From 16a1355c27fa200b4591a4827ad13352e78314ae Mon Sep 17 00:00:00 2001 From: Daniele Martinoli Date: Tue, 7 Jul 2026 15:21:22 +0200 Subject: [PATCH] fix(rh-basic): align skill MCP tool names with red-hat-security server Update allowed-tools and workflow steps to use the live tool names exposed by the red-hat-security MCP endpoint. Fixes #137 Co-authored-by: Cursor --- .../skills/red-hat-cve-explainer/SKILL.md | 20 +++++++++---------- .../red-hat-security-mcp-setup/SKILL.md | 4 ++-- .../skills/red-hat-support-severity/SKILL.md | 4 ++-- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/rh-basic/skills/red-hat-cve-explainer/SKILL.md b/rh-basic/skills/red-hat-cve-explainer/SKILL.md index 41253346..d9526ce1 100644 --- a/rh-basic/skills/red-hat-cve-explainer/SKILL.md +++ b/rh-basic/skills/red-hat-cve-explainer/SKILL.md @@ -5,7 +5,7 @@ license: Apache-2.0 user_invocable: true model: inherit color: cyan -allowed-tools: cve-detail map-cve-advisories get-advisory-solution summarize-advisory +allowed-tools: get_cve_by_id list_advisories_by_cve get_errata_by_id list_advisory_packages --- # Red Hat CVE Explainer @@ -23,27 +23,27 @@ When the user asks about a specific CVE: what it is, its severity, or whether to ## Workflow 1. Extract CVE ID from the user message. -2. Look up CVE metadata via `cve-mcp` or WebFetch. -3. Look up linked advisories via `advisories-mcp` or extract from CVE response. +2. Look up CVE metadata via `get_cve_by_id` (from `red-hat-security`) or WebFetch. +3. Look up linked advisories via `list_advisories_by_cve` or extract from CVE response. 4. Return severity, affected products, and action recommendation. ## Dependencies -- `red-hat-security` MCP (optional): provides `cve-mcp` and `advisories-mcp` tools. +- `red-hat-security` MCP (optional): provides `get_cve_by_id`, `list_advisories_by_cve`, `get_errata_by_id`, and `list_advisory_packages`. ## Lookup Sequence CVE metadata (stop when you have data): -1. `cve-mcp` -> `cve-detail` +1. `get_cve_by_id` (from `red-hat-security`) — `cve_id`: `""` 2. `WebFetch` -> `https://access.redhat.com/security/cve/` 3. No Red Hat data: say so, direct to `https://nvd.nist.gov/vuln/detail/` Advisory/remediation (after step 1-2 succeeds): -1. `advisories-mcp` -> `map-cve-advisories` -- linked RHSAs/RHBAs/RHEAs -2. `advisories-mcp` -> `get-advisory-solution` for each advisory -3. Optionally `advisories-mcp` -> `summarize-advisory` for richer detail +1. `list_advisories_by_cve` (from `red-hat-security`) — `cve_id`: `""` — linked RHSAs/RHBAs/RHEAs +2. `get_errata_by_id` (from `red-hat-security`) — `advisory_id`: `""` — synopsis, severity, affected products +3. `list_advisory_packages` (from `red-hat-security`) — `advisory_id`: `""` — package-level remediation detail -If advisories MCP unavailable: extract advisory IDs from CVE response, report without remediation detail. +If Red Hat Security MCP unavailable: extract advisory IDs from CVE response or WebFetch, report without remediation detail. ## Advisory Types @@ -74,7 +74,7 @@ Scored with CVSS v3 (0.0-10.0). Scores may differ from NVD due to product-specif **Why [rating]:** Connect flaw to rating criteria -- ease of exploitation, auth/interaction requirements. -**Affected products:** Affected Red Hat products with fix status. Per advisory: ID + remediation from `get-advisory-solution`. If no advisory: note fix is under investigation, include published mitigations. +**Affected products:** Affected Red Hat products with fix status. Per advisory: ID + remediation from `list_advisory_packages` (and synopsis from `get_errata_by_id`). If no advisory: note fix is under investigation, include published mitigations. **Action:** - Critical -> "Patch immediately. Exploitable by remote unauthenticated attackers." diff --git a/rh-basic/skills/red-hat-security-mcp-setup/SKILL.md b/rh-basic/skills/red-hat-security-mcp-setup/SKILL.md index b38e18cc..5216bbd9 100644 --- a/rh-basic/skills/red-hat-security-mcp-setup/SKILL.md +++ b/rh-basic/skills/red-hat-security-mcp-setup/SKILL.md @@ -83,8 +83,8 @@ to take effect. ## Notes - This server exposes Red Hat security data (CVEs, advisories, errata). It - is the backend used by `/red-hat-cve-explainer` when the `cve-mcp` tool is - available. + is the backend used by `/red-hat-cve-explainer` when `get_cve_by_id` and + related tools are available. - An active Red Hat subscription is required to access the full dataset. - Do not add `headers` or `env` auth fields to `.mcp.json` -- the server handles authentication itself via the browser SSO flow. diff --git a/rh-basic/skills/red-hat-support-severity/SKILL.md b/rh-basic/skills/red-hat-support-severity/SKILL.md index b2a17f96..afa6fcf5 100644 --- a/rh-basic/skills/red-hat-support-severity/SKILL.md +++ b/rh-basic/skills/red-hat-support-severity/SKILL.md @@ -5,7 +5,7 @@ license: Apache-2.0 user_invocable: true model: inherit color: cyan -allowed-tools: cve-detail +allowed-tools: get_cve_by_id --- # Red Hat Support Ticket Severity Helper @@ -39,7 +39,7 @@ When the user needs to determine the correct severity for a Red Hat support tick | Partial loss or workaround exists in production; significant dev/test impact | Sev 3 -- Medium | | Minor issue, informational question, low dev/test impact | Sev 4 -- Low | -CVE adjustment: If a CVE is mentioned, call `cve-mcp -> cve-detail`. A Critical or Important CVE with a known exploit on an unpatched production system that is not fully down -> recommend Sev 2, not Sev 3. +CVE adjustment: If a CVE is mentioned, call `get_cve_by_id` (from `red-hat-security`) with `cve_id`. A Critical or Important CVE with a known exploit on an unpatched production system that is not fully down -> recommend Sev 2, not Sev 3. ## SLA Reference