RHOAI CVE Analysis — Claude Code AgentSkill
A Claude Code AgentSkill that analyzes CVEs in
Red Hat OpenShift AI (RHOAI)
container image releases. It queries the Red Hat Pyxis container catalog and
Security Data API, then guides Claude through triaging each CVE to determine
actual impact on RHOAI workloads versus inherited noise from base image layers.
What It Does
When you invoke this skill, Claude will:
- Discover container images for a given RHOAI release via the Pyxis API
- Fetch CVE details (severity, CVSS, Red Hat statements, fix states) from the Red Hat Security Data API
- Triage each CVE using a structured decision tree with RHOAI-specific context
- Classify each CVE as AFFECTED, NOT_AFFECTED, MITIGATED, or DEFERRED
- Create remediation plans for any CVEs classified as AFFECTED
- Generate a markdown report summarizing the full analysis
For a typical RHOAI release, expect 70-90% of CVEs to be classified as
NOT_AFFECTED or MITIGATED — most come from UBI base image layers and don't
reach active RHOAI code paths.
Installation
Prerequisites
- Claude Code CLI installed
- Python 3.11+
uv for PEP 723 script execution- Network access to
catalog.redhat.com and access.redhat.com (no authentication required)
Install as a Standalone Skill
Copy or symlink the rhoai-cve-analysis directory into your Claude Code skills
directory:
# User-level (available in all projects)
cp -r rhoai-cve-analysis ~/.claude/skills/rhoai-cve-analysis
# Project-level (available only in a specific project)
cp -r rhoai-cve-analysis /path/to/your/project/.claude/skills/rhoai-cve-analysis
Claude Code auto-discovers skills in .claude/skills/ — no further
configuration is needed.
Install via Plugin Marketplace (Recommended)
This repository is structured as a Claude Code plugin marketplace. Add it and
install in two steps from within Claude Code:
# 1. Add this repo as a marketplace source
/plugin marketplace add maxamillion/agentskill-rhoai-cve-analysis
# 2. Install the plugin
/plugin install rhoai-cve-analysis@rhoai-security-tools
Install via Plugin Directory
For development or one-off use, load directly from a local clone:
claude --plugin-dir /path/to/agentskill-rhoai-cve-analysis/rhoai-cve-analysis
Usage
Once installed, invoke the skill from within Claude Code:
# If installed as a plugin
/rhoai-cve-analysis:rhoai-cve-analysis
# If installed as a standalone skill
/rhoai-cve-analysis
Claude will prompt you for the RHOAI release version (e.g., v2.21, v2.23)
and then execute the full analysis pipeline. You can also provide the version
directly:
/rhoai-cve-analysis:rhoai-cve-analysis v2.21
Output
The skill produces several artifacts in your working directory:
| File | Description |
|---|
manifest.json | All container images and their CVE IDs for the release |
cve_details.json | Detailed CVE data from Red Hat Security Data API |
analysis.json | Per-CVE classification and analysis produced by Claude |
report.md | Final human-readable markdown report |
Architecture
Pyxis API --> fetch_rhoai_cves.py --> manifest.json
|
Red Hat Security API --> fetch_cve_details.py --> cve_details.json
|
Claude triage (CVE_ANALYSIS_METHODOLOGY.md)
|
analysis.json
|
manifest.json + analysis.json --> generate_report.py --> report.md
Project Structure
.claude-plugin/
marketplace.json # Marketplace manifest (lists plugins)
rhoai-cve-analysis/ # Plugin root
.claude-plugin/
plugin.json # Plugin manifest (name, version, metadata)
skills/
rhoai-cve-analysis/ # Skill directory (auto-discovered)
SKILL.md # Skill definition (frontmatter + workflow)
scripts/
fetch_rhoai_cves.py # Pyxis API query (PEP 723, run via uv)
fetch_cve_details.py # Red Hat Security Data API fetch
generate_report.py # Markdown report generator
references/
CVE_ANALYSIS_METHODOLOGY.md # Decision tree for CVE impact analysis
RED_HAT_SECURITY_API.md # API endpoint reference
REPORT_FORMAT.md # Report structure specification
assets/
report_template.md # Mustache-style report template
maxamillion
