Run any Skill in Manus with one click

forensic-troubleshooter

Stars39

Forks26

UpdatedMay 26, 2026 at 11:17

Orchestrates forensic analysis of failed jobs with event extraction, host correlation, and resolution advisory. Use when: - "Job #X failed", "Why did the execution fail?" - "Analyze the failure", "What went wrong?" - "Root cause analysis of job #X" NOT for execution (use governance-executor) or platform assessment (use governance-assessor).

Installation

Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.

Run Skill in Manus

Source

RHEcosystemAppEng

RHEcosystemAppEng/agentic-collections

View GitHub Repository View Creator Repositories

Download

Run Skill in Manus

Related occupationsSOC

Based on SOC occupation classification

Software DevelopersComputer and Mathematical Occupations·SOC 15-1252

File Explorer

5 files

SKILL.md

readonly

name	forensic-troubleshooter
description	Orchestrates forensic analysis of failed jobs with event extraction, host correlation, and resolution advisory. Use when: - "Job #X failed", "Why did the execution fail?" - "Analyze the failure", "What went wrong?" - "Root cause analysis of job #X" NOT for execution (use governance-executor) or platform assessment (use governance-assessor).
model	inherit
color	yellow
license	Apache-2.0
allowed-tools	job_templates_list jobs_retrieve jobs_job_events_list jobs_job_host_summaries_list jobs_stdout_retrieve inventories_list hosts_list hosts_variable_data_retrieve notification_templates_list credentials_list instance_groups_list users_list

Forensic Troubleshooter

Prerequisites

Required MCP Servers: aap-mcp-job-management, aap-mcp-inventory-management Required Skills: aap-mcp-validator, job-failure-analyzer, host-fact-inspector, resolution-advisor, execution-summary

When to Use This Skill

Use this skill when:

User reports a failed job and wants to understand why
User asks for root cause analysis of a job failure
User asks to analyze job errors or failure events
After a governed execution fails (follow-up from governance-executor)

Do NOT use when:

User wants to execute a job (use governance-executor skill)
User wants to assess platform readiness (use governance-assessor skill)
User wants to check host facts without a failure context (use host-fact-inspector skill directly)

Workflow

1. Validate MCP Connectivity

Invoke the aap-mcp-validator skill:

Validate aap-mcp-job-management and aap-mcp-inventory-management
If any server fails: report and stop

2. Analyze Job Failure

Invoke the job-failure-analyzer skill:

The skill reads job-troubleshooting.md
Retrieves job status, extracts failure events, analyzes host summaries
Classifies the failure (Platform / Code / Configuration)
Reconstructs failure timeline
Reports structured analysis with Red Hat citations

Document Consultation (performed by the skill): The job-failure-analyzer skill reads job-troubleshooting.md and reports its consultation.

3. Correlate with Host Facts

Invoke the host-fact-inspector skill:

The skill reads job-troubleshooting.md
Looks up affected hosts from the failure analysis
Retrieves host variables/facts
Correlates errors with host system state
Reports correlation findings

Document Consultation (performed by the skill): The host-fact-inspector skill reads job-troubleshooting.md for correlation patterns.

4. Provide Resolution Advisory

Invoke the resolution-advisor skill:

The skill reads error-classification.md and job-troubleshooting.md
Determines the resolution path based on error classification and host correlation
Provides Red Hat documentation-backed resolution steps
Identifies related governance gaps

Document Consultation (performed by the skill): The resolution-advisor skill reads error-classification.md and job-troubleshooting.md.

5. Generate Execution Summary

Invoke the execution-summary skill:

Generate audit trail showing: documents consulted, failure classification basis, host correlations, resolution recommendations

Dependencies

Required Skills

aap-mcp-validator - MCP server validation
job-failure-analyzer - Event extraction and classification
host-fact-inspector - Host fact correlation
resolution-advisor - Resolution recommendations
execution-summary - Audit trail

Required MCP Servers

aap-mcp-job-management - Job events and host summaries
aap-mcp-inventory-management - Host facts for correlation

Required MCP Tools

None; delegated to sub-skills (job-failure-analyzer, host-fact-inspector).

Related Skills

governance-executor - If failure occurred during a governed execution
governance-assessor - If root cause points to platform governance gaps

Reference Documentation

job-troubleshooting.md - Event parsing, failure patterns, correlation
error-classification.md - Error taxonomy and resolution paths

Example Usage

Example 1: Single Job Failure

User: "Job #4451 failed. What happened?"

