| name | exploitiq-products |
| description | Use when the user wants to list, inspect, or delete products in the ExploitIQ service. Products group related CVE analysis reports for a software component. |
ExploitIQ Products
Manage products: list, inspect, and delete.
Determine Intent
From the user's input, determine which operation to perform:
List Products
Call mcp__exploitiq__list_products with any filters the user specified:
name — filter by product name
cveId — filter by CVE ID
page — page number (0-based)
pageSize — items per page
sortField — field to sort by (default: submittedAt)
sortDirection — ASC or DESC (default: DESC)
Response: Array<ProductSummary>
Each item has a nested data and summary structure:
data.id — Product ID
data.name — Product name
data.version — Product version
data.submittedAt — ISO timestamp of submission
data.completedAt — (optional) ISO timestamp of completion
data.submittedCount — Number of components submitted for scanning
data.cveId — CVE ID associated with this product
data.metadata — User-provided metadata (Record<string, string>)
data.submissionFailures[] — Components that failed to process:
.name — Component name
.version — Component version
.image — Component image
.error — Error message
summary.productState — Overall product analysis state
summary.statusCounts — Map of analysis state → count (e.g., {"completed": 3, "queued": 1})
summary.justificationStatusCounts — Map of verdict → count (e.g., {"true": 2, "false": 1})
summary.singleComponentFlowScanId — (optional) Scan ID for single-component direct navigation
Present results as a table:
| Product ID | Name | Version | CVE | Components | State | Submitted |
|---|
data.id | data.name | data.version | data.cveId | data.submittedCount | summary.productState | data.submittedAt |
If there are multiple pages, note the total count and current page.
Get Product Details
Call mcp__exploitiq__get_product with the product ID the user provided.
Response: ProductSummary
Same structure as a single item from the list (nested data and summary).
Present:
- Product ID:
data.id
- Name:
data.name
- Version:
data.version
- CVE:
data.cveId
- State:
summary.productState
- Submitted:
data.submittedAt
- Completed:
data.completedAt (or "In progress" if absent)
- Components Submitted:
data.submittedCount
Status Breakdown:
| Analysis State | Count |
|---|
| completed | summary.statusCounts.completed |
| queued | summary.statusCounts.queued |
| ... | ... |
Verdict Breakdown:
| Verdict | Count |
|---|
| Vulnerable (true) | summary.justificationStatusCounts.true |
| Not Vulnerable (false) | summary.justificationStatusCounts.false |
| Uncertain (unknown) | summary.justificationStatusCounts.unknown |
If data.submissionFailures is non-empty, show:
Failed Components:
| Component | Version | Error |
|---|
name | version | error |
To see individual component reports, suggest: "Use list_cve_reports with productId filter to see individual analysis results."
Delete a Product
- Warn the user: "Deleting product
data.name will also delete all associated component analysis reports. Are you sure?"
- If confirmed, call
mcp__exploitiq__delete_product with the product ID
- Confirm deletion to the user