← Back to Skills Marketplace

Vmware Aiops

Name: Vmware Aiops
Author: zw008

by zw008 · GitHub ↗ · v1.5.15 · MIT-0

macoslinux ⚠ suspicious

1058

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install vmware-aiops

Description

Use this skill whenever the user needs to manage VMs in VMware/vSphere/ESXi — it's the entry point for all VM operations. Directly handles: power on/off, clo...

Usage Guidance

This skill appears internally consistent with VMware VM management. Before installing: 1) Verify the package source and checksum on PyPI/GitHub (registry shows 'Source: unknown'); 2) Review the open-source repo (vmware-aiops) to confirm prompt-injection protections, logging behavior, and that passwords are never leaked; 3) Use least-privilege vCenter/ESXi service accounts for the per-target passwords stored in ~/.vmware-aiops/.env and set strict file permissions (chmod 600); 4) Be cautious enabling guest-exec or daemonized scanning in production (these can access VM guest output and host logs); 5) Only enable webhooks to endpoints you control and audit the webhook payload format; 6) Consider testing in an isolated lab before production and pin the tool version when installing from PyPI.

Capability Analysis

Type: OpenClaw Skill Name: vmware-aiops Version: 1.5.15 The skill provides high-privilege administrative control over VMware infrastructure, including the ability to execute arbitrary commands inside guest VMs (vm_guest_exec), upload/download files, and perform destructive batch operations. While these capabilities are aligned with the stated purpose and the documentation highlights safety features like audit logging (via vmware-policy) and double-confirmation for destructive actions, the inherent risk of Remote Code Execution (RCE) and credential management within an AI agent context is significant. Additionally, the inclusion of a background daemon for log scanning and webhook integration (Slack/Discord) in SKILL.md and references/capabilities.md increases the potential attack surface for data exfiltration or unauthorized monitoring if the agent is compromised.

Capability Assessment

✓ Purpose & Capability

The skill is an entry-point for VMware VM lifecycle operations and legitimately requires a vmware-aiops CLI binary, a config YAML, and per-target credentials in ~/.vmware-aiops/.env. The declared optional webhooks and policy/audit integration are consistent with the stated scope. Note: registry metadata shows 'Source: unknown' while SKILL.md points to a GitHub repo and PyPI — verify the package origin before installation.

ℹ Instruction Scope

SKILL.md instructs the agent to run CLI commands that perform destructive VM ops, guest exec/upload/download, datastore browsing, and host log scanning — all within the claimed domain. These behaviors are expected for a VM ops tool, but guest-exec will capture stdout/stderr (potentially sensitive data) and scheduled scans read host logs; the doc claims truncation/sanitization and no credential/PII in webhooks, but you should validate those protections in the source code.

✓ Install Mechanism

The registry entry is instruction-only (no install spec), and the SKILL.md documents installation via 'uv tool install' / PyPI / GitHub. No embedded downloads, extract instructions, or obscure URLs are present in the skill files. Because the skill requires an external binary, confirm you install the intended package from the official GitHub/PyPI source.

✓ Credentials

Required env/config (VMWARE_AIOPS_CONFIG, ~/.vmware-aiops/.env with per-target VMWARE_<TARGET>_PASSWORD) is proportional to a vCenter/ESXi management tool. Optional webhook URLs and an optional vmware-policy binary are reasonable. Ensure per-target passwords are stored with least-privilege service accounts and secure file permissions as recommended (chmod 600).

✓ Persistence & Privilege

The skill does not force persistent inclusion (always:false). It documents an optional daemon for scheduled scanning that only runs when explicitly started and local audit logging to ~/.vmware/audit.db. These are reasonable for the functionality described; confirm you want the daemon enabled before starting it.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install vmware-aiops
After installation, invoke the skill by name or use /vmware-aiops
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.5.15

v1.5.15: single-command MCP entry point (vmware-aiops mcp), verify_ssl default true. Legacy entry point kept for backward compat.

v1.5.14

v1.5.14: code review fixes by @yjs-2026 + Snyk E005 disclaimer

v1.5.12

Security & bug fixes from @yjs-2026 code review

v1.5.11

Align with VMware skill family v1.5.11

v1.5.10

Security: python-multipart 0.0.22→0.0.26 (DoS fix)

v1.5.8

Security fixes (guest_exec injection, tar-bomb, guest SSL) + cli.py split

v1.5.7

Align with VMware skill family v1.5.7

v1.5.6

Fix CRITICAL: mcp_server missing from wheel

v1.5.5

Align with VMware skill family v1.5.5

v1.5.4

Security: pytest 9.0.2→9.0.3 (CVE-2025-71176); Deps: rich <16.0; Align family v1.5.4

v1.5.3

Version 1.5.3 of vmware-aiops - No file changes detected in this release. - Behavior, features, and documentation remain the same as the previous version.

v1.5.2

vmware-aiops v1.5.2 changelog: - Updated compatibility section in SKILL.md to clarify security controls, credential handling, and destructive operations. - Added detailed guidance on per-target credentials, operation auditing, CLI safeguards, and webhook/privacy defaults. - No changes to functionality or interfaces; documentation update only.

v1.5.1

- Added a project disclaimer clarifying community maintenance and lack of official VMware/Broadcom affiliation. - Updated documentation to state "VMware" and "vSphere" are Broadcom trademarks. - Linked the public source code and license for transparency.

v1.5.0

v1.5.0: Anthropic best practices, [READ]/[WRITE] prefixes, Broadcom attestation

v1.4.10

Anthropic best practices: [READ]/[WRITE] tool prefixes, R/W counts, negative routing, Broadcom author attestation

v1.4.9

Security routing fixes and vmware-policy clarity; NSX auth fix for special char passwords

v1.4.8

Security patch: bump cryptography 46.0.6→46.0.7 (CVE-2026-39892), urllib3→2.6.3, requests→2.33.0

v1.4.7

Fix: align openclaw metadata with runtime requirements; standardize audit path to ~/.vmware/audit.db; correct credential env var docs to VMWARE_<TARGET>_PASSWORD convention

v1.4.6

fix: remove suspicious content for clean scan

v1.4.5

Security: pygments ReDoS CVE fix; Infrastructure: uv.lock for all repos

Metadata

Slug vmware-aiops

Version 1.5.15

License MIT-0

All-time Installs 3

Active Installs 3

Total Versions 48

Frequently Asked Questions

What is Vmware Aiops?

Use this skill whenever the user needs to manage VMs in VMware/vSphere/ESXi — it's the entry point for all VM operations. Directly handles: power on/off, clo... It is an AI Agent Skill for Claude Code / OpenClaw, with 1058 downloads so far.

How do I install Vmware Aiops?

Run "/install vmware-aiops" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Vmware Aiops free?

Yes, Vmware Aiops is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Vmware Aiops support?

Vmware Aiops is cross-platform and runs anywhere OpenClaw / Claude Code is available (macos, linux).

Who created Vmware Aiops?

It is built and maintained by zw008 (@zw008); the current version is v1.5.15.

More Skills