Scan Report
0 /100
vmware-monitor
Read-only VMware vCenter/ESXi monitoring skill with 8 MCP tools and CLI for listing VMs, hosts, datastores, clusters, alarms, and events
vmware-monitor is a legitimate read-only VMware vCenter/ESXi monitoring tool. All documented capabilities are read-only; no destructive code paths exist in the codebase. No credential harvesting, exfiltration, or hidden functionality detected.
Safe to install
This skill is safe to use. Follow the documented installation method (uv tool install). Always use a read-only vSphere service account for credentials to minimize blast radius.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | READ | ✓ Aligned | Reads ~/.vmware-monitor/config.yaml and ~/.vmware-monitor/.env for configuration… |
| Network | NONE | READ | ✓ Aligned | Connects to vCenter/ESXi via pyVmomi SOAP API (documented read-only monitoring) |
| Shell | WRITE | WRITE | ✓ Aligned | Bash tool used to invoke vmware-monitor CLI (documented, minimal surface) |
| Environment | NONE | READ | ✓ Aligned | Reads VMWARE_MONITOR_CONFIG and .env for target config (documented) |
| Skill Invoke | NONE | NONE | — | No cross-skill invocation observed |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser access |
| Database | NONE | READ | ✓ Aligned | Reads audit.db via vmware-policy for logging (documented, local SQLite only) |
File Tree
5 files · 22.3 KB · 548 lines Markdown 4f · 510L
JSON 1f · 38L
├─
▾
evals
│ └─
evals.json
JSON
├─
▾
references
│ ├─
capabilities.md
Markdown
│ ├─
cli-reference.md
Markdown
│ └─
setup-guide.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ Zero destructive code paths — vmware-monitor explicitly does not contain power, create, delete, snapshot, or modify operations
✓ All operations audited to ~/.vmware/audit.db via vmware-policy decorator
✓ Webhook notifications send only to user-configured HTTP endpoints (Slack/Discord) with no credential or PII exfiltration
✓ Source code is fully open source (MIT) on GitHub — reviewable before deployment
✓ Credentials stored in ~/.vmware-monitor/.env (chmod 600) with no storage of passwords in config.yaml
✓ Prompt injection protection: vSphere event/log content is truncated, stripped of control chars, and wrapped in boundary markers
✓ MCP tools are all read-only (list_virtual_machines, list_esxi_hosts, list_all_datastores, list_all_clusters, get_alarms, get_events, vm_info)
✓ CLI uses uv tool install with version pinning from PyPI — no curl|bash or wget|sh remote script execution
✓ TLS verification enabled by default; disableSslCertValidation only for isolated lab environments with self-signed certs
✓ Suggests using a read-only vSphere service account, minimizing blast radius if credentials are compromised