Skip to content
Closed
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
98 changes: 38 additions & 60 deletions rh-basic/skills/red-hat-security-mcp-setup/SKILL.md
Original file line number Diff line number Diff line change
@@ -1,16 +1,19 @@
---
name: red-hat-security-mcp-setup
description: Add the Red Hat Security MCP server to this project. Configures the HTTP transport endpoint and explains the Red Hat Customer Portal SSO browser login flow.
description: Configure the Red Hat Security MCP server in the current project or user-level MCP config file.
license: Apache-2.0
user_invocable: true
model: inherit
color: blue
allowed-tools:

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this field is for the red-hat-security-mcp-setup, that does not use any MCP tool during the execution. I think the comment below is misleading

# allowed-tools is intentionally empty. Populate it with the file read/write
# tool names for your client before use. Claude Code uses Read and Write;
# consult your client's documentation for equivalents in Cursor or Copilot.
---

# Red Hat Security MCP Setup

Add the Red Hat Security MCP server to the current project's `.mcp.json`.
# Setup MCP server for Red Hat security content

Add the MCP server for Red Hat security content to the current project.

## Prerequisites

Expand All @@ -20,71 +23,46 @@ A Red Hat account at [console.redhat.com](https://console.redhat.com).

When the user wants to add the Red Hat Security MCP server to their project to enable live CVE and advisory lookups.

## Workflow

1. Locate or create `.mcp.json` at the project root.
2. Merge the `red-hat-security` HTTP server entry without removing existing servers.
3. Explain the browser SSO authentication flow to the user.

## Dependencies

- Write access to the project's `.mcp.json`.

## Step 1 — Locate or create `.mcp.json`

```
PROJ=$(git rev-parse --show-toplevel 2>/dev/null || echo "$PWD")
MCP_FILE="$PROJ/.mcp.json"
```
## Server details

If `.mcp.json` exists: read it and merge in the new server entry.
If it does not exist: create it with the skeleton below.
| Field | Value |
|---|---|
| Key | `red-hat-security` |
| Transport | HTTP |
| URL | `https://security-mcp.api.redhat.com/mcp` |

## Step 2 — Add the server entry
## Instructions

The server key is `red-hat-security`. Use HTTP transport.
1. Determine the MCP configuration file supported by this client.
2. If this client supports project scope, ask the user:
"Install the Red Hat Security MCP server for this project only or globally for all projects?"
Wait for the user's answer before proceeding.
Do not infer scope from context.
3. Add or update the `red-hat-security` server entry with:
- `type: http`
- `url: https://security-mcp.api.redhat.com/mcp`
4. If the config already contains a `red-hat-security` entry, update that entry in place instead of adding a duplicate.
5. Do not add `headers` or `env` auth fields; the server handles authentication itself via browser SSO.
6. If the chosen file cannot be written or the client does not expose a writable MCP config path, stop and report: `Could not write MCP configuration because the client does not support writable MCP config files or the file is not writable.`
7. Report the absolute path to the file you updated.

```json
{
"mcpServers": {
"red-hat-security": {
"type": "http",
"url": "https://security-mcp.api.redhat.com/mcp"
}
}
}
```

Merge this entry into the existing `mcpServers` object without removing any other servers already present.

Write the result back to `$PROJ/.mcp.json`.

## Step 3 — Explain authentication to the user
## After installation

Tell the user:
- Red Hat Security MCP server added to <absolute path to MCP config file>.
- Authentication is required to use: When the MCP server is first loaded, a
browser window will open for you to log in with your Red Hat account.
Complete the SSO login and you will be redirected back to your client. If
the browser does not open automatically or SSO login fails, use the client’s
reconnect button and retry.
- Restart your client or reload MCP servers for the new configuration to take
effect.
- After restart, open your client's MCP server list and enable the Red Hat Security server if it is not already active.

```
Red Hat Security MCP server added.

Authentication: Red Hat Customer Portal SSO

The first time any tool from this server is called, a browser window will
open automatically so you can log in with your Red Hat account. After you
complete login, the session token is stored and subsequent calls proceed
without prompting.

If the browser does not open automatically, look for an authentication URL
printed in the MCP server output and open it manually.

Restart the agentic tool (or reload MCP servers) for the new configuration
to take effect.
```

## Notes

- This server exposes Red Hat security data (CVEs, advisories, errata). It
is the backend used by `/red-hat-cve-explainer` when the `cve-mcp` tool is
available.
- Provided by Red Hat for Red Hat customers and partners.
- An active Red Hat subscription is required to access the full dataset.
- Do not add `headers` or `env` auth fields to `.mcp.json` -- the server
handles authentication itself via the browser SSO flow.
- Learn more: https://catalog.redhat.com/en/software/container-stacks/detail/6a0488e942b089e6e3b952b0
Loading