中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:2 天前 重新扫描
5 /100
vmware-nsx-security
VMware NSX DFW microsegmentation and security — 20 MCP tools for distributed firewall, security groups, VM tags, Traceflow, and IDPS
This is a well-documented VMware NSX security management skill with no malicious behavior, no hidden functionality, and comprehensive safety controls covering audit logging, input validation, credential handling, and dry-run modes.
技能名称vmware-nsx-security
分析耗时35.0s
引擎pi
可以安装
Approve for use. The skill is a legitimate infrastructure management tool with appropriate documentation, audit controls, and no high-risk indicators.

安全发现 1 项

严重性 安全发现 位置
低危
Bash allowed-tools declaration is broad
The 'Bash' tool is declared with no version pinning on the vmware-nsx-security package. The tool installs via 'uv tool install vmware-nsx-security' without a version constraint.
installer: kind: uv, package: vmware-nsx-security
→ Pin the installer to a specific version: '[email protected]' to prevent supply-chain substitution
 SKILL.md:9
资源类型声明权限推断权限状态证据
文件系统 WRITE WRITE ✓ 一致 Reads/writes config.yaml, audit.db, .env (all explicitly documented)
网络访问 READ READ ✓ 一致 HTTPS REST calls to NSX Manager on port 443 only (documented in SKILL.md archite…
命令执行 WRITE WRITE ✓ 一致 Bash tool scoped to CLI invocation (vmware-nsx-security doctor, policy list, etc…
环境变量 READ READ ✓ 一致 Reads VMWARE_NSX_SECURITY_*_PASSWORD and VMWARE_NSX_SECURITY_CONFIG — explicitly…

目录结构

5 文件 · 27.2 KB · 825 行
Markdown 4f · 787L JSON 1f · 38L
├─ 📁 evals
│ └─ 📋 evals.json JSON 38L · 1.3 KB
├─ 📁 references
│ ├─ 📝 capabilities.md Markdown 101L · 4.3 KB
│ ├─ 📝 cli-reference.md Markdown 209L · 4.7 KB
│ └─ 📝 setup-guide.md Markdown 175L · 3.7 KB
└─ 📝 SKILL.md Markdown 302L · 13.2 KB

依赖分析 2 项

包名版本来源已知漏洞备注
vmware-nsx-security * uv tool install Version not pinned in SKILL.md installer declaration
vmware-policy * auto-installed dependency Companion skill for audit logging, auto-installed

安全亮点

✓ All 20 MCP tools and CLI commands fully documented with descriptions
✓ Comprehensive audit logging to ~/.vmware/audit.db via vmware-policy framework
✓ Credential safety: passwords loaded only from environment variables, never from config.yaml
✓ Input validation with safe character set enforcement documented
✓ Prompt injection defense via _sanitize() function documented
✓ Dry-run mode available for all write operations
✓ Double confirmation required for destructive operations (delete)
✓ .env file permissions validated (chmod 600) by doctor command
✓ No high-risk indicators found: no base64, no eval, no direct IP exfil, no credential harvesting
✓ No hidden functionality — all operations match documentation
✓ MCP server uses stdio transport only (local, no network listener)
✓ All NSX API calls over HTTPS port 443 to declared targets