← Back to Skills Marketplace
999
Downloads
1
Stars
0
Active Installs
43
Versions
Install in OpenClaw
/install vmware-monitor
Description
Use this skill for safe, risk-free queries of VMware infrastructure — code-level enforced safety means no destructive operations exist in the codebase. Direc...
Usage Guidance
Before installing/using this skill: 1) Verify the package source and publisher: confirm the PyPI package and GitHub repo (https://github.com/zw008/VMware-Monitor) match and review recent commits/maintainers. 2) Confirm the installer path you plan to use (PyPI vs GitHub vs npx) and prefer pinned versions from a trusted index. 3) Inspect the code (or ask for a vetted review) to ensure no unexpected network callbacks or write operations exist — SKILL.md claims read-only but you should validate. 4) Use least-privilege vCenter accounts (read-only) for monitoring; do not store highly privileged credentials in the .env. 5) Ensure ~/.vmware-monitor/.env is chmod 600 and that you are comfortable with an audit DB at ~/.vmware/audit.db. 6) Disable or carefully configure webhooks; only point them to endpoints you control and verify payload contents in a test environment. 7) Clarify the metadata inconsistencies (manifest says no install spec but SKILL.md lists installer; primaryEnv points to a config path) with the publisher before trusting in production. If you cannot validate the package origin and code, treat it as untrusted and avoid installing with production credentials.
Capability Analysis
Type: OpenClaw Skill
Name: vmware-monitor
Version: 1.5.15
The vmware-monitor skill is a comprehensive read-only infrastructure monitoring tool for VMware vCenter and ESXi environments. It demonstrates strong security awareness by including built-in prompt injection mitigation (wrapping vSphere data in boundary markers), mandatory audit logging via the vmware-policy dependency, and explicit warnings against disabling SSL verification in production. All tools and CLI commands (found in SKILL.md and cli-reference.md) are strictly limited to data retrieval and monitoring, with no evidence of destructive capabilities, unauthorized data exfiltration, or malicious intent.
Capability Assessment
Purpose & Capability
Name/description (read-only VMware monitoring) aligns with required binaries (vmware-monitor), config paths (~/.vmware-monitor/config.yaml, .env), and declared optional webhooks. The per-target password pattern in .env is expected for querying targets. Minor inconsistency: primaryEnv is set to VMWARE_MONITOR_CONFIG (a config file path) rather than a secret credential, which is unusual but not necessarily dangerous.
Instruction Scope
SKILL.md instructions confine actions to read-only queries, listing, health checks, and an opt-in daemon scanner. Instructions reference only the declared config files and per-target env vars. It explicitly warns about safety, suggests chmod 600 for the .env file, and says the daemon is user-started only. No instructions ask the agent to read unrelated system files or exfiltrate secrets.
Install Mechanism
Registry metadata says 'No install spec — instruction-only', but SKILL.md includes an installer block and recommends multiple install routes (uv tool install / PyPI, GitHub clone, npx, clawhub). Installing from PyPI or GitHub is common but has moderate risk; the manifest inconsistency (no declared install spec vs SKILL.md listing an installer) should be clarified. Multiple install methods and repository sources are normal but worth verifying the package origin and maintainer identity before installing.
Credentials
The skill requires VMWARE_MONITOR_CONFIG and expects per-target VMWARE_<TARGET>_PASSWORD entries stored in ~/.vmware-monitor/.env — this is coherent for a tool that connects to vCenter/ESXi. Optional webhook envs are justified by the daemon notification feature. Concern: primaryEnv is declared as VMWARE_MONITOR_CONFIG (a config file path) rather than a credential, which is atypical and may indicate metadata inaccuracy. Also verify that storing passwords in .env is acceptable for your environment and protected with proper filesystem permissions.
Persistence & Privilege
always:false and explicit user-initiated daemon are appropriate. The skill does not request system-wide persistence or modifications to other skills. It documents an audit DB at ~/.vmware/audit.db (via vmware-policy dependency) — verify that location and permissions meet your policy.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install vmware-monitor - After installation, invoke the skill by name or use
/vmware-monitor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.5.15
v1.5.15: single-command MCP entry point (vmware-monitor mcp), verify_ssl default true. Legacy entry point kept for backward compat.
v1.5.14
v1.5.14: code review fixes by @yjs-2026 + Snyk E005 disclaimer
v1.5.12
Security & bug fixes from @yjs-2026 code review
v1.5.11
Align with VMware skill family v1.5.11
v1.5.10
Security: python-multipart 0.0.22→0.0.26 (DoS fix)
v1.5.8
Align with VMware skill family v1.5.8
v1.5.7
Align with VMware skill family v1.5.7
v1.5.6
Fix CRITICAL: mcp_server missing from wheel
v1.5.5
Align with VMware skill family v1.5.5
v1.5.4
Security: pytest 9.0.2→9.0.3 (CVE-2025-71176); Deps: rich <16.0; Align family v1.5.4
v1.5.3
No user-facing changes in this version.
- No file changes detected since the previous release.
- Behavior, features, and documentation remain unchanged.
v1.5.2
No file changes detected for version 1.5.2.
- No updates or modifications were made to this release.
- All functionality remains unchanged from the previous version.
v1.5.1
- Added legal disclaimer clarifying this project is community-maintained and not affiliated with or endorsed by VMware/Broadcom.
- Updated compatibility section: clarified credential requirements and details on environment variable names for vCenter/ESXi targets.
- Provided visibility into webhook usage: clarified that Slack/Discord webhook URLs are user-configured and only used by the opt-in daemon for alert summaries, not for transmitting sensitive data.
- Stated that the background monitoring daemon is user-initiated and never auto-started.
- No changes to CLI commands, features, or capabilities.
v1.5.0
v1.5.0: Anthropic best practices, [READ]/[WRITE] prefixes, Broadcom attestation
v1.4.10
Anthropic best practices: [READ]/[WRITE] prefixes, limit params, Broadcom author attestation
v1.4.9
Security routing fixes and vmware-policy clarity; NSX auth fix for special char passwords
v1.4.8
Security patch: bump cryptography 46.0.6→46.0.7 (CVE-2026-39892), urllib3→2.6.3, requests→2.33.0
v1.4.7
Fix: align openclaw metadata with runtime requirements; standardize audit path to ~/.vmware/audit.db; correct credential env var docs to VMWARE_<TARGET>_PASSWORD convention
v1.4.6
fix: remove suspicious content for clean scan
v1.4.5
Security: pygments ReDoS CVE fix; Infrastructure: uv.lock for all repos
Metadata
Frequently Asked Questions
What is Vmware Monitor?
Use this skill for safe, risk-free queries of VMware infrastructure — code-level enforced safety means no destructive operations exist in the codebase. Direc... It is an AI Agent Skill for Claude Code / OpenClaw, with 999 downloads so far.
How do I install Vmware Monitor?
Run "/install vmware-monitor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Vmware Monitor free?
Yes, Vmware Monitor is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Vmware Monitor support?
Vmware Monitor is cross-platform and runs anywhere OpenClaw / Claude Code is available (macos, linux).
Who created Vmware Monitor?
It is built and maintained by zw008 (@zw008); the current version is v1.5.15.
More Skills