Agent:

Validates MCP connectivity via aap-mcp-validator
Invokes job-failure-analyzer:
- Retrieves job #4451 status: "failed"
- Extracts failure events: runner_on_failed on 2 hosts
- Classifies: Configuration error (missing variable db_password)
- Reconstructs timeline with Red Hat citations
Invokes host-fact-inspector:
- Looks up affected hosts: web-prod-01, web-prod-02
- Retrieves host facts: both running RHEL 9.2, same Ansible connection settings
- Correlates: variable db_password not defined in host vars or group vars
Invokes resolution-advisor:
- Classification: Configuration error → variable resolution
- Recommendation: "Define db_password via AAP credentials (Ch. 15, Sec. 15.1.4) rather than host vars"
Invokes execution-summary with full forensic audit trail

Example 2: Post-Execution Failure Follow-Up

User: "The execution just failed, can you investigate?"

Agent:

Identifies the most recent failed job from jobs_list
Follows the same forensic workflow: analyze → correlate → advise
If related to a governed execution, links back to the execution risk analysis

More from this repository

same repository

cve-impact

RHEcosystemAppEng/agentic-collections

**CRITICAL**: Use for ALL CVE discovery and listing. DO NOT call get_cves directly. Use when: "show critical CVEs", "CVEs on hostname X", "remediatable vulnerabilities", "impact of CVE-X", risk assessment. NOT for remediation (use `/remediation`). System-level: FIRST reply = pagination prompt (Step -1). Parsing: references/01-cve-response-parser.py.

2026-06-2339

fleet-inventory

RHEcosystemAppEng/agentic-collections

Query and display Red Hat Lightspeed managed system inventory. This skill focuses on discovery and listing only - for remediation actions, transition to the `/remediation` skill. Use when: - "Show the managed fleet" - "List all systems registered in Lightspeed" - "What systems are affected by CVE-X?" - "How many RHEL 8 systems do we have?" - "Show me production systems" **When NOT to use this skill** (use `/remediation` skill instead): - "Remediate CVE-X on these systems" - "Create a playbook for..." - "Patch system Y" This skill orchestrates MCP tools from lightspeed-mcp for fleet visibility and system inventory management.

2026-06-2339

mcp-lightspeed-validator

RHEcosystemAppEng/agentic-collections

Validate Red Hat Lightspeed MCP server connectivity. Use when the user asks to "validate Lightspeed MCP", "check Lightspeed connection", or when other skills need to verify lightspeed-mcp availability before CVE operations.

2026-06-2239

agentic-contribution-skill

RHEcosystemAppEng/agentic-collections

Interactive skill creation and import with automated validation and marketplace compliance. Use when: - "Create a new skill" - "Import an existing skill" - "Create a new agentic pack" - "Add skill to <pack>" - "Build skill for <rh-product>" - User mentions "skill builder", "contribute", "new skill", "import skill", or "new pack" Two modes: create from scratch or import existing SKILL.md. Guides through discovery, definition, generation, and validation. Enforces SKILL_DESIGN_PRINCIPLES.md and agentskills.io spec.

2026-06-1639

collection-compliance

RHEcosystemAppEng/agentic-collections

Diagnose and fix `.catalog/` validation failures (schema, roster, banners, sample workflows, JSON mirror). Use when: - `make validate` or CI reports collection compliance errors - A PR adds skills but catalog was not updated - `collection.json` is out of sync with `collection.yaml` - Catalog metadata/fragments might have drifted from README/CLAUDE/SKILL golden sources Remediation is via the create-collection workflow and `catalog_yaml_to_json.py`—not by weakening checks.

2026-06-1639

create-collection

RHEcosystemAppEng/agentic-collections

Author or refresh `<pack>/.catalog/collection.yaml` and related `.catalog/` artifacts from golden sources (SKILL.md, README, AGENTS.md, Lola marketplace). Use when: - Adding a new pack or refreshing the collection catalog for GitHub Pages / tooling - Aligning catalog narrative, sample workflows, and decision guide with skills on disk - Preparing a PR after changing skills or marketplace metadata Outputs only under `<pack>/.catalog/` (never overwrite README, SKILL, CLAUDE, or marketplace YAML).

