Datto RMM + AI in 60 seconds
Unofficial. Community-built Claude Code Skill and MCP server for the Datto RMM API. Not affiliated with, endorsed by, or sponsored by Datto, Inc..
Awaiting live verification - passes every mechanical gate (build, command-surface, claims, install). Be the first to confirm it against your tenant: report it works.
Ask in plain English which endpoints across every client have gone dark, lost antivirus, fallen behind on patches, or are about to drop out of warranty - and get the list in seconds. Datto RMM plus your AI agent reads a local mirror of your whole multi-site fleet, so the cross-customer questions the portal makes you click through site by site become one instant, reproducible answer.
New to the term? An MCP server is the same thing ChatGPT calls an app or connector, Claude on the web calls a connector, and Claude Code calls a Skill. One thing, many names →
Install in 60s → View on GitHub →
Instead of clicking through Datto RMM, just ask
Instead of Open every customer site in the Datto RMM console and read down the last-seen column to spot dead agents
just ask: “Which endpoints across all my clients have stopped checking in?”
Your agent runs: datto-rmm-cli fleet stale --days 30 --agent
Instead of Click into each device’s antivirus panel, one site at a time, to find unprotected machines
just ask: “Show me every endpoint where antivirus is missing or not running”
Your agent runs: datto-rmm-cli fleet av-gaps --status not-running --agent
Instead of Export device lists and reconcile warranty dates in a spreadsheet before a QBR
just ask: “Which devices have hardware warranties expiring in the next 60 days?”
Your agent runs: datto-rmm-cli fleet warranty --within 60 --agent
See it in 30 seconds
Demo data is simulated. Every command shown exists in the real CLI.
What it does
| Question your MSP keeps asking | Command your agent runs |
|---|---|
| Which devices haven’t checked in for 30 days, across every client? | datto-rmm-cli fleet stale --days 30 --agent |
| Where is antivirus missing, disabled, or not running? | datto-rmm-cli fleet av-gaps --status not-running --agent |
| Which endpoints are most behind on patches right now? | datto-rmm-cli fleet patch-gaps --min-missing 5 --agent |
| Which devices have warranties expiring in the next 60 days? | datto-rmm-cli fleet warranty --within 60 --agent |
| Which devices are generating the most alert noise this week? | datto-rmm-cli fleet storms --days 7 --top 20 --agent |
| Give me a one-page health scorecard for a client before the QBR. | datto-rmm-cli fleet scorecard "Acme Corporation" --agent |
| How many copies of an app are installed fleet-wide, and which versions? | datto-rmm-cli fleet sprawl --name "Google Chrome" --agent |
| Which devices are running an out-of-date RMM agent? | datto-rmm-cli fleet agent-drift --agent |
Full command reference at github.com/servosity/msp-skills/blob/main/skills/datto-rmm/guide.md.
What makes this one different
Most Datto RMM integrations and MCP servers proxy each question into a live API call - fine for looking up one device, useless when you ask about all of them. This skill syncs your entire multi-site fleet into a local SQLite mirror, so fleet-wide questions become one offline query: instant, fully paginated, and reproducible later as a saved snapshot you can diff against.
The Datto RMM console answers questions one customer site at a time; this skill answers them across every client at once and hands the result to the AI agent you already work in - it complements the portal you still use for remote control and policy, it doesn’t replace it.
The pain this closes
- Dead agents and offline endpoints hide across dozens of customer sites - you find out a machine stopped reporting when the client calls, not before.
- Cross-client questions (‘how many endpoints are missing antivirus everywhere?’) mean opening the console one customer at a time, because Datto RMM scopes most views to a single site.
- Alert volume buries the real failures - the noisiest monitors drown the NOC, and tuning them means first finding which devices and sites generate the noise.
Install
Works in any of these agents - pick yours:
| Agent | Quick install |
|---|---|
| Claude Desktop | Step-by-step → |
| ChatGPT (Plus/Pro+) | Step-by-step → |
| Claude Code | Step-by-step → |
| Codex CLI | Step-by-step → |
| Cursor, Windsurf, Cline, Continue, Zed, Copilot, Gemini, Hermes, OpenClaw | Which agent? → |
Quickest path for everyone else (terminal):
macOS / Linux:
bash <(curl -fsSL https://raw.githubusercontent.com/servosity/msp-skills/main/skills/datto-rmm/install.sh)
Windows (PowerShell):
iwr -useb https://raw.githubusercontent.com/servosity/msp-skills/main/skills/datto-rmm/install.ps1 | iex
After install, authenticate once with your Datto RMM credentials, then verify with datto-rmm-cli --version.
Safety model
| Tier | Examples | Recommended agent policy |
|---|---|---|
| Read | fleet stale, fleet av-gaps, fleet scorecard, account get-sites, device get-by-uid, search | Allow |
| Write (routine) | account create-variable, account update-variable, device warranty set-data, device quickjob create-quick-job, site create, site update | Preview with –dry-run, then a reviewed write |
| Destructive / credential | account delete-variable, site variable delete-site, site settings delete-proxy, fleet resolve-storm (–confirm gated), user (resets API keys) | Human-in-the-loop only |
The skill reads your Datto RMM fleet and writes only when you ask it to - creating or updating variables, warranty and UDF data, sites, and quick jobs. Every fleet rollup, search, and lookup is read-only and always safe to run. Deleting variables or site proxy settings, bulk-resolving alert storms, and resetting your API keys are gated as destructive or credential operations and should stay human-in-the-loop. Full details in governance.md.
Frequently asked questions
Does this work with ChatGPT?
Yes, on paid ChatGPT plans. ChatGPT connects to remote MCP servers over HTTPS, so you expose the local Datto RMM MCP server via a secure bridge. Step-by-step in the install guide.
Do I need to know how to code?
No. Paste one sentence into Claude Code or Codex and your agent does the install, or run a one-line installer. You enter your credentials once.
Is my Datto RMM data safe?
Your data stays on your machine. The CLI, MCP server, and the local mirror are all local. The AI sees query results, not raw bulk data, and credentials are never bundled or transmitted by MSP Skills.
What does it cost?
Free. Apache-2.0 licensed. You pay only for whichever AI agent you already use.
Will this hit my Datto RMM API rate limits?
It’s gentle by design. The skill syncs your fleet into a local mirror once, then answers fleet-wide questions from that mirror instead of calling the API per question. You re-sync on your own cadence; everyday analytics run offline against the local store.
Do I need to be a Datto partner or have special permissions?
You need an API key and secret key from Setup > Users in your Datto RMM portal (the OAuth API user). The skill can only do what that API user is allowed to do, so scope the user to the access your workflow actually needs.
Status
Beta. Validated against the Datto RMM API surface and being validated with MSPs running it live against their own production tenants in our weekly Build Sessions.
Standards. Conforms to the open Agent Skills spec (Anthropic, Dec 2025; 40+ agents). MCP-compatible - works with any MCP-capable agent including Hermes. OpenClaw-ready (frontmatter pre-wired, awaiting OpenClaw launch).
Maintained by Servosity for the MSP community. Apache-2.0 licensed. Built with CLI Printing Press.