vmware-avi 安全扫描报告 — 可信 | ClawSafe

5 /100

vmware-avi

VMware AVI (NSX Advanced Load Balancer) application delivery and AKO Kubernetes operations skill with 29 MCP tools

Documentation-only VMware AVI skill with comprehensive security controls. All capabilities are clearly declared with appropriate audit, confirmation, and sanitization measures.

技能名称vmware-avi

分析耗时30.7s

引擎pi

✓

可以安装

This skill is safe to use. No security concerns identified.

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No file operations declared or performed in documentation
网络访问	`READ`	`READ`	✓ 一致	AVI Controller API and K8s API access for load balancer operations
命令执行	`WRITE`	`WRITE`	✓ 一致	Bash tool declared; required for kubectl, helm, avisdk CLI execution
环境变量	`READ`	`READ`	✓ 一致	Reads controller passwords from VMWARE_AVI_CONFIG and <CONTROLLER>_PASSWORD env …
技能调用	`NONE`	`NONE`	—	No cross-skill invocation
剪贴板	`NONE`	`NONE`	—	No clipboard access documented
浏览器	`NONE`	`NONE`	—	No browser automation
数据库	`READ`	`READ`	✓ 一致	Reads audit.db for policy checks, writes audit logs

4 项发现

🔗

中危外部 URL 外部 URL

https://projects.registry.vmware.com/chartrepo/ako

references/setup-guide.md:145

🔗

中危外部 URL 外部 URL

https://avi-controller.example.com/api/cluster

references/setup-guide.md:278

🔗

中危外部 URL 外部 URL

https://kubernetes.io/docs/tasks/tools/

references/setup-guide.md:296

🔗

中危外部 URL 外部 URL

https://helm.sh/docs/intro/install/.

references/setup-guide.md:296

目录结构

4 文件 · 33.4 KB · 789 行

Markdown 4f · 789L

├─ ▾ 📁 references

│ ├─ 📝 capabilities.md Markdown 123L · 6.8 KB

│ ├─ 📝 cli-reference.md Markdown 119L · 6.0 KB

│ └─ 📝 setup-guide.md Markdown 306L · 8.7 KB

└─ 📝 SKILL.md Markdown 241L · 11.8 KB

安全亮点

✓ Comprehensive audit logging via vmware-policy to ~/.vmware/audit.db

✓ Double confirmation required for destructive operations (VS disable, pool disable, AKO restart, config upgrade)

✓ Input sanitization prevents prompt injection via API responses

✓ Credentials stored separately from config in .env with strict file permissions

✓ TLS verification enabled by default for Controller connections

✓ Policy enforcement via ~/.vmware/rules.yaml for deny rules and maintenance windows

✓ Dry-run default for Helm upgrades to prevent accidental changes

✓ Documentation thoroughly describes all 29 tools and their risk levels

✓ No hidden functionality detected - all capabilities declared in SKILL.md

✓ Read-only operations (22/29 tools) dominate the toolset