketCyber SOC alerts and security incidents across their client portfolio. |
incident-commander | Rootly | Use this agent when an MSP engineer, SRE, or incident manager needs to command an active Rootly incident or review open incidents. |
incident-war-room-coordinator | Wyre Gateway | Use this agent when a major incident (P1 or Critical severity) has been declared or is suspected, and the team needs immediate situational awareness across all affected systems and stakeholders. |
Client Lifecycle
Agents that handle onboarding, contracts, and renewal tracking.
| Agent | Plugin | Description |
|---|---|---|
contract-renewal-tracker | Autotask PSA | Use this agent when an MSP account manager, service manager, or operations lead needs to track and manage contract renewals in Autotask PSA — surfacing expiring contracts, identifying auto-renewal gaps, tracking MRR/ARR trends, and flagging clients who are still receiving service on expired contracts. |
client-onboarding-validator | Huntress | Use this agent when validating a newly onboarded client in Huntress — checking that agents are deployed and reporting, confirming SOC coverage is active, identifying any endpoints missing agents, and surfacing initial detections that fired during or after deployment. |
contract-tracker | PandaDoc | Use this agent when an MSP sales coordinator or account manager needs to track the status of pending proposals and contracts in PandaDoc. |
renewal-calendar | Pax8 | Use this agent when an MSP needs a proactive view of upcoming Pax8 subscription renewals across all clients, wants to flag month-to-month subscriptions that should move to annual, or needs to identify annual renewals that require a seat count review before they lock in. |
onboarding-completeness-checker | Wyre Gateway | Use this agent when an MSP needs to validate that a newly onboarded client has been fully set up across all MSP tools and systems before transitioning to steady-state support. |
renewal-risk-analyzer | Wyre Gateway | Use this agent when an MSP account manager, sales leader, or operations manager wants to identify clients at risk of not renewing before the renewal conversation happens. |
Financial Operations
Agents focused on billing, licensing, margins, and procurement.
| Agent | Plugin | Description |
|---|---|---|
procurement-specialist | ConnectWise PSA | Use this agent when an MSP procurement lead, sales engineer, service manager, or owner needs to work against the ConnectWise Manage product catalog and the procurement/quoting workflows it feeds. |
license-auditor | Microsoft 365 | Use this agent when an MSP needs to audit Microsoft 365 license costs and find savings opportunities across a client tenant. |
license-optimizer | Pax8 | Use this agent when an MSP needs to analyze license utilization across their Pax8 marketplace subscriptions, identify unused or over-provisioned seats, optimize costs, or plan renewals. |
billing-reconciler | QuickBooks Online | Use this agent when an MSP needs to reconcile billing in QuickBooks Online — matching invoices to contracts, identifying unbilled work, flagging overdue accounts, or auditing revenue recognition. |
margin-analyzer | SalesBuildr | Use this agent when an MSP sales manager or finance lead needs to analyze quote margin health across recent quotes in Salesbuildr. |
billing-auditor | Syncro MSP | Use this agent when an MSP owner, billing coordinator, or service manager needs a billing completeness and accuracy audit in Syncro — finding tickets that haven't been billed, identifying recurring billing discrepancies, checking invoice accuracy against contracts, and flagging draft invoices overdue for finalization. |
billing-reconciler | Xero | Use this agent when an MSP needs to reconcile billing in Xero — matching invoices to contracts, tracking outstanding receivables, identifying billing discrepancies, or reviewing cash flow. |
Documentation & Insights
Agents that link assets to documentation and surface optimization opportunities.