2026-06-1639

name	forensic-troubleshooter
description	Orchestrates forensic analysis of failed jobs with event extraction, host correlation, and resolution advisory. Use when: - "Job #X failed", "Why did the execution fail?" - "Analyze the failure", "What went wrong?" - "Root cause analysis of job #X" NOT for execution (use governance-executor) or platform assessment (use governance-assessor).
model	inherit
color	yellow
license	Apache-2.0
allowed-tools	job_templates_list jobs_retrieve jobs_job_events_list jobs_job_host_summaries_list jobs_stdout_retrieve inventories_list hosts_list hosts_variable_data_retrieve notification_templates_list credentials_list instance_groups_list users_list

Forensic Troubleshooter

Prerequisites

When to Use This Skill

Use this skill when:

User reports a failed job and wants to understand why
User asks for root cause analysis of a job failure
User asks to analyze job errors or failure events
After a governed execution fails (follow-up from governance-executor)

Do NOT use when:

User wants to execute a job (use governance-executor skill)
User wants to assess platform readiness (use governance-assessor skill)
User wants to check host facts without a failure context (use host-fact-inspector skill directly)

Workflow

1. Validate MCP Connectivity

Invoke the aap-mcp-validator skill:

Validate aap-mcp-job-management and aap-mcp-inventory-management
If any server fails: report and stop

2. Analyze Job Failure

Invoke the job-failure-analyzer skill:

The skill reads job-troubleshooting.md
Retrieves job status, extracts failure events, analyzes host summaries
Classifies the failure (Platform / Code / Configuration)
Reconstructs failure timeline
Reports structured analysis with Red Hat citations

Document Consultation (performed by the skill): The job-failure-analyzer skill reads job-troubleshooting.md and reports its consultation.

3. Correlate with Host Facts

Invoke the host-fact-inspector skill:

The skill reads job-troubleshooting.md
Looks up affected hosts from the failure analysis
Retrieves host variables/facts
Correlates errors with host system state
Reports correlation findings

Document Consultation (performed by the skill): The host-fact-inspector skill reads job-troubleshooting.md for correlation patterns.

4. Provide Resolution Advisory

Invoke the resolution-advisor skill:

The skill reads error-classification.md and job-troubleshooting.md
Determines the resolution path based on error classification and host correlation
Provides Red Hat documentation-backed resolution steps
Identifies related governance gaps

Document Consultation (performed by the skill): The resolution-advisor skill reads error-classification.md and job-troubleshooting.md.

5. Generate Execution Summary

Invoke the execution-summary skill:

Generate audit trail showing: documents consulted, failure classification basis, host correlations, resolution recommendations

Dependencies

Required Skills

aap-mcp-validator - MCP server validation
job-failure-analyzer - Event extraction and classification
host-fact-inspector - Host fact correlation
resolution-advisor - Resolution recommendations
execution-summary - Audit trail

Required MCP Servers

aap-mcp-job-management - Job events and host summaries
aap-mcp-inventory-management - Host facts for correlation

Required MCP Tools

None; delegated to sub-skills (job-failure-analyzer, host-fact-inspector).

Related Skills

governance-executor - If failure occurred during a governed execution
governance-assessor - If root cause points to platform governance gaps

Reference Documentation

job-troubleshooting.md - Event parsing, failure patterns, correlation
error-classification.md - Error taxonomy and resolution paths

Example Usage

Example 1: Single Job Failure

User: "Job #4451 failed. What happened?"

Agent:

Validates MCP connectivity via aap-mcp-validator
Invokes job-failure-analyzer:
- Retrieves job #4451 status: "failed"
- Extracts failure events: runner_on_failed on 2 hosts
- Classifies: Configuration error (missing variable db_password)
- Reconstructs timeline with Red Hat citations
Invokes host-fact-inspector:
- Looks up affected hosts: web-prod-01, web-prod-02
- Retrieves host facts: both running RHEL 9.2, same Ansible connection settings
- Correlates: variable db_password not defined in host vars or group vars
Invokes resolution-advisor:
- Classification: Configuration error → variable resolution
- Recommendation: "Define db_password via AAP credentials (Ch. 15, Sec. 15.1.4) rather than host vars"
Invokes execution-summary with full forensic audit trail

Example 2: Post-Execution Failure Follow-Up

User: "The execution just failed, can you investigate?"

Agent:

Identifies the most recent failed job from jobs_list
Follows the same forensic workflow: analyze → correlate → advise
If related to a governed execution, links back to the execution risk analysis