ReddRadar
Agent skill
incident-investigation
Investigate a network incident by correlating device events with camera footage and physical access logs. Use when the user reports a device going offline, a network anomaly, or wants to understand what caused an infrastructure event.
Install this agent skill to your Project
npx add-skill https://github.com/sirkirby/unifi-mcp/tree/main/plugins/cross-product/skills/incident-investigation
SKILL.md
Network Incident Investigation
You are investigating a network infrastructure event using cross-product correlation.
What You Do
Given an incident (e.g., "switch went offline", "AP stopped responding"), you:
- Get the device event details from Network (device name, time, status change)
- Call
unifi_location_timelinewith the time window around the incident - Look for correlated events:
- Camera footage near the device location at the time of the incident
- Physical access events (was someone in the area?)
- Other devices on the same network segment affected?
- Present a timeline of what happened with your assessment
Requirements
- Network server must be connected (this is the primary data source)
- Protect server adds camera correlation (optional but valuable)
- Access server adds physical access context (optional)
Example Prompts
- "A switch went offline at 2 AM — what happened?"
- "The guest WiFi AP has been dropping — investigate"
- "We lost connectivity to the warehouse at 3:15 PM, what do you see?"
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
sirkirby/unifi-mcp
myco:implement-update-tool-fetch-merge-put
Use this skill whenever you are implementing or fixing an update_* tool in unifi-mcp. It covers the mandatory fetch-merge-put pattern, deep_merge semantics, V2 API response gotchas, the confirm double-fetch design, LLM UX requirements for dict params, and when flat params are appropriate instead. Applies even if the user only says "add an update tool for X" without specifying the implementation approach — the pattern is required for all update tools in this project.
sirkirby/unifi-mcp
myco:community-pr-review
Use this skill when reviewing or merging any community PR in unifi-mcp — even if the user just says "take a look at this PR" or "can we merge this." Covers the complete quality gate checklist (f-string logger ban, validator registry registration, doc site update ordering), the fork-edit model for trusted contributors, org-fork push limitations, the dual-subagent review pattern, and PR body standards. Apply this skill before approving any externally-authored PR, before running the merge command, and when auditing recently merged PRs for compliance.
sirkirby/unifi-mcp
unifi-access
How to manage UniFi Access door control — locks, credentials, visitors, access policies, and events. Use this skill when the user mentions UniFi Access, door locks, door access, building access, NFC cards, PIN codes, visitor passes, access policies, access schedules, door readers, or any UniFi Access task.
sirkirby/unifi-mcp
setup
Configure the UniFi Access MCP server — set controller host, credentials, and permissions
sirkirby/unifi-mcp
unifi-protect
How to manage UniFi Protect cameras and NVR — view cameras, smart detections, recordings, snapshots, lights, sensors, and the Alarm Manager. Use this skill when the user mentions UniFi cameras, security cameras, NVR, recordings, motion detection, person detection, snapshots, RTSP streams, floodlights, sensors, chimes, arming/disarming the alarm, or any UniFi Protect task.
sirkirby/unifi-mcp
security-digest
Generate a security digest summarizing events across UniFi Protect cameras, Access door events, and Network firewall activity. Use when asked about what happened overnight, security summary, event digest, recent activity, or reviewing camera and access events.
Didn't find tool you were looking for?