← Back to Skills Marketplace
192
Downloads
0
Stars
0
Active Installs
8
Versions
Install in OpenClaw
/install vmware-pilot
Description
Use this skill whenever the user wants to design, execute, or manage complex multi-step VMware workflows with human approval and automatic rollback. Pilot is...
Usage Guidance
This package looks like a legitimate local orchestration layer for multi-step VMware workflows, but review a few items before installing or granting it access: 1) Clarify VMWARE_PILOT_CONFIG: what exact value (file path, token, JSON) does it expect? The SKILL.md's claim of 'no config' conflicts with the declared required env var. 2) Understand audit persistence: Pilot will log every tool call and its parameters to ~/.vmware/audit.db — those logs could contain sensitive identifiers or parameters passed from companion skills. If that is unacceptable, do not enable the skill or ensure the audit DB is protected/rotated. 3) Verify provenance: install the vmware-pilot-mcp binary only from a trusted source (validate the GitHub repo, release signatures if available). 4) Test in an isolated environment first: install and run with dry-run templates and without connecting companion skills to confirm observed behavior (file creation under ~/.vmware, DB contents, exact use of VMWARE_PILOT_CONFIG). 5) Confirm companion skills' configs are stored and handled securely (they hold the actual vCenter/NSX credentials). If you cannot confirm what VMWARE_PILOT_CONFIG contains or you cannot trust the vmware-pilot-mcp binary source, treat this skill as untrusted.
Capability Analysis
Type: OpenClaw Skill
Name: vmware-pilot
Version: 1.5.14
The vmware-pilot skill bundle is a well-documented orchestration layer for VMware environments, designed to coordinate multi-step workflows across several specialized skills (aiops, nsx, monitor, etc.). It incorporates significant safety features, including human-in-the-loop approval gates for destructive operations, automatic rollback capabilities, and mandatory audit logging via the vmware-policy dependency. The included scripts (scripts/validate_workflow.py and scripts/list_available_tools.py) are utility tools for workflow validation and discovery, and the overall architecture emphasizes security through delegation and persistence without requiring direct infrastructure credentials.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description (multi-skill VMware orchestration with approval gates and rollback) aligns with the provided files: SKILL.md documents an MCP server, lists companion skills, templates, and orchestration tools. Required binary 'vmware-pilot-mcp' and references to companion skills are appropriate for an orchestration layer.
Instruction Scope
Runtime instructions and references are largely scoped to orchestration: design_workflow/plan_workflow/run_workflow, approval gates, and delegation to companion skills. However, the skill instructs the agent to read and hot-load user files from ~/.vmware/workflows/, persist state to ~/.vmware/workflows.db and ~/.vmware/audit.db, and log full tool calls/parameters — these are expected for a workflow orchestrator but do give the skill access to user home data and cause persistent recording of potentially sensitive parameters passed through workflows.
Install Mechanism
Registry metadata says 'No install spec' but the SKILL.md includes pip/uvx install instructions and an 'installer: kind: uv' header. This is not dangerous by itself but is an inconsistency to clarify: if you plan to install, ensure you install from the official/expected source (the GitHub repo is cited) and verify the vmware-pilot-mcp binary provenance.
Credentials
The skill declares a required environment variable and primary credential VMWARE_PILOT_CONFIG, but SKILL.md also claims 'Pilot has no config file of its own. No credentials stored.' This is contradictory — you should confirm what VMWARE_PILOT_CONFIG holds (path, token, or JSON). Also, because Pilot logs tool calls/parameters to an audit DB, parameters forwarded from companion skills (which may include sensitive credentials or identifiers) could be persisted. The single env var requested is plausible for an orchestrator, but the lack of clarity about its content is a concern.
Persistence & Privilege
The skill persists state and audit logs under ~/.vmware/ (workflows.db, audit.db) and supports hot-loaded templates from ~/.vmware/workflows/. This is normal for an orchestrator but gives it persistent local presence and access to the user's home directory. The skill is not marked 'always: true' and does not request system-wide changes beyond its own directories, which is appropriate; still, persistent logging of parameters raises data-exposure considerations.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install vmware-pilot - After installation, invoke the skill by name or use
/vmware-pilot - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.5.14
v1.5.14: code review fixes by @yjs-2026 + Snyk E005 disclaimer
v1.5.3
vmware-pilot 1.5.3
- Documentation update only; no code or functional changes.
- SKILL.md refreshed with existing workflows, scenarios, and companion skills.
- No changes to installer, compatibility, or tool definitions.
- Upgrade is optional for current users.
v1.5.2
vmware-pilot 1.5.2
- Expanded compatibility section to clarify orchestration model (no direct vCenter/NSX credentials, no webhooks, no background services).
- Added clearer description of state persistence, approval gates, and rollback behavior.
- Explicitly listed transitive dependency (only vmware-policy) and reaffirmed no post-install scripts.
- Updated compatibility notes to highlight that companion skills handle their own authentication.
- No changes to workflow logic or APIs; documentation improvements only.
v1.5.1
- Added a disclaimer clarifying that this project is community-maintained, open-source, and not affiliated with or endorsed by VMware, Inc. or Broadcom Inc.
- Mentioned the MIT license and linked the GitHub repository in the disclaimer.
- No changes to features, templates, or technical functionality.
v1.5.0
v1.5.0: Anthropic best practices, [READ]/[WRITE] prefixes, Broadcom attestation
v1.4.10
Anthropic best practices: [READ]/[WRITE] prefixes, Broadcom author attestation
v1.4.9
Security routing fixes and vmware-policy clarity; NSX auth fix for special char passwords
v1.4.4
v1.4.4: vmware-avi family integration, cross-skill routing, sanitize coverage, safety tests
Metadata
Frequently Asked Questions
What is Vmware Pilot?
Use this skill whenever the user wants to design, execute, or manage complex multi-step VMware workflows with human approval and automatic rollback. Pilot is... It is an AI Agent Skill for Claude Code / OpenClaw, with 192 downloads so far.
How do I install Vmware Pilot?
Run "/install vmware-pilot" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Vmware Pilot free?
Yes, Vmware Pilot is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Vmware Pilot support?
Vmware Pilot is cross-platform and runs anywhere OpenClaw / Claude Code is available (macos, linux).
Who created Vmware Pilot?
It is built and maintained by zw008 (@zw008); the current version is v1.5.14.
More Skills