Huntress + AI in 60 seconds
Unofficial. Community-built Claude Code Skill and MCP server for the Huntress API. Not affiliated with, endorsed by, or sponsored by Huntress Labs, Inc.
Awaiting live verification - passes every mechanical gate (build, command-surface, claims, install). Be the first to confirm it against your tenant: report it works.
Ask “which Huntress incidents are oldest across all my clients?” and get one age-sorted queue spanning every organization - the cross-tenant view the per-org portal never shows. Triage incidents fleet-wide, find coverage gaps and dark agents, reconcile invoiced seats against deployed agents, and trace an indicator’s blast radius across your whole account, in plain English, from one local mirror.
New to the term? An MCP server is the same thing ChatGPT calls an app or connector, Claude on the web calls a connector, and Claude Code calls a Skill. One thing, many names →
Install in 60s → View on GitHub →
Instead of clicking through Huntress, just ask
Instead of Log into the Huntress portal and open each client organization one at a time to eyeball which incidents are oldest.
just ask: “Show me every open Huntress incident across all my clients, oldest first.”
Your agent runs: huntress-cli fleet-incidents --sort age
Instead of Export the agent list and the invoice, then reconcile seats against deployed agents in a spreadsheet.
just ask: “Am I paying for more Huntress seats than I have agents deployed?”
Your agent runs: huntress-cli billing-reconcile
Instead of Search each org’s agents by hand to find the machines that stopped checking in.
just ask: “Which Huntress agents haven’t called home in a week?”
Your agent runs: huntress-cli stale-agents --days 7
See it in 30 seconds
Demo data is simulated. Every command shown exists in the real CLI.
What it does
| Question your MSP keeps asking | Command your agent runs |
|---|---|
| Which incidents are oldest across every client org? | huntress-cli fleet-incidents --sort age |
| Where are my posture gaps - stale callbacks, disabled Defender or firewall? | huntress-cli coverage-gaps |
| Has this IP or file hash touched any of my clients? | huntress-cli blast-radius --indicator 203.0.113.10 |
| Am I billed for more seats than I have agents deployed? | huntress-cli billing-reconcile |
| Which agents went dark in the last week? | huntress-cli stale-agents --days 7 |
| What is my mean time-to-resolve per client? | huntress-cli mttr --group-by org |
| What changed across the fleet since my last shift? | huntress-cli handoff --since 12h |
| Give me a QBR scorecard for one client. | huntress-cli org-scorecard --org 12345 |
Full command reference at github.com/servosity/msp-skills/blob/main/skills/huntress/guide.md.
What makes this one different
Most Huntress integrations proxy each question straight to the live API - one record, one organization at a time. This skill syncs your whole account into a local SQLite mirror, so cross-tenant questions (one incident queue for every client, fleet-wide blast radius, seat-vs-agent reconciliation) resolve as a single local join: instant, offline, and the AI sees the answer rather than raw bulk data.
Huntress exposes no public AI assistant over its API, and the portal scopes to one organization at a time. This skill adds the rollups the portal never pre-computes - a unified cross-org incident queue, posture gaps, billing reconciliation, and history (drift, MTTR, handoff) the point-in-time API throws away - without replacing the portal you already use.
The pain this closes
- The Huntress portal scopes one organization at a time. Run dozens of client tenants and there is no single queue that tells you which incident - anywhere - is the oldest and most urgent right now.
- Invoiced seats and deployed agents drift apart silently; MSPs discover they are over- or under-billed only when someone reconciles by hand at month-end.
- During an incident you need to know whether an IP or file hash touched any other client, but the API answers one org and one entity at a time - never the fleet-wide correlation.
Install
Works in any of these agents - pick yours:
| Agent | Quick install |
|---|---|
| Claude Desktop | Step-by-step → |
| ChatGPT (Plus/Pro+) | Step-by-step → |
| Claude Code | Step-by-step → |
| Codex CLI | Step-by-step → |
| Cursor, Windsurf, Cline, Continue, Zed, Copilot, Gemini, Hermes, OpenClaw | Which agent? → |
Quickest path for everyone else (terminal):
macOS / Linux:
bash <(curl -fsSL https://raw.githubusercontent.com/servosity/msp-skills/main/skills/huntress/install.sh)
Windows (PowerShell):
iwr -useb https://raw.githubusercontent.com/servosity/msp-skills/main/skills/huntress/install.ps1 | iex
After install, authenticate once with your Huntress credentials, then verify with huntress-cli --version.
Safety model
| Tier | Examples | Recommended agent policy |
|---|---|---|
| Read | fleet-incidents, coverage-gaps, blast-radius, billing-reconcile, mttr, org-scorecard, stale-agents, search | Allow |
| Write (routine) | organizations update-parameters, accounts memberships update-parameters, unwanted-access-rules update-parameters | Preview with –dry-run, then a reviewed write |
| Destructive / config | organizations delete-v1-id, accounts delete-v1-id, unwanted-access-rules delete-v1-id | Human-in-the-loop only |
The skill authenticates with your Huntress API key and secret and is read-first: every rollup, search, and report is non-mutating and safe to let an agent run. The handful of write commands (update an organization, membership, account, or unwanted-access rule) and the destructive deletes are opt-in and should sit behind an agent policy of preview-then-approve. Keep autonomous agents to reads plus dry-run previews; require a human for any write or delete. Full details in governance.md.
Frequently asked questions
Does this work with ChatGPT?
Yes, on paid ChatGPT plans. ChatGPT connects to remote MCP servers over HTTPS, so you expose the local Huntress MCP server via a secure bridge. Step-by-step in the install guide.
Do I need to know how to code?
No. Paste one sentence into Claude Code or Codex and your agent does the install, or run a one-line installer. You enter your credentials once.
Is my Huntress data safe?
Your data stays on your machine. The CLI, MCP server, and the local mirror are all local. The AI sees query results, not raw bulk data, and credentials are never bundled or transmitted by MSP Skills.
What does it cost?
Free. Apache-2.0 licensed. You pay only for whichever AI agent you already use.
Do I need to be a Huntress partner?
You need a Huntress account with API credentials (a key and secret) generated from your portal. Reseller credentials unlock the cross-account reseller-rollup; a single-account credential drives everything else.
Will this hit my Huntress API rate limits?
Sync pulls your account into a local mirror once, then every rollup and search runs against that local copy - so repeated questions cost zero API calls. The CLI also honors a configurable –rate-limit on the requests it does make.
Will this replace my Huntress portal?
No - it complements it. The portal stays your console for configuration and deep investigation; this skill answers the cross-tenant and historical questions the portal can only show one organization at a time.
Status
Beta. Validated against the Huntress API surface and being validated with MSPs running it live against their own production tenants in our weekly Build Sessions.
Standards. Conforms to the open Agent Skills spec (Anthropic, Dec 2025; 40+ agents). MCP-compatible - works with any MCP-capable agent including Hermes. OpenClaw-ready (frontmatter pre-wired, awaiting OpenClaw launch).
Maintained by Servosity for the MSP community. Apache-2.0 licensed. Built with CLI Printing Press.