cve-impact
CVE Impact Analysis Skill
This skill helps SREs analyze CVE vulnerabilities to understand their impact on systems before creating remediation playbooks.
🚨 SYSTEM-LEVEL (CVEs on device X): Your first reply to the user MUST be the pagination prompt (Step -1). Do NOT call inventory__find_host_by_name or vulnerability__get_system_cves until the user responds. Do not validate MCP or resolve hostname first—HITL comes first.
Integration with Remediation Skill: The /remediation skill orchestrates this skill as part of its Step 1 (Impact Analysis) workflow for complex remediation scenarios. For simple standalone impact analysis, you can invoke this skill directly.
Invocation Note (Host-Specific)
When invoked by another skill (e.g. remediation), use the Skill tool—do NOT use "Task Output" with the skill name as task ID. That causes "No task found with ID: cve-impact". See skill-invocation.md.
Prerequisites
Required MCP Servers: lightspeed-mcp (setup guide)
Required MCP Tools:
get_cves(from lightspeed-mcp) - List/query CVEs by severityget_cve(from lightspeed-mcp) - Get specific CVE details