From 58b74c351ca3fe804f04295f6a58876662624aef Mon Sep 17 00:00:00 2001 From: mikeamburn Date: Fri, 5 Jun 2026 16:13:04 -0400 Subject: [PATCH 1/3] Updated frontmatter Refactored skill to be client-agnostic Added post-install instructions --- .../red-hat-security-mcp-setup/SKILL.md | 84 ++++++------------- 1 file changed, 24 insertions(+), 60 deletions(-) diff --git a/rh-basic/skills/red-hat-security-mcp-setup/SKILL.md b/rh-basic/skills/red-hat-security-mcp-setup/SKILL.md index b38e18cc..60517c97 100644 --- a/rh-basic/skills/red-hat-security-mcp-setup/SKILL.md +++ b/rh-basic/skills/red-hat-security-mcp-setup/SKILL.md @@ -1,16 +1,15 @@ --- name: red-hat-security-mcp-setup -description: Add the Red Hat Security MCP server to this project. Configures the HTTP transport endpoint and explains the Red Hat Customer Portal SSO browser login flow. +description: Surface real-time CVE intelligence, errata, and remediation guidance for Red Hat products directly in your AI agent or developer workflow. license: Apache-2.0 user_invocable: true model: inherit -color: blue allowed-tools: --- -# Red Hat Security MCP Setup +# Setup MCP server for Red Hat security content -Add the Red Hat Security MCP server to the current project's `.mcp.json`. +Add the MCP server for Red Hat security content to the current project. ## Prerequisites @@ -20,71 +19,36 @@ A Red Hat account at [console.redhat.com](https://console.redhat.com). When the user wants to add the Red Hat Security MCP server to their project to enable live CVE and advisory lookups. -## Workflow +## Server details -1. Locate or create `.mcp.json` at the project root. -2. Merge the `red-hat-security` HTTP server entry without removing existing servers. -3. Explain the browser SSO authentication flow to the user. +| Field | Value | +|---|---| +| Key | `red-hat-security` | +| Transport | HTTP | +| URL | `https://security-mcp.api.redhat.com/mcp` | -## Dependencies +## Instructions -- Write access to the project's `.mcp.json`. +Using your knowledge of the current client, install the MCP server using the details above. Prefer project scope when running inside a project. Report the exact file path where the configuration was written. -## Step 1 — Locate or create `.mcp.json` +Do not add `headers` or `env` auth fields — the server handles authentication itself via browser SSO. -``` -PROJ=$(git rev-parse --show-toplevel 2>/dev/null || echo "$PWD") -MCP_FILE="$PROJ/.mcp.json" -``` - -If `.mcp.json` exists: read it and merge in the new server entry. -If it does not exist: create it with the skeleton below. - -## Step 2 — Add the server entry - -The server key is `red-hat-security`. Use HTTP transport. - -```json -{ - "mcpServers": { - "red-hat-security": { - "type": "http", - "url": "https://security-mcp.api.redhat.com/mcp" - } - } -} -``` - -Merge this entry into the existing `mcpServers` object without removing any other servers already present. - -Write the result back to `$PROJ/.mcp.json`. - -## Step 3 — Explain authentication to the user +## After installation Tell the user: +- Red Hat Security MCP server added to . +- Authentication is required to use: When the MCP server is first loaded, a + browser window will open for you to log in with your Red Hat account. + Complete the SSO login and you will be redirected back to your client. If + the browser does not open automatically, look for a connect or reconnect + button in your client's MCP server list and click it to trigger the flow. +- Restart your client or reload MCP servers for the new configuration to take + effect. +- After restart, open your client's MCP server list and enable the Red Hat Security server if it is not already active. -``` -Red Hat Security MCP server added. - -Authentication: Red Hat Customer Portal SSO - -The first time any tool from this server is called, a browser window will -open automatically so you can log in with your Red Hat account. After you -complete login, the session token is stored and subsequent calls proceed -without prompting. - -If the browser does not open automatically, look for an authentication URL -printed in the MCP server output and open it manually. - -Restart the agentic tool (or reload MCP servers) for the new configuration -to take effect. -``` ## Notes -- This server exposes Red Hat security data (CVEs, advisories, errata). It - is the backend used by `/red-hat-cve-explainer` when the `cve-mcp` tool is - available. +- Provided by Red Hat for Red Hat customers and partners. - An active Red Hat subscription is required to access the full dataset. -- Do not add `headers` or `env` auth fields to `.mcp.json` -- the server - handles authentication itself via the browser SSO flow. +- Learn more: https://catalog.redhat.com/en/software/container-stacks/detail/6a0488e942b089e6e3b952b0 \ No newline at end of file From 9a896fb1916ed7e732a7203c9a04d547701c5322 Mon Sep 17 00:00:00 2001 From: mikeamburn Date: Fri, 5 Jun 2026 16:35:59 -0400 Subject: [PATCH 2/3] Updated frontmatter Refactored instructions to be client agnostic Added support for global and project-level install Added post-install instructions --- .../red-hat-security-mcp-setup/SKILL.md | 25 ++++++++++++++----- 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/rh-basic/skills/red-hat-security-mcp-setup/SKILL.md b/rh-basic/skills/red-hat-security-mcp-setup/SKILL.md index 60517c97..adcaf54f 100644 --- a/rh-basic/skills/red-hat-security-mcp-setup/SKILL.md +++ b/rh-basic/skills/red-hat-security-mcp-setup/SKILL.md @@ -1,12 +1,16 @@ --- name: red-hat-security-mcp-setup -description: Surface real-time CVE intelligence, errata, and remediation guidance for Red Hat products directly in your AI agent or developer workflow. +description: Configure the Red Hat Security MCP server in the current project or user-level MCP config file. license: Apache-2.0 user_invocable: true model: inherit allowed-tools: +# allowed-tools is intentionally empty. Populate it with the file read/write +# tool names for your client before use. Claude Code uses Read and Write; +# consult your client's documentation for equivalents in Cursor or Copilot. --- + # Setup MCP server for Red Hat security content Add the MCP server for Red Hat security content to the current project. @@ -29,19 +33,28 @@ When the user wants to add the Red Hat Security MCP server to their project to e ## Instructions -Using your knowledge of the current client, install the MCP server using the details above. Prefer project scope when running inside a project. Report the exact file path where the configuration was written. +1. Determine the MCP configuration file supported by this client. +2. If this client supports project scope, ask the user: + "Install the Red Hat Security MCP server for this project only, or globally for all projects?" + Wait for the user's answer before proceeding. +3. Add or update the `red-hat-security` server entry with: + - `type: http` + - `url: https://security-mcp.api.redhat.com/mcp` +4. If the config already contains a `red-hat-security` entry, update that entry in place instead of adding a duplicate. +5. Do not add `headers` or `env` auth fields; the server handles authentication itself via browser SSO. +6. If the chosen file cannot be written or the client does not expose a writable MCP config path, stop and report: `Could not write MCP configuration because the client does not support writable MCP config files or the file is not writable.` +7. Report the absolute path to the file you updated. -Do not add `headers` or `env` auth fields — the server handles authentication itself via browser SSO. ## After installation Tell the user: -- Red Hat Security MCP server added to . +- Red Hat Security MCP server added to . - Authentication is required to use: When the MCP server is first loaded, a browser window will open for you to log in with your Red Hat account. Complete the SSO login and you will be redirected back to your client. If - the browser does not open automatically, look for a connect or reconnect - button in your client's MCP server list and click it to trigger the flow. + the browser does not open automatically or SSO login fails, use the client’s + reconnect button and retry. - Restart your client or reload MCP servers for the new configuration to take effect. - After restart, open your client's MCP server list and enable the Red Hat Security server if it is not already active. From d46045088236944b0db85af66b837fd443e8dd19 Mon Sep 17 00:00:00 2001 From: mikeamburn Date: Fri, 5 Jun 2026 17:37:13 -0400 Subject: [PATCH 3/3] Added explicit instructions to ask user for install scope --- rh-basic/skills/red-hat-security-mcp-setup/SKILL.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rh-basic/skills/red-hat-security-mcp-setup/SKILL.md b/rh-basic/skills/red-hat-security-mcp-setup/SKILL.md index adcaf54f..f3c28e6f 100644 --- a/rh-basic/skills/red-hat-security-mcp-setup/SKILL.md +++ b/rh-basic/skills/red-hat-security-mcp-setup/SKILL.md @@ -35,8 +35,9 @@ When the user wants to add the Red Hat Security MCP server to their project to e 1. Determine the MCP configuration file supported by this client. 2. If this client supports project scope, ask the user: - "Install the Red Hat Security MCP server for this project only, or globally for all projects?" + "Install the Red Hat Security MCP server for this project only or globally for all projects?" Wait for the user's answer before proceeding. + Do not infer scope from context. 3. Add or update the `red-hat-security` server entry with: - `type: http` - `url: https://security-mcp.api.redhat.com/mcp`