Stats
Links
Categories
Help us improve
Share bugs, ideas, or general feedback.
Security analysis tools for Red Hat OpenShift AI
npx claudepluginhub maxamillion/agentskill-rhoai-cve-analysisAnalyzes CVEs in RHOAI releases by querying Pyxis and Red Hat Security APIs
Claude Code marketplace entries for the plugin-safe Antigravity Awesome Skills library and its compatible editorial bundles.
Production-ready workflow orchestration with 84 marketplace plugins, 192 local specialized agents, and 156 local skills - optimized for granular installation and minimal token usage
Directory of popular Claude Code extensions including development tools, productivity plugins, and MCP integrations
Share bugs, ideas, or general feedback.
A Claude Code AgentSkill that analyzes CVEs in Red Hat OpenShift AI (RHOAI) container image releases. It queries the Red Hat Pyxis container catalog and Security Data API, then guides Claude through triaging each CVE to determine actual impact on RHOAI workloads versus inherited noise from base image layers.
When you invoke this skill, Claude will:
For a typical RHOAI release, expect 70-90% of CVEs to be classified as NOT_AFFECTED or MITIGATED — most come from UBI base image layers and don't reach active RHOAI code paths.
uv for PEP 723 script executioncatalog.redhat.com and access.redhat.com (no authentication required)Copy or symlink the rhoai-cve-analysis directory into your Claude Code skills
directory:
# User-level (available in all projects)
cp -r rhoai-cve-analysis ~/.claude/skills/rhoai-cve-analysis
# Project-level (available only in a specific project)
cp -r rhoai-cve-analysis /path/to/your/project/.claude/skills/rhoai-cve-analysis
Claude Code auto-discovers skills in .claude/skills/ — no further
configuration is needed.
This repository is structured as a Claude Code plugin marketplace. Add it and install in two steps from within Claude Code:
# 1. Add this repo as a marketplace source
/plugin marketplace add maxamillion/agentskill-rhoai-cve-analysis
# 2. Install the plugin
/plugin install rhoai-cve-analysis@rhoai-security-tools
For development or one-off use, load directly from a local clone:
claude --plugin-dir /path/to/agentskill-rhoai-cve-analysis/rhoai-cve-analysis
Once installed, invoke the skill from within Claude Code:
# If installed as a plugin
/rhoai-cve-analysis:rhoai-cve-analysis
# If installed as a standalone skill
/rhoai-cve-analysis
Claude will prompt you for the RHOAI release version (e.g., v2.21, v2.23)
and then execute the full analysis pipeline. You can also provide the version
directly:
/rhoai-cve-analysis:rhoai-cve-analysis v2.21
The skill produces several artifacts in your working directory:
| File | Description |
|---|---|
manifest.json | All container images and their CVE IDs for the release |
cve_details.json | Detailed CVE data from Red Hat Security Data API |
analysis.json | Per-CVE classification and analysis produced by Claude |
report.md | Final human-readable markdown report |
Pyxis API --> fetch_rhoai_cves.py --> manifest.json
|
Red Hat Security API --> fetch_cve_details.py --> cve_details.json
|
Claude triage (CVE_ANALYSIS_METHODOLOGY.md)
|
analysis.json
|
manifest.json + analysis.json --> generate_report.py --> report.md
.claude-plugin/
marketplace.json # Marketplace manifest (lists plugins)
rhoai-cve-analysis/ # Plugin root
.claude-plugin/
plugin.json # Plugin manifest (name, version, metadata)
skills/
rhoai-cve-analysis/ # Skill directory (auto-discovered)
SKILL.md # Skill definition (frontmatter + workflow)
scripts/
fetch_rhoai_cves.py # Pyxis API query (PEP 723, run via uv)
fetch_cve_details.py # Red Hat Security Data API fetch
generate_report.py # Markdown report generator
references/
CVE_ANALYSIS_METHODOLOGY.md # Decision tree for CVE impact analysis
RED_HAT_SECURITY_API.md # API endpoint reference
REPORT_FORMAT.md # Report structure specification
assets/
report_template.md # Mustache-style report template