vmware-vks Security Report — Low Risk | ClawSafe

15 /100

vmware-vks

AI-powered VMware vSphere with Tanzu (VKS) management — 20 MCP tools for Supervisor clusters, vSphere Namespaces, and TKC cluster lifecycle

Documentation-only skill for VMware VKS management with clear, reasonable security claims and no malicious indicators; actual functionality resides in an external PyPI package.

Skill Namevmware-vks

Duration34.5s

Enginepi

✓

Safe to install

The skill is low-risk but relies entirely on external package security. Consider pinning to a specific version and verifying the PyPI package hash before installation.

Findings 3 items

Severity	Finding	Location
Low	External package dependency This skill is documentation-only. Actual functionality comes from the vmware-vks PyPI package, which is not included in the skill bundle. Security claims in SKILL.md cannot be independently verified against actual code. `installer: kind: uv, package: vmware-vks` → Pin to a specific package version and verify package hash before installation. Review source at github.com/zw008/VMware-VKS before trusting.	`SKILL.md:1`
Low	Plaintext credential storage in .env Setup guide instructs users to store vCenter passwords in plaintext in ~/.vmware-vks/.env files. While this is a common pattern, no integration with secure credential stores (vault, HSM, keychain) is documented. `echo "VMWARE_VKS_VCENTER01_PASSWORD=your_password" > ~/.vmware-vks/.env` → Consider using OS-native credential storage (Keychain on macOS, pass/secretservice on Linux) or document that users should use encrypted filesystems.	`references/setup-guide.md:56`
Low	SSL verification opt-out supported The skill supports 'verify_ssl: false' in config for self-signed vCenter certificates. While documented as an enterprise standard, this introduces MITM attack vectors. `verify_ssl: false` → Add prominent warning that verify_ssl: false should only be used in isolated/air-gapped environments. Consider adding certificate pinning as an alternative.	`references/setup-guide.md:30`

Resource	Declared	Inferred	Status	Evidence
Shell	`WRITE`	`NONE`	✓ Aligned	SKILL.md declares Bash tool but contains no scripts; actual shell access would b…
Network	`READ`	`READ`	✓ Aligned	Outbound connections limited to configured vCenter host only (per security docum…
Environment	`NONE`	`READ`	✓ Aligned	Requires VMWARE_VKS_CONFIG and credential environment variables per metadata

1 findings

📧

Info Email 邮箱地址

[email protected]

references/setup-guide.md:53

File Tree

5 files · 23.9 KB · 615 lines

Markdown 4f · 577L JSON 1f · 38L

├─ ▾ 📁 evals

│ └─ 📋 evals.json JSON 38L · 1.3 KB

├─ ▾ 📁 references

│ ├─ 📝 capabilities.md Markdown 75L · 4.2 KB

│ ├─ 📝 cli-reference.md Markdown 127L · 3.6 KB

│ └─ 📝 setup-guide.md Markdown 125L · 4.5 KB

└─ 📝 SKILL.md Markdown 250L · 10.3 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`vmware-vks`	`*`	PyPI	No	Version not pinned; external package not included in skill bundle

Security Positives

✓ MIT-licensed with auditable source code at github.com/zw008/VMware-VKS

✓ 12/20 tools are read-only (60% read-only ratio)

✓ Dry-run defaults for all create operations

✓ Double confirmation required for destructive operations (delete_namespace, delete_tkc_cluster)

✓ Safety guards that prevent orphaned clusters and data loss

✓ No eval, exec, or subprocess calls with user-controlled data (per documentation)

✓ Network egress limited to user-configured vCenter only

✓ MCP transport uses stdio only (no listening ports)

✓ All write operations audit-logged to ~/.vmware-vks/audit.log

✓ No suspicious indicators: no base64, no direct IPs, no curl|bash patterns

Scan Report

Findings 3 items

File Tree

Dependencies 1 items

Security Positives