| Agent | Plugin | Description |
|---|---|---|
asset-documentation-linker | IT Glue | Use this agent when an MSP needs to find and fix broken or missing linkages between IT Glue objects — configurations without passwords, devices without runbooks, organizations without network diagrams, contacts unlinked from assets. |
automation-opportunity-finder | SuperOps.ai | Use this agent when an MSP operations lead, service manager, or technician wants to identify repetitive ticket patterns in SuperOps.ai that should be automated — not live operations management, but a retrospective analysis of ticket history to find recurring issues with the same client, same category, and same resolution, calculate the manual time cost, and recommend runbooks or automation scripts to eliminate the pattern. |
All Agents by Plugin
Abnormal Security
| Agent | Description |
|---|---|
email-threat-analyst | Use this agent when investigating email threats detected by Abnormal Security, analyzing attack chains, assessing user exposure, or managing remediation across client tenants. |
threat-report-generator | Use this agent when generating periodic threat landscape reports from Abnormal Security data across the MSP client portfolio — not for live threat investigation, but for summarizing attack trends, most targeted organizations, most common attack types, BEC attempt volumes, and remediation effectiveness over time. |
Atera
| Agent | Description |
|---|---|
customer-health-scorer | Use this agent when an MSP account manager, service manager, or owner needs to score and rank client health across the Atera portfolio — not live operations management, but a structured assessment of each client based on device health trends, ticket velocity, recurring issues, patch compliance, and alert frequency. |
msp-ops-assistant | Use this agent when an MSP needs combined RMM and PSA operations assistance through Atera — triaging alerts, managing the ticket queue, checking device health, and identifying patterns across the client base. |
Autotask PSA
| Agent | Description |
|---|---|
contract-renewal-tracker | Use this agent when an MSP account manager, service manager, or operations lead needs to track and manage contract renewals in Autotask PSA — surfacing expiring contracts, identifying auto-renewal gaps, tracking MRR/ARR trends, and flagging clients who are still receiving service on expired contracts. |
ticket-dispatcher | Use this agent when an MSP dispatcher or service manager needs to intelligently manage the Autotask PSA ticket queue — reviewing priorities, suggesting technician assignments, monitoring SLA compliance, and driving dispatch decisions. |
BetterStack
| Agent | Description |
|---|---|
sla-uptime-reporter | Use this agent when an MSP needs to generate SLA-focused uptime reports for clients, calculate SLA achievement percentages, identify chronic underperforming monitors, or produce client-facing availability summaries. |
uptime-incident-responder | Use this agent when an MSP needs to respond to a BetterStack uptime incident, investigate monitor failures, coordinate on-call response, or produce an incident report. |
Blumira
| Agent | Description |
|---|---|
compliance-reporter | Use this agent when generating compliance-oriented security reports from Blumira SIEM data — not for live incident investigation, but for producing evidence packages, coverage gap assessments, and log source health summaries for frameworks like SOC 2, HIPAA, and CIS. |
siem-investigator | Use this agent when investigating Blumira SIEM alerts and findings, tracing attack chains across data sources, resolving detections, auditing security posture across MSP client accounts, or producing threat investigation reports. |
Checkpoint Avanan
| Agent | Description |
|---|---|
cloud-email-defender | Use this agent when investigating quarantined threats, managing email security events, auditing Avanan tenant configuration, or performing cross-tenant threat sweeps in Check Point Avanan (Harmony Email & Collaboration). |
tenant-policy-auditor | Use this agent when an MSP needs to audit email security policy completeness and correctness across Avanan (Check Point Harmony Email & Collaboration) managed tenants — verifying anti-phishing coverage, attachment sandboxing, impersonation protection, DLP rules, and exception hygiene. |
CIPP
| Agent | Description |
|---|---|
security-posture-reviewer | Use this agent when an MSP security lead, vCISO, or service manager needs to sweep the M365 portfolio for security posture issues — Secure Score regressions, MFA enrollment gaps, conditional access drift, BPA failures, and broken domain authentication. |
user-offboarding-runner | Use this agent when an MSP technician, dispatcher, or HR-facing operator needs to run a complete M365 user offboarding through CIPP. |
ConnectWise Automate
| Agent | Description |
|---|---|
automation-health-checker | Use this agent when an MSP technician or engineer needs to audit the health of their ConnectWise Automate RMM environment. |
ConnectWise PSA
| Agent | Description |
|---|---|
procurement-specialist | Use this agent when an MSP procurement lead, sales engineer, service manager, or owner needs to work against the ConnectWise Manage product catalog and the procurement/quoting workflows it feeds. |
