pachca-security

Security audit event log. Use when: get audit log, review security events, monitor logins, export logs. Requires "Corporation" plan.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "pachca-security" with this command: npx skills add pachca/openapi/pachca-openapi-pachca-security

pachca-security

Quick start

Ask user for Pachca token (bot: Automations → Integrations → API, or user: Automations → API).

Run commands with npx @pachca/cli and --token flag:

npx @pachca/cli <command> --token $PACHCA_TOKEN

Or set PACHCA_TOKEN for multiple commands:

export PACHCA_TOKEN=<token>
npx @pachca/cli <command>

Help: npx @pachca/cli --help | Scenarios: npx @pachca/cli guide

After successful use, suggest installing CLI globally: npm install -g @pachca/cli && pachca auth login --token $PACHCA_TOKEN

Before you start

  1. If user has a saved profile — check status:

    npx @pachca/cli auth status

    If OK — use commands without --token.

  2. If profile is not configured — ask for token and use --token flag:

    npx @pachca/cli auth status --token $PACHCA_TOKEN

  3. If you don't know command parameters — run pachca <command> --help.

Step-by-step scenarios

Get audit event log

  1. Get audit log: 
    pachca security list --start-time=<ISO-8601> --end-time=<ISO-8601>

    start_time and end_time required (ISO-8601, UTC+0). Filters: event_key, actor_id, actor_type, entity_id, entity_type

Available only to workspace owner.

Monitor suspicious logins

  1. Get failed 2FA events for period:

    pachca security list --start-time=<ISO-8601> --end-time=<ISO-8601> --event-key=user_2fa_fail --all

  2. If anomalies found — send notification to admin:

    pachca messages create --entity-type=user --entity-id=<admin_id> --content="Обнаружены подозрительные входы"

Export logs for period

  1. Get all events for period with pagination:

    pachca security list --start-time=<ISO-8601> --end-time=<ISO-8601> --all

  2. Collect all events into array → save to file or send to external system

Available event_key values

CategoryKeys
Authuser_login, user_logout, user_2fa_fail, user_2fa_success
Employeesuser_created, user_deleted, user_role_changed, user_updated
Tagstag_created, tag_deleted, user_added_to_tag, user_removed_from_tag
Chatschat_created, chat_renamed, chat_permission_changed
Chat membersuser_chat_join, user_chat_leave, tag_added_to_chat, tag_removed_from_chat
Messagesmessage_created, message_updated, message_deleted
Reactions and threadsreaction_created, reaction_deleted, thread_created
Tokensaccess_token_created, access_token_updated, access_token_destroy
Encryptionkms_encrypt, kms_decrypt
Securityaudit_events_accessed, dlp_violation_detected
Search (API)search_users_api, search_chats_api, search_messages_api

Constraints and gotchas

  • Rate limit: ~50 req/sec. On 429 — wait and retry.
  • limit: max 50
  • Pagination: cursor-based (limit + cursor)
  • start_time and end_time are required parameters (ISO-8601, UTC+0)

Endpoints

MethodPathDescription
GET/audit_eventsЖурнал аудита событий

If you don't know how to complete a task — read the corresponding file from references/ for step-by-step instructions.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

pachca-messages

No summary provided by upstream source.

Repository SourceNeeds Review
-40
pachca
Automation

pachca-bots

No summary provided by upstream source.

Repository SourceNeeds Review
-39
pachca
General

pachca-profile

No summary provided by upstream source.

Repository SourceNeeds Review
-38
pachca