1.8 KiB
1.8 KiB
name, description
| name | description |
|---|---|
| remediation-tool | M365 tenant investigation and remediation using the ComputerGuru tiered MSP app suite (Security Investigator, Exchange Operator, User Manager, Tenant Admin, Defender Add-on). Gated writes. Use when the user says "remediation tool", "365 remediation", "check <user> mailbox", "breach check", "tenant sweep", "inbox rules for <user>", or any M365 Graph/Exchange admin task. |
/remediation-tool — M365 Investigation & Remediation
Grok skill for the shared command. Full details, safety gates, and the 5-app suite description are in .claude/commands/remediation-tool.md and the implementation in .claude/skills/remediation-tool/.
Important posture (from CLAUDE.md and the skill):
- Read-only by default.
- All write/remediation actions are gated behind explicit
--confirmor user approval. - Use the skill's structured flows for tenant sweeps, password spray detection, inbox rule enumeration, mailbox searches, etc.
- NOT for CIPP — this is the direct Graph API app suite (Claude-MSP-Access or equivalent).
When invoked:
- Read the command doc
.claude/commands/remediation-tool.md. - Read the full skill
.claude/skills/remediation-tool/SKILL.md(it has the detailed model). - Use tools to run the underlying Python/Graph scripts (via
run_terminal_commandafter activating the right env/venv if needed). - For any credential or token work, go through the vault or 1password skill.
- Follow all compliance/audit logging requirements in the skill.
This is heavily used in remediation mode. The skill itself is already a proper SKILL.md, so this Grok wrapper mainly ensures /remediation-tool shorthand works and points to the source.
See the remediation-tool skill directory for the actual implementation scripts and rules.