project-tracker | Use this agent when an MSP project manager, service manager, or operations lead needs a review of all open projects in ConnectWise Manage — checking milestone deadlines, budget vs. actuals, overdue phases, and projects at risk of scope creep or delivery failure. |
service-desk-ops | Use this agent when an MSP dispatcher, service manager, or team lead needs to review the current state of the ConnectWise Manage service desk. |
Datto RMM
| Agent | Description |
|---|---|
backup-health-monitor | Use this agent when an MSP needs to audit backup and BC/DR health across their Datto RMM managed client portfolio — not a general fleet health check, but a focused review of backup job success rates, last successful backups per device, retention policy compliance, offsite replication status, and restore test records. |
rmm-health-auditor | Use this agent when an MSP needs a comprehensive health audit of their Datto RMM managed device fleet. |
HaloPSA
| Agent | Description |
|---|---|
service-desk-ops | Use this agent when an MSP dispatcher, team lead, or service manager needs to triage and manage the HaloPSA ticket queue. |
sla-performance-reporter | Use this agent when an MSP service manager, operations lead, or account manager needs SLA compliance reporting and trend analysis in HaloPSA — not live ticket triage, but retrospective reporting on how well the team has met SLA commitments by client, by technician, and by ticket category. |
Hudu
| Agent | Description |
|---|---|
documentation-auditor | Use this agent when an MSP technician or vCIO needs to find and fix documentation debt in Hudu. |
runbook-freshness-auditor | Use this agent when an MSP needs to audit the currency and coverage of runbooks and SOPs in Hudu. |
Huntress
| Agent | Description |
|---|---|
client-onboarding-validator | Use this agent when validating a newly onboarded client in Huntress — checking that agents are deployed and reporting, confirming SOC coverage is active, identifying any endpoints missing agents, and surfacing initial detections that fired during or after deployment. |
incident-responder | Use this agent when triaging Huntress incidents, reviewing SOC escalations, approving or rejecting endpoint remediations, investigating security signals, or managing the Huntress agent fleet across MSP client organizations. |
IT Glue
| Agent | Description |
|---|---|
asset-documentation-linker | Use this agent when an MSP needs to find and fix broken or missing linkages between IT Glue objects — configurations without passwords, devices without runbooks, organizations without network diagrams, contacts unlinked from assets. |
documentation-auditor | Use this agent when an MSP needs to audit documentation completeness and freshness across their IT Glue client portfolio. |
Knowbe4
| Agent | Description |
|---|---|
security-awareness-analyst | Use this agent when analyzing phishing simulation results, identifying high-risk users, tracking training completion, recommending targeted security awareness programs, or responding to user-reported phishing through KnowBe4 PhishER for MSP clients. |
training-enforcer | Use this agent when tracking and enforcing security awareness training completion in KnowBe4 — identifying users who have missed deadlines, finding repeat phishing simulation clickers who represent high-risk users, drafting re-training campaigns, or generating compliance completion reports for clients. |
Liongard
| Agent | Description |
|---|---|
change-detective | Use this agent when an MSP needs to detect unauthorized or unexpected configuration changes, audit compliance drift, or surface undocumented systems across their client environments. |
compliance-drift-reporter | Use this agent when an MSP needs to generate compliance baseline drift reports, produce evidence for compliance frameworks, or identify coverage gaps where inspectors have not checked in. |
Microsoft 365
| Agent | Description |
|---|---|
identity-auditor | Use this agent when an MSP needs to perform a comprehensive Microsoft 365 tenant security audit. |
license-auditor | Use this agent when an MSP needs to audit Microsoft 365 license costs and find savings opportunities across a client tenant. |
NinjaOne (NinjaRMM)
| Agent | Description |
|---|---|
device-health-auditor | Use this agent when an MSP needs a comprehensive device health audit across their NinjaOne-managed organization portfolio. |
patch-compliance-reporter | Use this agent when an MSP needs dedicated patch compliance reporting across their NinjaOne-managed portfolio — not a general health check, but a focused analysis of OS patch levels, third-party application versions, missing critical patches, devices pending reboot, and patch policy exceptions. |
PagerDuty
| Agent | Description |
|---|---|
incident-commander | Use this agent when an MSP engineer, SRE, or incident manager needs to command an active incident or review the state of open PagerDuty incidents. |
on-call-scheduler | Use this agent when an MSP operations lead, SRE manager, or engineering manager needs to review and manage PagerDuty on-call schedules — not incident response, but the health of the schedule system itself: coverage gaps, upcoming holidays without coverage, overloaded individuals, escalation policy misconfigurations, and rotation balance. |
PandaDoc
| Agent | Description |
|---|---|
contract-tracker | Use this agent when an MSP sales coordinator or account manager needs to track the status of pending proposals and contracts in PandaDoc. |
