Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 10 additions & 10 deletions rh-basic/skills/red-hat-cve-explainer/SKILL.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ license: Apache-2.0
user_invocable: true
model: inherit
color: cyan
allowed-tools: cve-detail map-cve-advisories get-advisory-solution summarize-advisory
allowed-tools: get_cve_by_id list_advisories_by_cve get_errata_by_id list_advisory_packages
---

# Red Hat CVE Explainer
Expand All @@ -23,27 +23,27 @@ When the user asks about a specific CVE: what it is, its severity, or whether to
## Workflow

1. Extract CVE ID from the user message.
2. Look up CVE metadata via `cve-mcp` or WebFetch.
3. Look up linked advisories via `advisories-mcp` or extract from CVE response.
2. Look up CVE metadata via `get_cve_by_id` (from `red-hat-security`) or WebFetch.
3. Look up linked advisories via `list_advisories_by_cve` or extract from CVE response.
4. Return severity, affected products, and action recommendation.

## Dependencies

- `red-hat-security` MCP (optional): provides `cve-mcp` and `advisories-mcp` tools.
- `red-hat-security` MCP (optional): provides `get_cve_by_id`, `list_advisories_by_cve`, `get_errata_by_id`, and `list_advisory_packages`.

## Lookup Sequence

CVE metadata (stop when you have data):
1. `cve-mcp` -> `cve-detail`
1. `get_cve_by_id` (from `red-hat-security`) — `cve_id`: `"<CVE-ID>"`
2. `WebFetch` -> `https://access.redhat.com/security/cve/<CVE-ID>`
3. No Red Hat data: say so, direct to `https://nvd.nist.gov/vuln/detail/<CVE-ID>`

Advisory/remediation (after step 1-2 succeeds):
1. `advisories-mcp` -> `map-cve-advisories` -- linked RHSAs/RHBAs/RHEAs
2. `advisories-mcp` -> `get-advisory-solution` for each advisory
3. Optionally `advisories-mcp` -> `summarize-advisory` for richer detail
1. `list_advisories_by_cve` (from `red-hat-security`) — `cve_id`: `"<CVE-ID>"` — linked RHSAs/RHBAs/RHEAs
2. `get_errata_by_id` (from `red-hat-security`) — `advisory_id`: `"<RHSA-ID>"` — synopsis, severity, affected products
3. `list_advisory_packages` (from `red-hat-security`) — `advisory_id`: `"<RHSA-ID>"` — package-level remediation detail

If advisories MCP unavailable: extract advisory IDs from CVE response, report without remediation detail.
If Red Hat Security MCP unavailable: extract advisory IDs from CVE response or WebFetch, report without remediation detail.

## Advisory Types

Expand Down Expand Up @@ -74,7 +74,7 @@ Scored with CVSS v3 (0.0-10.0). Scores may differ from NVD due to product-specif

**Why [rating]:** Connect flaw to rating criteria -- ease of exploitation, auth/interaction requirements.

**Affected products:** Affected Red Hat products with fix status. Per advisory: ID + remediation from `get-advisory-solution`. If no advisory: note fix is under investigation, include published mitigations.
**Affected products:** Affected Red Hat products with fix status. Per advisory: ID + remediation from `list_advisory_packages` (and synopsis from `get_errata_by_id`). If no advisory: note fix is under investigation, include published mitigations.

**Action:**
- Critical -> "Patch immediately. Exploitable by remote unauthenticated attackers."
Expand Down
4 changes: 2 additions & 2 deletions rh-basic/skills/red-hat-security-mcp-setup/SKILL.md
Original file line number Diff line number Diff line change
Expand Up @@ -83,8 +83,8 @@ to take effect.
## Notes

- This server exposes Red Hat security data (CVEs, advisories, errata). It
is the backend used by `/red-hat-cve-explainer` when the `cve-mcp` tool is
available.
is the backend used by `/red-hat-cve-explainer` when `get_cve_by_id` and
related tools are available.
- An active Red Hat subscription is required to access the full dataset.
- Do not add `headers` or `env` auth fields to `.mcp.json` -- the server
handles authentication itself via the browser SSO flow.
4 changes: 2 additions & 2 deletions rh-basic/skills/red-hat-support-severity/SKILL.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ license: Apache-2.0
user_invocable: true
model: inherit
color: cyan
allowed-tools: cve-detail
allowed-tools: get_cve_by_id
---

# Red Hat Support Ticket Severity Helper
Expand Down Expand Up @@ -39,7 +39,7 @@ When the user needs to determine the correct severity for a Red Hat support tick
| Partial loss or workaround exists in production; significant dev/test impact | Sev 3 -- Medium |
| Minor issue, informational question, low dev/test impact | Sev 4 -- Low |

CVE adjustment: If a CVE is mentioned, call `cve-mcp -> cve-detail`. A Critical or Important CVE with a known exploit on an unpatched production system that is not fully down -> recommend Sev 2, not Sev 3.
CVE adjustment: If a CVE is mentioned, call `get_cve_by_id` (from `red-hat-security`) with `cve_id`. A Critical or Important CVE with a known exploit on an unpatched production system that is not fully down -> recommend Sev 2, not Sev 3.

## SLA Reference

Expand Down
Loading