扫描报告
5 /100
vmware-storage
VMware vSphere storage management skill for datastores, iSCSI, and vSAN clusters
This is a legitimate VMware storage management skill consisting only of documentation files. No executable code is present in this package—all implementation is delivered via the externally-installed vmware-storage CLI tool. Declared capabilities are consistent with documented behavior.
可以安装
This skill is safe to use. No security concerns identified. The skill correctly declares Bash as its allowed tool and provides comprehensive documentation for VMware storage management operations.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md:allowed-tools declares Bash; CLI commands require shell execution |
| 文件系统 | NONE | NONE | — | No file operations in documentation; config files managed externally |
| 网络访问 | NONE | NONE | — | vSphere connections documented but handled by pyVmomi in installed package |
| 环境变量 | NONE | NONE | — | Credential loading documented but in external package |
2 项发现
提示 邮箱 邮箱地址
[email protected] references/setup-guide.md:53 提示 邮箱 邮箱地址
[email protected] references/setup-guide.md:258 目录结构
5 文件 · 33.0 KB · 901 行 Markdown 4f · 864L
JSON 1f · 37L
├─
▾
evals
│ └─
evals.json
JSON
├─
▾
references
│ ├─
capabilities.md
Markdown
│ ├─
cli-reference.md
Markdown
│ └─
setup-guide.md
Markdown
└─
SKILL.md
Markdown
安全亮点
✓ Comprehensive documentation with clear scope boundaries (storage-only, no VM operations)
✓ Declared Bash tool aligns with legitimate CLI execution needs
✓ Strong safety features documented: double confirmation, dry-run mode, input validation
✓ Prompt injection defense via sanitize() function documented
✓ Credential handling follows best practices (env vars only, not in config)
✓ Audit logging via vmware-policy provides operation traceability
✓ No suspicious patterns detected (no base64, eval, curl|bash, direct IP exfil)
✓ No access to sensitive paths like ~/.ssh or ~/.aws