template-standardizer | Use this agent when an MSP needs to audit and standardize their PandaDoc proposal and contract templates — checking for outdated pricing, missing legal clauses, inconsistent formatting, and stale service descriptions. |
Pax8
| Agent | Description |
|---|---|
license-optimizer | Use this agent when an MSP needs to analyze license utilization across their Pax8 marketplace subscriptions, identify unused or over-provisioned seats, optimize costs, or plan renewals. |
renewal-calendar | Use this agent when an MSP needs a proactive view of upcoming Pax8 subscription renewals across all clients, wants to flag month-to-month subscriptions that should move to annual, or needs to identify annual renewals that require a seat count review before they lock in. |
Proofpoint
| Agent | Description |
|---|---|
email-security-auditor | Use this agent when auditing email security posture across Proofpoint-protected organizations, investigating threats via TAP intelligence, tracing specific emails, analyzing Very Attacked Persons (VAPs), or generating per-org security reports for MSP clients. |
vap-reporter | Use this agent when analyzing Very Attacked Persons (VAPs) in Proofpoint — tracking executives and high-value targets who receive the most sophisticated or highest-volume attacks, surfacing patterns over time, and recommending enhanced protections for the highest-risk users across the MSP client portfolio. |
QuickBooks Online
| Agent | Description |
|---|---|
billing-reconciler | Use this agent when an MSP needs to reconcile billing in QuickBooks Online — matching invoices to contracts, identifying unbilled work, flagging overdue accounts, or auditing revenue recognition. |
profitability-reporter | Use this agent when an MSP needs to analyze per-client or per-service-line profitability in QuickBooks Online — calculating gross margin by client, identifying the most and least profitable accounts, tracking profitability trends over time, or surfacing service lines where costs are eroding margin. |
RocketCyber
| Agent | Description |
|---|---|
soc-alert-investigator | Use this agent when an MSP needs to investigate and triage RocketCyber SOC alerts and security incidents across their client portfolio. |
threat-correlation-analyst | Use this agent when an MSP needs to correlate RocketCyber SOC detections with broader security context from across the Kaseya ecosystem — cross-referencing incidents with Datto RMM device data, IT Glue documentation, and Autotask ticket history to build richer threat narratives and identify whether incidents are isolated or part of a broader pattern. |
Rootly
| Agent | Description |
|---|---|
incident-commander | Use this agent when an MSP engineer, SRE, or incident manager needs to command an active Rootly incident or review open incidents. |
post-mortem-writer | Use this agent when an MSP engineer, SRE, or incident manager needs to generate a structured post-incident review (PIR) for a resolved Rootly incident — not live incident command, but a thorough retrospective document covering what happened, why it happened, the full impact timeline, contributing factors, and the concrete action items the team is committing to fix. |
SalesBuildr
| Agent | Description |
|---|---|
margin-analyzer | Use this agent when an MSP sales manager or finance lead needs to analyze quote margin health across recent quotes in Salesbuildr. |
quote-builder | Use this agent when an MSP sales team member needs to build, review, or standardize quotes in Salesbuildr. |
SentinelOne
| Agent | Description |
|---|---|
endpoint-hardening-auditor | Use this agent when an MSP needs to audit and harden SentinelOne endpoint configuration across client sites — not to investigate active threats, but to proactively identify gaps before attackers can exploit them. |
threat-hunter | Use this agent when an MSP needs to autonomously hunt for threats across client endpoints using SentinelOne. |
SuperOps.ai
| Agent | Description |
|---|---|
automation-opportunity-finder | Use this agent when an MSP operations lead, service manager, or technician wants to identify repetitive ticket patterns in SuperOps.ai that should be automated — not live operations management, but a retrospective analysis of ticket history to find recurring issues with the same client, same category, and same resolution, calculate the manual time cost, and recommend runbooks or automation scripts to eliminate the pattern. |
msp-service-ops | Use this agent when an MSP technician, dispatcher, or manager needs a combined PSA and RMM operations review in SuperOps.ai. |
Syncro MSP
| Agent | Description |
|---|---|
billing-auditor | Use this agent when an MSP owner, billing coordinator, or service manager needs a billing completeness and accuracy audit in Syncro — finding tickets that haven't been billed, identifying recurring billing discrepancies, checking invoice accuracy against contracts, and flagging draft invoices overdue for finalization. |
msp-service-ops | Use this agent when an MSP technician, dispatcher, or owner needs an integrated review of tickets, devices, and billing in Syncro. |
Threatlocker
| Agent | Description |
|---|---|
approval-triage-analyst | Use this agent when reviewing the ThreatLocker pending approval queue, classifying application requests as high-confidence vs needs-review, recommending approve/deny decisions with documented reasoning, and escalating suspicious patterns. |
