AgentSkillsCN

cve-validation

**关键**:此技能仅用于 CVE 验证查询。切勿直接使用 get_cve 等原始 MCP 工具。 在 Red Hat Insights 中验证 CVE 标识符,并检查补丁修复的可用性。当您需要确认某个 CVE 是否真实存在、评估其严重程度,并在着手制定修复计划之前确认是否具备自动修复功能时,可使用此技能。 该技能通过调用 MCP 工具(get_cve),提供全面的 CVE 验证服务,包括格式检查、存在性验证以及修复可用性评估。 **重要提示**:在进行 CVE 验证时,请务必使用此技能,而非直接调用 get_cve。

SKILL.md
--- frontmatter
name: cve-validation
description: |
  **CRITICAL**: This skill must be used for CVE validation queries. DO NOT use raw MCP tools like get_cve directly.

  Validate CVE identifiers and check remediation availability in Red Hat Insights. Use this skill when you need to verify a CVE exists, check its severity, and confirm automated remediation is available before proceeding with remediation planning.

  This skill orchestrates MCP tools (get_cve) to provide comprehensive CVE validation with format checking, existence verification, and remediation availability assessment.

  **IMPORTANT**: ALWAYS use this skill instead of calling get_cve directly for CVE validation tasks.

CVE Validation Skill

This skill validates CVE identifiers and checks remediation availability in Red Hat Insights, ensuring CVEs are valid and remediable before investing effort in remediation planning.

Integration with Remediator Agent: The remediator agent orchestrates this skill as part of its Step 2 (Validate CVE) workflow. For standalone CVE validation, you can invoke this skill directly.

When to Use This Skill

Use this skill directly when you need:

  • Quick validation of CVE identifier format and existence
  • Check if automated remediation is available
  • Verify CVE metadata before analysis
  • Validate CVE lists for batch operations

Use the remediator agent when you need:

  • Full remediation workflow (validation + analysis + playbook + execution)
  • Integrated CVE validation as part of remediation planning

How they work together: The remediator agent invokes this skill early in the workflow to fail fast if a CVE is invalid or has no automated remediation, saving time and effort.

Workflow

1. CVE Format Validation

Validate CVE identifier format before calling MCP tools:

python
CVE Format: CVE-YYYY-NNNNN
Where:
- YYYY = 4-digit year (1999-2026)
- NNNNN = 4-7 digit sequence number

Valid Examples:
- CVE-2024-1234
- CVE-2023-12345
- CVE-2021-1234567

Invalid Examples:
- CVE-24-1234 (year must be 4 digits)
- CVE-2024-ABC (sequence must be numeric)
- 2024-1234 (missing CVE- prefix)

Quick Regex Check:

code
Pattern: ^CVE-\d{4}-\d{4,7}$

If invalid format:
→ Return error immediately
→ Suggest format correction
→ Do not proceed to MCP tool calls

2. CVE Metadata Retrieval

MCP Tool: get_cve (from insights-mcp vulnerability toolset)

Retrieve CVE metadata from Red Hat Insights:

json
{
  "cve_id": "CVE-2024-1234",
  "cvss_score": 7.5,
  "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "severity": "Important",  # Red Hat severity rating
  "description": "A vulnerability in Apache HTTPD...",
  "published_date": "2024-01-15",
  "modified_date": "2024-01-20",

  "affected_packages": [
    {
      "name": "httpd",
      "version": "2.4.37-1.el8",
      "fixed_version": "2.4.37-2.el8"
    }
  ],

  "references": [
    "https://access.redhat.com/errata/RHSA-2024:1234",
    "https://nvd.nist.gov/vuln/detail/CVE-2024-1234"
  ],

  "cwe": "CWE-400: Uncontrolled Resource Consumption",

  "exploitability": "Proof of concept available",
  "remediation_available": true,  # KEY FIELD
  "reboot_required": false
}

3. Validation Checks

Perform comprehensive validation:

A. Existence Check:

code
✓ CVE exists in Red Hat CVE database
✗ CVE not found → Return error with suggestions

B. Red Hat Relevance Check:

code
✓ CVE affects RHEL systems
✗ CVE is Windows/macOS specific → Not applicable to RHEL

C. Severity Classification:

code
Red Hat Severity Levels:
- Critical (CVSS 9.0-10.0): Immediate action required
- Important (CVSS 7.0-8.9): Urgent remediation needed
- Moderate (CVSS 4.0-6.9): Plan remediation
- Low (CVSS 0.1-3.9): Low priority

D. Remediation Availability Check:

code
Key Question: Can Red Hat Insights generate an automated playbook?

