← Back to Skills Marketplace
VCF Regulatory Compliance
by
Rohit Kasture
· GitHub ↗
· v1.0.1
· MIT-0
98
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install vcf-compliance-mcp
Description
An MCP server that interfaces with VMware Aria Operations to run regulatory compliance checks (ISO 27001, PCI DSS, CIS, etc.) against the VCF environment.
Usage Guidance
This skill appears to do what it says, but review a few operational-security items before installing: 1) Only provide ARIA_OPS_API_TOKEN that has the minimum privileges needed for read-only compliance queries and rotate the token regularly. 2) Run the MCP server on a host with restricted network access and ensure ARIA_OPS_HOST points to your internal Aria Operations instance (do not point to unknown external hosts). 3) Note server.py disables TLS verification (verify=False) to allow self-signed certs — accept this only if you trust the network path; consider replacing with a CA-trusted cert or enabling verification. 4) Inspect the included server.py yourself (or with your security team) before supplying secrets. 5) If you plan to allow autonomous invocation, be aware the agent could call the tool automatically — restrict token scope and monitor usage/logging.
Capability Analysis
Type: OpenClaw Skill
Name: vcf-compliance-mcp
Version: 1.0.1
The skill contains a security vulnerability in server.py where SSL certificate verification is explicitly disabled (verify=False), which could expose the ARIA_OPS_API_TOKEN to Man-in-the-Middle (MitM) attacks. Additionally, the script includes a hardcoded simulated payload that returns mock compliance data if the API call fails, which might lead an AI agent to report fabricated security status as factual.
Capability Assessment
Purpose & Capability
The skill declares ARIA_OPS_HOST and ARIA_OPS_API_TOKEN and the server.py uses exactly those environment variables to call Aria Operations suite-api endpoints for compliance alerts. Required inputs and the described capability (VCF/Aria compliance checks) are coherent.
Instruction Scope
SKILL.md only instructs installing dependencies and launching the included MCP server with the two Aria env vars. The runtime code only reads those env vars and queries the specified Aria host. Note: the code disables TLS verification (verify=False) and suppresses insecure-cert warnings to accommodate self-signed VCF certs — this is understandable for private infra but is a security consideration (MITM risk) and should be accepted only for trusted internal endpoints.
Install Mechanism
No automated install/download is present; this is instruction-only with a requirements.txt. The user must run pip install -r requirements.txt — no remote arbitrary archive downloads or obscure installers were included.
Credentials
Only ARIA_OPS_HOST and ARIA_OPS_API_TOKEN are required, which are appropriate and proportional for querying VMware Aria Operations. No unrelated secrets, system paths, or extra credentials are requested.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or system-wide configuration changes. It runs as a user-launched MCP server and does not alter other skills or agent-wide settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install vcf-compliance-mcp - After installation, invoke the skill by name or use
/vcf-compliance-mcp - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- Added a homepage link to SKILL.md for easier access to documentation and source.
- Updated version number to 1.0.1.
v1.0.0
- Initial release of vcf-compliance-mcp (version 1.0.0).
- Provides an MCP server to interface with VMware Aria Operations for compliance checks on VCF environments.
- Supports audit reporting for frameworks including ISO 27001, PCI DSS, and CIS.
- Introduces the native get_vcf_compliance_status tool for instant compliance status queries.
- Requires ARIA_OPS_HOST and ARIA_OPS_API_TOKEN environment variables for configuration.
Metadata
Frequently Asked Questions
What is VCF Regulatory Compliance?
An MCP server that interfaces with VMware Aria Operations to run regulatory compliance checks (ISO 27001, PCI DSS, CIS, etc.) against the VCF environment. It is an AI Agent Skill for Claude Code / OpenClaw, with 98 downloads so far.
How do I install VCF Regulatory Compliance?
Run "/install vcf-compliance-mcp" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is VCF Regulatory Compliance free?
Yes, VCF Regulatory Compliance is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does VCF Regulatory Compliance support?
VCF Regulatory Compliance is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created VCF Regulatory Compliance?
It is built and maintained by Rohit Kasture (@kasture-rohit); the current version is v1.0.1.
More Skills