Scan Report
5 /100
vmware-avi
VMware AVI (NSX Advanced Load Balancer) application delivery and AKO Kubernetes operations skill with 29 MCP tools
Documentation-only VMware AVI skill with comprehensive security controls. All capabilities are clearly declared with appropriate audit, confirmation, and sanitization measures.
Safe to install
This skill is safe to use. No security concerns identified.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file operations declared or performed in documentation |
| Network | READ | READ | ✓ Aligned | AVI Controller API and K8s API access for load balancer operations |
| Shell | WRITE | WRITE | ✓ Aligned | Bash tool declared; required for kubectl, helm, avisdk CLI execution |
| Environment | READ | READ | ✓ Aligned | Reads controller passwords from VMWARE_AVI_CONFIG and <CONTROLLER>_PASSWORD env … |
| Skill Invoke | NONE | NONE | — | No cross-skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access documented |
| Browser | NONE | NONE | — | No browser automation |
| Database | READ | READ | ✓ Aligned | Reads audit.db for policy checks, writes audit logs |
4 findings
Medium External URL 外部 URL
https://projects.registry.vmware.com/chartrepo/ako references/setup-guide.md:145 Medium External URL 外部 URL
https://avi-controller.example.com/api/cluster references/setup-guide.md:278 Medium External URL 外部 URL
https://kubernetes.io/docs/tasks/tools/ references/setup-guide.md:296 Medium External URL 外部 URL
https://helm.sh/docs/intro/install/. references/setup-guide.md:296 File Tree
4 files · 33.4 KB · 789 lines Markdown 4f · 789L
├─
▾
references
│ ├─
capabilities.md
Markdown
│ ├─
cli-reference.md
Markdown
│ └─
setup-guide.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ Comprehensive audit logging via vmware-policy to ~/.vmware/audit.db
✓ Double confirmation required for destructive operations (VS disable, pool disable, AKO restart, config upgrade)
✓ Input sanitization prevents prompt injection via API responses
✓ Credentials stored separately from config in .env with strict file permissions
✓ TLS verification enabled by default for Controller connections
✓ Policy enforcement via ~/.vmware/rules.yaml for deny rules and maintenance windows
✓ Dry-run default for Helm upgrades to prevent accidental changes
✓ Documentation thoroughly describes all 29 tools and their risk levels
✓ No hidden functionality detected - all capabilities declared in SKILL.md
✓ Read-only operations (22/29 tools) dominate the toolset