fleet-health-auditor | Use this agent when producing ThreatLocker fleet inventory and hygiene reports — computer inventory by OS or group, offline-agent identification with check-in age tiering, computer-group hygiene analysis (orphans, oversized groups, OS-mismatched assignments), and multi-tenant pivots across child organizations. |
threat-investigator | Use this agent when investigating a ThreatLocker security event — reconstructing a timeline around a host/user/file, tracing a file's history across the fleet, identifying repeated denials, and surfacing policy bypasses or audit-only matches that warrant new policy rules. |
HubSpot CRM
| Agent | Description |
|---|---|
client-relationship-manager | Use this agent when an MSP account manager or vCIO needs to review account health across the client portfolio in HubSpot. |
pipeline-health-reporter | Use this agent when an MSP sales manager or leadership needs to analyze pipeline health, deal velocity, stage conversion rates, or forecast accuracy in HubSpot. |
Spamtitan
| Agent | Description |
|---|---|
quarantine-release-reviewer | Use this agent when an MSP technician or client needs to systematically review the SpamTitan quarantine queue for false positives, release legitimate messages, identify patterns of legitimate mail being blocked, or generate a quarantine digest for client review. |
spam-filter-analyst | Use this agent when analyzing spam and phishing patterns in SpamTitan, managing the quarantine queue, tuning allowlist and blocklist rules, investigating held email, or generating email filtering statistics for MSP clients. |
Xero
| Agent | Description |
|---|---|
billing-reconciler | Use this agent when an MSP needs to reconcile billing in Xero — matching invoices to contracts, tracking outstanding receivables, identifying billing discrepancies, or reviewing cash flow. |
cash-flow-analyzer | Use this agent when an MSP needs to analyze cash flow position in Xero — tracking accounts receivable aging trends, forecasting upcoming payables vs. expected inflows, identifying months where collections may fall short of committed expenses, or producing a 90-day cash flow projection. |
Ironscales
| Agent | Description |
|---|---|
crowdsourced-intel-harvester | Use this agent when harvesting and analyzing crowdsourced threat intelligence from IRONSCALES' global network — identifying trending attack types, surfacing indicators seeing increased reports, comparing client threat profiles to industry peers, and generating intelligence briefings from the collective signal. |
phishing-responder | Use this agent when responding to user-reported phishing emails in IRONSCALES, triaging the incident queue, classifying emails, coordinating quarantine and remediation, or reviewing security statistics for MSP clients. |
Mimecast
| Agent | Description |
|---|---|
email-continuity-checker | Use this agent when verifying Mimecast email continuity and archiving health — not for threat investigation, but for checking continuity mode status, verifying archiving is capturing expected mail volumes, auditing connector health, and confirming restore capability. |
email-threat-investigator | Use this agent when investigating email-borne threats, tracing suspicious messages, analyzing TTP click and attachment logs, auditing Mimecast security posture, or managing held email queues for MSP clients on the Mimecast platform. |
Wyre Gateway
| Agent | Description |
|---|---|
client-360-briefer | Use this agent when an MSP technician, account manager, or vCIO needs a complete, synthesized briefing on a client before a call, meeting, or QBR. |
compliance-evidence-packager | Use this agent when a client needs compliance evidence gathered for a formal audit or assessment against a recognized framework. |
gateway-ops | Use this agent when an MSP administrator needs to review gateway activity, audit tool usage across the team, investigate suspicious access patterns, check permission configurations, or monitor for anomalies in how MSP tools are being accessed through the WYRE MCP Gateway. |
incident-war-room-coordinator | Use this agent when a major incident (P1 or Critical severity) has been declared or is suspected, and the team needs immediate situational awareness across all affected systems and stakeholders. |
onboarding-completeness-checker | Use this agent when an MSP needs to validate that a newly onboarded client has been fully set up across all MSP tools and systems before transitioning to steady-state support. |
qbr-prep-agent | Use this agent when an MSP account manager or vCIO needs to prepare a complete Quarterly Business Review data package for a client. |
renewal-risk-analyzer | Use this agent when an MSP account manager, sales leader, or operations manager wants to identify clients at risk of not renewing before the renewal conversation happens. |
security-posture-scorer | Use this agent when an MSP needs a comprehensive, scored security health assessment for a specific client — acting as a vCISO-style health check by aggregating data across all connected security tools. |
technician-performance-coach | Use this agent when a service delivery manager or operations lead wants to understand technician performance trends and get actionable coaching recommendations grounded in data. |