扫描报告
0 /100
vmware-monitor
Read-only VMware vCenter/ESXi monitoring skill with 8 MCP tools and CLI for listing VMs, hosts, datastores, clusters, alarms, and events
vmware-monitor is a legitimate read-only VMware vCenter/ESXi monitoring tool. All documented capabilities are read-only; no destructive code paths exist in the codebase. No credential harvesting, exfiltration, or hidden functionality detected.
可以安装
This skill is safe to use. Follow the documented installation method (uv tool install). Always use a read-only vSphere service account for credentials to minimize blast radius.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | READ | ✓ 一致 | Reads ~/.vmware-monitor/config.yaml and ~/.vmware-monitor/.env for configuration… |
| 网络访问 | NONE | READ | ✓ 一致 | Connects to vCenter/ESXi via pyVmomi SOAP API (documented read-only monitoring) |
| 命令执行 | WRITE | WRITE | ✓ 一致 | Bash tool used to invoke vmware-monitor CLI (documented, minimal surface) |
| 环境变量 | NONE | READ | ✓ 一致 | Reads VMWARE_MONITOR_CONFIG and .env for target config (documented) |
| 技能调用 | NONE | NONE | — | No cross-skill invocation observed |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser access |
| 数据库 | NONE | READ | ✓ 一致 | Reads audit.db via vmware-policy for logging (documented, local SQLite only) |
目录结构
5 文件 · 22.3 KB · 548 行 Markdown 4f · 510L
JSON 1f · 38L
├─
▾
evals
│ └─
evals.json
JSON
├─
▾
references
│ ├─
capabilities.md
Markdown
│ ├─
cli-reference.md
Markdown
│ └─
setup-guide.md
Markdown
└─
SKILL.md
Markdown
安全亮点
✓ Zero destructive code paths — vmware-monitor explicitly does not contain power, create, delete, snapshot, or modify operations
✓ All operations audited to ~/.vmware/audit.db via vmware-policy decorator
✓ Webhook notifications send only to user-configured HTTP endpoints (Slack/Discord) with no credential or PII exfiltration
✓ Source code is fully open source (MIT) on GitHub — reviewable before deployment
✓ Credentials stored in ~/.vmware-monitor/.env (chmod 600) with no storage of passwords in config.yaml
✓ Prompt injection protection: vSphere event/log content is truncated, stripped of control chars, and wrapped in boundary markers
✓ MCP tools are all read-only (list_virtual_machines, list_esxi_hosts, list_all_datastores, list_all_clusters, get_alarms, get_events, vm_info)
✓ CLI uses uv tool install with version pinning from PyPI — no curl|bash or wget|sh remote script execution
✓ TLS verification enabled by default; disableSslCertValidation only for isolated lab environments with self-signed certs
✓ Suggests using a read-only vSphere service account, minimizing blast radius if credentials are compromised