26 lines
1.8 KiB
Markdown
26 lines
1.8 KiB
Markdown
---
|
|
name: remediation-tool
|
|
description: >
|
|
M365 tenant investigation and remediation using the ComputerGuru tiered MSP app suite (Security Investigator, Exchange Operator, User Manager, Tenant Admin, Defender Add-on). Gated writes. Use when the user says "remediation tool", "365 remediation", "check <user> mailbox", "breach check", "tenant sweep", "inbox rules for <user>", or any M365 Graph/Exchange admin task.
|
|
---
|
|
|
|
# /remediation-tool — M365 Investigation & Remediation
|
|
|
|
**Grok skill for the shared command.** Full details, safety gates, and the 5-app suite description are in `.claude/commands/remediation-tool.md` and the implementation in `.claude/skills/remediation-tool/`.
|
|
|
|
**Important posture (from CLAUDE.md and the skill):**
|
|
- Read-only by default.
|
|
- All write/remediation actions are **gated** behind explicit `--confirm` or user approval.
|
|
- Use the skill's structured flows for tenant sweeps, password spray detection, inbox rule enumeration, mailbox searches, etc.
|
|
- NOT for CIPP — this is the direct Graph API app suite (Claude-MSP-Access or equivalent).
|
|
|
|
When invoked:
|
|
- Read the command doc `.claude/commands/remediation-tool.md`.
|
|
- Read the full skill `.claude/skills/remediation-tool/SKILL.md` (it has the detailed model).
|
|
- Use tools to run the underlying Python/Graph scripts (via `run_terminal_command` after activating the right env/venv if needed).
|
|
- For any credential or token work, go through the vault or 1password skill.
|
|
- Follow all compliance/audit logging requirements in the skill.
|
|
|
|
This is heavily used in remediation mode. The skill itself is already a proper SKILL.md, so this Grok wrapper mainly ensures `/remediation-tool` shorthand works and points to the source.
|
|
|
|
See the remediation-tool skill directory for the actual implementation scripts and rules. |