✓ remediation_available = true
  → Proceed with automated remediation
  → Use create_vulnerability_playbook tool

✗ remediation_available = false
  → Manual remediation required
  → Provide manual steps based on affected packages

E. Package Information Validation:

code
Check affected_packages array:
✓ Packages identified: httpd-2.4.37-1.el8
✓ Fixed version available: httpd-2.4.37-2.el8
✓ Package exists in RHEL repositories

This information will be used by playbook-generator skill.

4. Return Validation Result

Return structured validation result:

json
{
  "validation_status": "valid",  # or "invalid", "not_found", "not_remediable"

  "cve_metadata": {
    "cve_id": "CVE-2024-1234",
    "cvss_score": 7.5,
    "severity": "Important",
    "description": "Brief description...",
    "published_date": "2024-01-15"
  },

  "remediation_status": {
    "automated_remediation_available": true,
    "reboot_required": false,
    "affected_packages": [
      {
        "name": "httpd",
        "current_version": "2.4.37-1.el8",
        "fixed_version": "2.4.37-2.el8"
      }
    ]
  },

  "recommendations": [
    "Automated remediation available via Red Hat Insights",
    "No reboot required for this CVE",
    "Severity: Important - Urgent remediation recommended",
    "Test in staging environment before production deployment"
  ],

  "next_steps": [
    "Analyze CVE impact (use cve-impact skill)",
    "Gather system context (use system-context skill)",
    "Generate remediation playbook (use playbook-generator skill)"
  ]
}

Output Template

When completing CVE validation, provide output in this format:

markdown
# CVE Validation Result

## CVE: CVE-YYYY-NNNNN
**Status**: ✓ Valid

## CVE Information
**CVSS Score**: 7.5 (Important)
**Published**: 2024-01-15
**Description**: [Brief description of the vulnerability]

## Affected Packages
- httpd-2.4.37-1.el8 → httpd-2.4.37-2.el8 (fixed)

## Remediation Status
✓ **Automated Remediation Available**
✓ Package updates available
✗ Reboot NOT required

## Severity Assessment
**Red Hat Severity**: Important
**Priority**: P1 - Urgent remediation recommended
**Response Time**: Within 7 days

## Recommendations
1. Automated remediation available via Red Hat Insights
2. No reboot required - minimal disruption
3. Test in staging environment first
4. Schedule deployment during change window

## Next Steps
1. Analyze CVE impact → Use cve-impact skill
2. Gather system context → Use system-context skill
3. Generate remediation playbook → Use playbook-generator skill
4. Execute remediation → Follow playbook instructions
5. Verify success → Use remediation-verifier skill

Examples

Example 1: Valid CVE with Automated Remediation

User Request: "Validate CVE-2024-1234"

Skill Response:

  1. Check format → Valid (CVE-2024-1234)
  2. Call get_cve → CVE found in database
  3. Check remediation_available → true
  4. Extract metadata → CVSS 7.5, Important severity, httpd package
  5. Return: "Valid CVE, automated remediation available, proceed with workflow"

Example 2: Valid CVE, No Automated Remediation

User Request: "Validate CVE-2024-5678"

Skill Response:

  1. Check format → Valid
  2. Call get_cve → CVE found
  3. Check remediation_available → false
  4. Extract manual steps → Affected package: custom-app-1.0
  5. Return: "Valid CVE but no automated playbook. Manual remediation required: yum update custom-app"

Example 3: Invalid CVE Format

User Request: "Validate CVE-24-1234"

Skill Response:

  1. Check format → Invalid (year must be 4 digits)
  2. Return error immediately without MCP call
  3. Suggest correction: "Did you mean CVE-2024-1234?"

