๐งช Community โ Claude Code โ Claude Desktop ๐ Requires MCP Server โข Abnormal
Abnormal Security
Abnormal Security - AI-powered email security, phishing detection, account takeover prevention
๐ Recommended MCP Server
Pair this plugin with the Abnormal Security MCP for direct API access alongside skills and commands.
Installation
Install this plugin individually:
/plugin marketplace add wyre-technology/msp-claude-plugins --plugin abnormal-security Or install all MSP plugins at once:
/plugin marketplace add wyre-technology/msp-claude-plugins Features
- Account Takeover
- Cases
- Messages
- Threats
- Vendors
Skills
This plugin provides 6 skills that teach Claude about Abnormal Security:
| Skill | Description |
|---|---|
account-takeover | Use this skill when working with Abnormal Security account takeover (ATO) detection - suspicious sign-ins, impossible travel, compromised accounts, mailbox rule changes, and lateral movement indicators. |
cases | Use this skill when working with Abnormal Security abuse mailbox cases - user-reported emails, case triage, remediation actions, case lifecycle, and phishing simulation management. |
messages | Use this skill when working with Abnormal Security message analysis - email headers, attachments, sender reputation, delivery context, authentication results (SPF/DKIM/DMARC), and message metadata. |
threats | Use this skill when working with Abnormal Security threat detection and analysis - BEC, phishing, malware, socially-engineered attacks, spam, graymail, and credential theft. |
vendors | Use this skill when working with Abnormal Security VendorBase vendor risk assessment - vendor risk scores, compromised vendor detection, vendor domain analysis, and supply chain email threat monitoring. |
api-patterns | Use this skill when working with the Abnormal Security REST API - Bearer token authentication, base URLs, rate limiting, pagination, OData filtering, error handling, and common API patterns. |
Agents
This plugin provides 2 agents for autonomous task execution:
| Agent | Description |
|---|---|
email-threat-analyst | Use this agent when investigating email threats detected by Abnormal Security, analyzing attack chains, assessing user exposure, or managing remediation across client tenants. |
threat-report-generator | Use this agent when generating periodic threat landscape reports from Abnormal Security data across the MSP client portfolio โ not for live threat investigation, but for summarizing attack trends, most targeted organizations, most common attack types, BEC attempt volumes, and remediation effectiveness over time. |
Commands
Available slash commands:
| Command | Description |
|---|---|
/account-audit | Audit for account takeover indicators and suspicious sign-ins in Abnormal Security |
/case-review | Review and triage abuse mailbox cases in Abnormal Security |
/search-threats | Search for specific threat patterns in Abnormal Security by sender, recipient, attack type, or keywords |
/threat-triage | Triage recent email threats detected by Abnormal Security by severity and attack type |
/vendor-risk | Check vendor risk scores and compromised vendor activity in Abnormal Security VendorBase |
API Reference
| Base URL | |
| Authentication | |
| Rate Limit | |
| Documentation |
Example Usage
Audit for account takeover indicators and suspicious sign-ins in Abnormal Security
/account-auditReview and triage abuse mailbox cases in Abnormal Security
/case-reviewSearch for specific threat patterns in Abnormal Security by sender, recipient, attack type, or keywords
/search-threatsTriage recent email threats detected by Abnormal Security by severity and attack type
/threat-triageCheck vendor risk scores and compromised vendor activity in Abnormal Security VendorBase
/vendor-riskUsing Skills
/skill abnormal-security:account-takeover
Use this skill when working with Abnormal Security account takeover (ATO) detection - suspicious sign-ins, impossible travel, compromised accounts, mailbox rule changes, and lateral movement indicators.