Rh virt security review#86
Conversation
|
WIP, DO NOT merge |
|
/skill-security-scan |
Gemini Code Review📝 Review details1. SummaryThis PR introduces several excellent security and reliability hardening measures across the
2. Project Rules ComplianceOverall, the PR does a fantastic job aligning with the project's security and HitL principles. However, there is one violation of the core design principles:
3. Code Quality IssuesNo functional bugs or broken links were found. The bash scripting for the linter and the GitHub Actions 4. Suggestions
5. VerdictREQUEST_CHANGES Please fix the Principle #1 (Document Consultation Transparency) violation in |
❌ Skill Security Scan📋 rh-virtAgent Skills Security Scan ReportTimestamp: 2026-05-07T09:32:38.739602+00:00 Summary
Findings by Severity
Skill Results[OK] vm-snapshot-delete
[FAIL] vm-rebalance
[OK] vm-clone
[OK] vm-delete
[OK] vm-snapshot-restore
[OK] vm-lifecycle-manager
[OK] vm-snapshot-list
[OK] vm-create
[FAIL] vm-snapshot-create
[OK] vm-inventory
Cross-Skill Findings
|
|
/skill-security-scan |
1 similar comment
|
/skill-security-scan |
…event command injection
…ualMachineSnapshot only
…ct prompt injection
…or read-only skill
… Read tool injection
…esource exhaustion
…tore allowed-tools
…nager allowed-tools
…m-create allowed-tools
… paths in vm-create
bd6722d to
e305fe2
Compare
|
/skill-security-scan |
|
● ## rh-virt Security Review Summary 32 issues resolved across all 10 skills in the By Severity
Resolved IssuesHIGH (7)
MEDIUM (17)
LOW (8)
Infrastructure Improvements
ConclusionThe |
…ersion Signed-off-by: r2dedios <alex.ansi.c@gmail.com>
|
|
||
| **3.0: Check ResourceQuota** (before presenting confirmation) | ||
|
|
||
| Use `resources_list` (apiVersion="v1", kind="ResourceQuota", namespace=`<target-namespace>`) to check if quotas exist. If a quota is found, compare current usage against limits for CPU, memory, and storage. If the clone would push usage above 80% of any limit, include a warning in the confirmation summary. |
There was a problem hiding this comment.
Here we use resources_list but the allowed-tools list has mcp__openshift-virtualization__resources_list.
I'm not sure what is the right option, but we must be consistent.
There was a problem hiding this comment.
the allowed-tools field was removed.
| - [network-errors.md](../../docs/troubleshooting/network-errors.md) - Network failures | ||
| - [runtime-errors.md](../../docs/troubleshooting/runtime-errors.md) - CrashLoopBackOff | ||
| - [Troubleshooting INDEX](../../docs/troubleshooting/INDEX.md) - Full error index | ||
| - [scheduling-errors.md](rh-virt/docs/troubleshooting/scheduling-errors.md) - ErrorUnschedulable (consulted Step 5a) |
There was a problem hiding this comment.
is the link correct? rh-virt folder is actually two parent levels above this SKILL.md file. Would the file be actually found?
There was a problem hiding this comment.
From our perspective the links will not work, correct. But in terms of security, providing paths from the project's root folder enhances security and protecting our SKILL from injection attacks.
Example. If lola install the skills under .claude/skills/<skill-name> and our relative link to docs is ../../docs/troubleshooting/guide.md, it resolves to .claude/docs/troubleshooting/guide.md and that path doesn't exist. This scenario could cause an attacker to introduce fake doc in that path. However, specifying ./rh-virt/docs/troubleshooting/guide.md will resolve to the correct file regardless of where the SKILL.md is read from.
There was a problem hiding this comment.
the point is that lola will not install such docs at all! it assumes docs are under skills// instead. please keep it as is as I'm preparing a bulk update of all docs to match the expected format
Summary
Pack(s) affected
rh-srerh-developerocp-adminrh-virtrh-ai-engineerChange type
mcps.json)CLAUDE.md compliance
${VAR}referencesValidation
make validatepasses locallyname,description)name,description)