Example 4: CVE Not Found

User Request: "Validate CVE-2024-999999"

Skill Response:

  1. Check format → Valid
  2. Call get_cve → 404 Not Found
  3. Return: "CVE not found in Red Hat database. Possible reasons: CVE too recent, doesn't affect RHEL, or invalid ID. Check NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-999999"

Example 5: Batch Validation

User Request: "Validate CVE-2024-1234, CVE-2024-5678, CVE-2024-9012"

Skill Response:

  1. Validate each CVE sequentially
  2. Return summary:
    • CVE-2024-1234: ✓ Valid, automated remediation available
    • CVE-2024-5678: ✓ Valid, manual remediation required
    • CVE-2024-9012: ✗ Invalid format (CVE-2024-90124 has too many digits)
  3. Suggest: "Proceed with automated remediation for CVE-2024-1234, manual steps for CVE-2024-5678, correct format for third CVE"

Error Handling

CVE Format Invalid:

code
CVE Validation Failed: Invalid Format

Provided: CVE-24-1234
Expected Format: CVE-YYYY-NNNNN

Where:
- YYYY = 4-digit year (e.g., 2024)
- NNNNN = 4-7 digit sequence number

Suggestion: Did you mean CVE-2024-1234?

CVE Not Found in Database:

code
CVE Validation Failed: Not Found

CVE-YYYY-NNNNN was not found in the Red Hat CVE database.

Possible reasons:
1. CVE is too recent (not yet in Red Hat Insights)
2. CVE doesn't affect RHEL systems (Windows/macOS specific)
3. CVE ID is incorrect or doesn't exist

Next steps:
1. Verify CVE ID at NVD: https://nvd.nist.gov/vuln/detail/CVE-YYYY-NNNNN
2. Check Red Hat Security Advisories: https://access.redhat.com/security/cve/CVE-YYYY-NNNNN
3. Wait 24-48 hours if CVE was just published

CVE Exists But No Automated Remediation:

code
CVE Validation: Valid (No Automated Remediation)

CVE-YYYY-NNNNN is valid but does not have an automated remediation playbook.

CVE Details:
- CVSS Score: X.X
- Severity: Important
- Affected Packages: package-name-version

Manual Remediation Required:

1. Update package manually:
   ```bash
   # RHEL 8/9
   sudo dnf update package-name

   # RHEL 7
   sudo yum update package-name
  1. Restart service (if applicable):

    bash
    sudo systemctl restart service-name
    
  2. Verify fix:

    bash
    package-name --version
    

Would you like me to create a manual playbook template based on these steps?

code

**API Access Error**:

CVE Validation Failed: API Access Error

Unable to access Red Hat Insights API.

Possible causes:

  • Network connectivity issue
  • API authentication failure
  • Insights service temporarily unavailable

Troubleshooting:

  1. Check network connectivity: ping console.redhat.com
  2. Verify credentials: insights-client --status
  3. Check Insights service status: https://status.redhat.com
  4. Retry in a few minutes
code

## Best Practices

1. **Validate format first** - Don't waste API calls on malformed CVE IDs
2. **Check remediation availability** - Fail fast if no automated remediation
3. **Batch validation efficiently** - Validate multiple CVEs in parallel when possible
4. **Provide clear next steps** - Guide users to appropriate next action
5. **Include manual steps** - Always provide manual remediation guidance if automated is unavailable
6. **Link to official sources** - Include NVD and Red Hat Security links
7. **Cache validation results** - Avoid redundant API calls for same CVE

## Tools Reference

This skill primarily uses:
- `get_cve` (vulnerability toolset) - Get CVE metadata from Red Hat Insights

All tools are provided by the insights-mcp MCP server configured in `.mcp.json`.

## Integration with Other Skills

- **cve-impact**: Validates CVE before performing impact analysis
- **playbook-generator**: Only generates playbooks for valid, remediable CVEs
- **system-context**: Only gathers context for valid CVEs
- **remediation-verifier**: Validates CVE was properly remediated

**Orchestration Example** (from remediator agent):
1. User requests remediation for CVE-2024-1234
2. Agent invokes cve-validation skill → Confirms valid and remediable
3. Agent invokes cve-impact skill → Risk assessment
4. Agent invokes system-context skill → Deployment architecture
5. Agent invokes playbook-generator skill → Creates playbook
6. User executes playbook
7. Agent invokes remediation-verifier skill → Confirms success

**Validation-First Pattern**:

Always validate CVE before expensive operations: ✓ CVE valid? → Proceed ✗ CVE invalid? → Stop, return error

This saves time and avoids:

  • Unnecessary impact analysis
  • Wasted system context gathering
  • Failed playbook generation
code