中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:2 days ago Rescan
5 /100
vmware-storage
VMware vSphere storage management skill for datastores, iSCSI, and vSAN clusters
This is a legitimate VMware storage management skill consisting only of documentation files. No executable code is present in this package—all implementation is delivered via the externally-installed vmware-storage CLI tool. Declared capabilities are consistent with documented behavior.
Skill Namevmware-storage
Duration23.3s
Enginepi
Safe to install
This skill is safe to use. No security concerns identified. The skill correctly declares Bash as its allowed tool and provides comprehensive documentation for VMware storage management operations.
ResourceDeclaredInferredStatusEvidence
Shell WRITE WRITE ✓ Aligned SKILL.md:allowed-tools declares Bash; CLI commands require shell execution
Filesystem NONE NONE No file operations in documentation; config files managed externally
Network NONE NONE vSphere connections documented but handled by pyVmomi in installed package
Environment NONE NONE Credential loading documented but in external package
2 findings
📧
Info Email 邮箱地址
[email protected]
references/setup-guide.md:53
📧
Info Email 邮箱地址
[email protected]
references/setup-guide.md:258

File Tree

5 files · 33.0 KB · 901 lines
Markdown 4f · 864L JSON 1f · 37L
├─ 📁 evals
│ └─ 📋 evals.json JSON 37L · 1.2 KB
├─ 📁 references
│ ├─ 📝 capabilities.md Markdown 81L · 5.1 KB
│ ├─ 📝 cli-reference.md Markdown 220L · 6.7 KB
│ └─ 📝 setup-guide.md Markdown 299L · 7.9 KB
└─ 📝 SKILL.md Markdown 264L · 12.0 KB

Security Positives

✓ Comprehensive documentation with clear scope boundaries (storage-only, no VM operations)
✓ Declared Bash tool aligns with legitimate CLI execution needs
✓ Strong safety features documented: double confirmation, dry-run mode, input validation
✓ Prompt injection defense via sanitize() function documented
✓ Credential handling follows best practices (env vars only, not in config)
✓ Audit logging via vmware-policy provides operation traceability
✓ No suspicious patterns detected (no base64, eval, curl|bash, direct IP exfil)
✓ No access to sensitive paths like ~/.ssh or ~/.aws