aspectrr

Enable, configure, and query Elasticsearch security audit logs. Use when the task involves audit logging setup, event filtering, or investigating security incidents like failed logins.

Authenticate to Elasticsearch using native, file-based, LDAP/AD, SAML, OIDC, Kerberos, JWT, or certificate realms. Use when connecting with credentials, choosing a realm, or managing API keys.

Manage Elasticsearch RBAC: native users, roles, role mappings, document- and field-level security. Use when creating users or roles, assigning privileges, or mapping external realms like LDAP/SAML.

Execute ES|QL (Elasticsearch Query Language) queries, use when the user wants to query Elasticsearch data, analyze logs, aggregate metrics, explore data, or create charts and dashboards from ES|QL results.

Ingest and transform data files (CSV/JSON/Parquet/Arrow IPC) into Elasticsearch with stream processing and custom transforms. Use when loading files or batch importing data.

Diagnose and resolve Elasticsearch security errors: 401/403 failures, TLS problems, expired API keys, role mapping mismatches, and Kibana login issues. Use when the user reports a security error.

Helps users discover and install agent skills when they ask questions like "how do I do X", "find a skill for X", or express interest in extending capabilities.

Kafka topic management, consumer group monitoring, message production/consumption, and cluster health diagnostics. Use when working with Kafka brokers, topics, consumer lag, or debugging pipeline issues.

Connected app tool recipes for Composio integrations (Gmail, Slack, GitHub, Notion, Google Calendar, Linear)

Manage DuckDB CRM data, aggressive relation-linked fields, and synced markdown documents in the workspace. Use when creating or updating objects, fields, entries, foreign-table links, row notes, or entry-linked edit logs.

Find and connect with engineers working on ELK/observability stacks at ICP companies. Use when: (1) Researching individual contributors at a company that passed ICP company research, (2) Finding engineers with ELK/platform/SRE skills, (3) Verifying someone's work involves ELK/logstash/observability, (4) Connecting with practitioners who manage the stack day-to-day, (5) Discovering new ICP companies through engineer profiles. Workflow: Company from CRM → DuckDuckGo → PinchTab → LinkedIn MCP (verify ELK in skills/experience + connect) → Add to engineers CRM. Flipped discovery: If engineer has strong ELK signals but company isn't in CRM → add company as 'Discovered'. This skill DOES connect on LinkedIn.

Find and connect with team leads/VPs running observability/ELK stacks at ICP companies. Use when: (1) Researching decision-makers at a company that passed ICP company research, (2) Finding VP/Director/Team Lead contacts (VP Platform, Director SRE, Infrastructure Lead), (3) Verifying someone's role includes observability/platform, (4) Connecting with buyers who have budget authority, (5) Discovering new ICP companies through team lead profiles. Workflow: Company from CRM → DuckDuckGo → PinchTab → LinkedIn MCP (verify + connect) → Add to team_leads CRM. Flipped discovery: If team lead runs platform/observability but company isn't in CRM → add company as 'Discovered'. This skill DOES connect on LinkedIn.

Debugging CRM objects not showing entries despite data existing in database

Research companies against ICP criteria for ELK/observability tools. Use when: (1) Finding companies that match ICP (MSSPs, SOC-as-a-service, SIEM providers, cybersecurity where observability IS their product), (2) Evaluating if a company fits the ideal customer profile, (3) Researching company size, business model, and ELK criticality, (4) Building prospect lists for outreach. ICP: Small-medium companies (≤200 employees) where observability/ELK is mission-critical to revenue. Use DuckDuckGo first, then PinchTab for deeper research, then LinkedIn MCP ONLY for company/people lookup (never for outreach).

Browser automation for general web browsing, reading blogs, Googling, and extracting website information. Use PinchTab when you need to interact with websites that don't have dedicated MCP servers. For Reddit tasks, use reddit-mcp. For LinkedIn tasks, use linkedin-mcp - NEVER use PinchTab for LinkedIn. Use PinchTab for: (1) Searching Google and browsing search results, (2) Reading blogs and articles, (3) General web surfing when no dedicated tool exists, (4) Taking screenshots of websites, (5) Extracting text content from pages, (6) Testing websites or debugging web issues.

Build and manage DenchClaw apps — self-contained web applications that run inside the workspace with access to DuckDB data, workspace objects, AI chat, and the full DenchClaw platform API.

Read-only remote command execution via SSH for AI agents. Diagnose remote servers, check logs, inspect services, read files, and investigate issues on hosts defined in SSH config. Provides safe read-only access with strict command validation — the agent cannot bypass restrictions.