← Back to Skills Marketplace

Vmware Avi

Name: Vmware Avi
Author: zw008

by zw008 · GitHub ↗ · v1.5.15 · MIT-0

macoslinux ⚠ suspicious

399

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install vmware-avi

Description

Use this skill whenever the user mentions load balancing, ingress, virtual services, pool members, AVI, NSX ALB, AKO, or application delivery. Also trigger w...

Usage Guidance

This skill appears to do what it claims, but it requires access to sensitive local files: ~/.vmware-avi/config.yaml, ~/.vmware-avi/.env (controller passwords) and optionally your kubeconfig. Only install/run if you trust the vmware-avi package source (the README points to github.com/zw008/VMware-AVI). Before installing or enabling: (1) review the upstream repo and its release artifacts, (2) confirm the 'uv' package name maps to the expected project, (3) keep .env permissions to 600 and avoid committing it to source control, and (4) be cautious adding the MCP server to multi-tenant/shared agent setups because that integration will allow the agent process to read the same config/.env/kubeconfig. Note: there is a small metadata inconsistency about whether an installer is declared in the registry vs SKILL.md — verify the installer command you intend to run.

Capability Analysis

Type: OpenClaw Skill Name: vmware-avi Version: 1.5.15 The skill bundle provides extensive administrative control over VMware AVI load balancers and Kubernetes AKO deployments, including high-risk capabilities such as disabling virtual services (vs_toggle), restarting pods (ako_restart), and modifying Helm configurations (ako_config_upgrade). While these actions are aligned with the stated purpose and include safety features like audit logging via vmware-policy and double-confirmation prompts, the broad access to network resources, shell execution (kubectl/helm), and sensitive credentials in ~/.vmware-avi/.env meets the threshold for suspicious classification under the provided criteria. No evidence of intentional malice or data exfiltration was found in SKILL.md or the reference files.

Capability Tags

crypto

Capability Assessment

✓ Purpose & Capability

Name/description (AVI, virtual services, AKO, ingress) match the declared requirements: the skill expects the vmware-avi CLI, a config file (~/.vmware-avi/config.yaml) and controller passwords (.env or <CONTROLLER>_PASSWORD). Optional dependencies (kubectl, helm, kubeconfig) are explained and required only for AKO/Kubernetes operations.

ℹ Instruction Scope

SKILL.md instructs reading ~/.vmware-avi/config.yaml, ~/.vmware-avi/.env and (for AKO) the kubeconfig. Those are legitimate for controller and cluster operations but grant access to sensitive secrets (controller passwords and K8s credentials). The doc references troubleshooting env variables (UV_NATIVE_TLS, SSL_CERT_FILE) and tells you how to integrate the tool with MCP servers (which will load the config on startup). The instructions do not appear to ask for unrelated files or remote exfiltration, but they do permit the agent to read local secret files required for function.

ℹ Install Mechanism

The skill is instruction-only (no code files), and the SKILL.md shows an installer command using the 'uv' tool (uv tool install vmware-avi). This is a package-manager install (no direct arbitrary URL downloads). There is a minor metadata inconsistency: top-level registry notes said 'No install spec' while SKILL.md includes an 'installer: uv' entry — worth confirming but not a strong red flag. No suspicious direct-download URLs or extract steps are present.

ℹ Credentials

Requested environment/config values are proportional to the stated purpose: VMWARE_AVI_CONFIG (primary), per-controller password variables (e.g., PROD_AVI_PASSWORD) and KUBECONFIG for AKO mode. These grant highly sensitive access (controller admin passwords and kubeconfig credentials) but are expected for a tool that modifies load balancer state and AKO. Users should be aware that ~/.vmware-avi/.env will contain controller passwords and that kubeconfig gives cluster access.

✓ Persistence & Privilege

always:false (not force-included). The skill integrates with vmware-policy which writes audit entries to ~/.vmware/audit.db — this is self-contained and expected. The skill suggests MCP integration (so an agent can start a local mcp server that reads the config), which is normal for MCP-capable tools; it does not request to modify other skills or global agent configs beyond instructing users how to add the MCP server.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install vmware-avi
After installation, invoke the skill by name or use /vmware-avi
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.5.15

v1.5.15: single-command MCP entry point (vmware-avi mcp), verify_ssl default true. Legacy entry point kept for backward compat.

v1.5.14

v1.5.14: code review fixes by @yjs-2026 + Snyk E005 disclaimer

v1.5.12

Security & bug fixes from @yjs-2026 code review

v1.5.11

4 AVI 22.x fixes from @timwangbc: analytics POST, error_logs UUID, pool_list inventory, se_health VS count

v1.5.10

Security: python-multipart 0.0.22→0.0.26 (DoS fix)

v1.5.7

Align with VMware skill family v1.5.7

v1.5.6

Critical fixes: mcp_server packaging, FQDN support, analytics empty, duration format. Enhancements: vs_status full details, se_health VS count, pool_list tool.

v1.5.5

Align with VMware skill family v1.5.5

v1.5.4

Security: pytest 9.0.2→9.0.3 (CVE-2025-71176); Align family v1.5.4

v1.5.3

No user-facing changes; internal or metadata-only release. - No file changes detected between previous and current versions.

v1.5.2

No user-visible changes in this release. - Version update only; no file or documentation changes detected.

v1.5.1

vmware-avi 1.5.1 - Added a disclaimer: clearly states this is a community project with no VMware/Broadcom affiliation. - Updated compatibility section to clarify authentication requirements: - AVI Controller requires avisdk and controller-specific password env vars (e.g., PROD_AVI_PASSWORD in ~/.vmware-avi/.env). - AKO tools require kubectl and a valid kubeconfig (read-only access; will not modify kubeconfig files). - Expanded metadata to include KUBECONFIG, kubectl, and per-controller password variables as optional/required. - No user-facing tool changes; documentation and requirements improved for clarity and transparency.

v1.5.0

v1.5.0: Anthropic best practices, [READ]/[WRITE] prefixes, Broadcom attestation

v1.4.10

full tool description rewrite with [READ]/[WRITE], R/W table, Broadcom author attestation

v1.4.9

Security routing fixes and vmware-policy clarity; NSX auth fix for special char passwords

v1.4.8

Security patch: bump cryptography 46.0.6→46.0.7 (CVE-2026-39892), urllib3→2.6.3, requests→2.33.0

v1.4.7

Fix: add vmware-policy optional dep to openclaw metadata

v1.4.6

fix: remove suspicious content for clean scan

v1.4.5

Security: pygments ReDoS CVE fix; Infrastructure: uv.lock for all repos

v1.4.4

v1.4.4: vmware-avi family integration, cross-skill routing, sanitize coverage, safety tests

Metadata

Slug vmware-avi

Version 1.5.15

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 20

Frequently Asked Questions

What is Vmware Avi?

Use this skill whenever the user mentions load balancing, ingress, virtual services, pool members, AVI, NSX ALB, AKO, or application delivery. Also trigger w... It is an AI Agent Skill for Claude Code / OpenClaw, with 399 downloads so far.

How do I install Vmware Avi?

Run "/install vmware-avi" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Vmware Avi free?

Yes, Vmware Avi is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Vmware Avi support?

Vmware Avi is cross-platform and runs anywhere OpenClaw / Claude Code is available (macos, linux).

Who created Vmware Avi?

It is built and maintained by zw008 (@zw008); the current version is v1.5.15.

More Skills