remediation
**CRITICAL**: Use this skill for ALL CVE remediation workflows. DO NOT use individual skills piecemeal for end-to-end remediation. Use when users request: - CVE remediation playbooks or security patch deployment - Multi-step remediation (validation → context → playbook → execution) - Batch remediation across multiple systems or CVEs - End-to-end CVE management (analysis + remediation + verification) - Prioritizing and remediating CVEs (not just listing them) - Emergency security response with immediate remediation plans DO NOT use for simple queries: - "List critical CVEs" → Use `/cve-impact` skill - "What's the CVSS score for CVE-X?" → Use `/cve-impact` or `/cve-validation` - Standalone impact analysis without remediation → Use `/cve-impact` This skill orchestrates 6 specialized skills (cve-impact, cve-validation, system-context, playbook-generator, playbook-executor, remediation-verifier) for complete remediation workflows.
83
81%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that clearly defines its orchestration role, provides comprehensive trigger scenarios, and explicitly delineates boundaries with related skills. The inclusion of both positive triggers ('Use when') and negative triggers ('DO NOT use for') with specific routing guidance makes it highly effective for skill selection. The only minor note is the use of imperative voice in the opening line ('Use this skill'), but the rest maintains appropriate third-person framing.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: CVE remediation playbooks, security patch deployment, multi-step remediation (validation → context → playbook → execution), batch remediation, end-to-end CVE management, and emergency security response. Also names the 6 orchestrated sub-skills. | 3 / 3 |
Completeness | Clearly answers both 'what' (orchestrates 6 specialized skills for complete CVE remediation workflows including validation, context, playbook generation, execution, and verification) and 'when' (explicit 'Use when users request' section with detailed trigger scenarios, plus a 'DO NOT use for' section clarifying boundaries). | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms users would say: 'CVE remediation', 'security patch deployment', 'batch remediation', 'emergency security response', 'remediation playbooks', 'prioritizing and remediating CVEs'. These are terms a security professional would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Exceptionally distinctive with explicit boundary definitions. The 'DO NOT use for' section with specific routing to alternative skills (cve-impact, cve-validation) directly addresses conflict risk and makes it clear this is for end-to-end remediation workflows, not simple queries. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
62%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured orchestration skill with excellent workflow clarity and actionability—each step has concrete invocations, gate conditions, and error handling. However, it suffers significantly from verbosity and repetition: human-in-the-loop requirements are stated three times, dependencies are listed twice, and usage guidance duplicates the frontmatter. The content would benefit from aggressive deduplication and moving reference material (error handling, output formats, MCP tool notes) into separate files.
Suggestions
Eliminate repeated content: merge the 'Critical: Human-in-the-Loop Requirements' section into the workflow steps where they already exist, and remove the duplicate 'When to Use' section since it mirrors the frontmatter description.
Move 'Error Handling', 'Output Format', 'MCP Tool Usage', and 'Important Reminders' sections into a reference file (e.g., references/02-error-handling.md) to reduce the main skill to its core workflow.
Consolidate the 'Prerequisites' and 'Dependencies' sections into a single section to avoid listing related skills and MCP servers twice.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is extremely verbose at ~250+ lines with significant repetition. Human-in-the-loop requirements are stated in the workflow steps AND repeated in a dedicated section. The 'When to Use' section duplicates the frontmatter description. Dependencies are listed twice (Prerequisites and Dependencies sections). Many instructions explain things Claude already knows (e.g., 'Use actual tool calls, not text'). | 1 / 3 |
Actionability | The skill provides concrete invocation strings for each step, specific expected outputs, exact conditional logic (remediatable gate with explicit if/then branches), error handling with specific messages, and clear output format templates. Each step has executable guidance with specific tool names and parameters. | 3 / 3 |
Workflow Clarity | The 7-step workflow is clearly sequenced with explicit validation checkpoints (MCP validation at Step 0, remediatable gate at Step 2, user confirmation before Step 5). Feedback loops are present (dry-run → review → actual execution, fix and re-validate). Mandatory sequencing constraints are clearly stated with bold emphasis. Error recovery paths are defined for each failure mode. | 3 / 3 |
Progressive Disclosure | References to external files are well-signaled (remediation-plan-template.md, lightspeed-mcp-tool-failures.md, etc.) and one level deep. However, the main SKILL.md itself is monolithic with too much inline content that could be split out—the detailed error handling, output format, MCP tool usage notes, and critical reminders could live in reference files. The bundle files were not provided, so referenced paths cannot be verified. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
metadata_version | 'metadata.version' is missing | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Repository
- RHEcosystemAppEng/agentic-collections
- Commit
808fa5a
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.