← Back to Skills Marketplace
174
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install vmware-policy
Description
Unified audit logging, policy enforcement, and input sanitization for the entire VMware MCP skill family. Use when querying audit logs, managing policy rules...
Usage Guidance
This skill appears to be what it claims: a local audit and policy library that decorates other VMware skills. Before installing: 1) verify the upstream source (github.com/zw008/VMware-Policy) and inspect the published package if you can; 2) ensure ~/.vmware is restricted (chmod 700) and review ~/.vmware/rules.yaml so rules do not inadvertently permit or block operations you care about; 3) confirm that sensitive parameters are declared via sensitive_params to avoid logging secrets, and audit the DB (~/.vmware/audit.db) contents for sensitive data; 4) note the skill detects agent-related env vars (for logging) and honors VMWARE_POLICY_DISABLED for bypass — treat that env var carefully; 5) resolve the minor metadata inconsistency about the install spec (SKILL.md has an installer block but registry says no install spec) by checking the package manifest before install. Overall coherent, but review logging/configuration and the package source before enabling across many skills.
Capability Analysis
Type: OpenClaw Skill
Name: vmware-policy
Version: 1.5.14
The vmware-policy skill serves as a defensive infrastructure layer providing audit logging, policy enforcement, and input sanitization for VMware-related tools. It includes a @vmware_tool decorator for tracking execution, a PolicyEngine for rule-based access control, and a sanitize() function designed to prevent prompt injection from API responses. While it inspects environment variables like OPENAI_API_KEY to identify the calling agent, the documentation explicitly states this is for metadata purposes only and that no credentials are logged or exfiltrated. The behavior is well-documented and aligns with its stated purpose as a security utility.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description match the declared behavior: unified audit logging, policy enforcement, sanitization, and a decorator that wraps other VMware skills. Declared binary (vmware-audit) and config path (~/.vmware/rules.yaml) are consistent with the stated functionality.
Instruction Scope
SKILL.md limits actions to local audit DB, rules file, CLI operations, and decorator/sanitizer use. It does detect AI agent presence via common environment variables and writes audit records (timestamp, skill, tool, params, result, user, agent, etc.) to ~/.vmware/audit.db. That is consistent with an audit system but means parameters/results may be logged locally (sensitive_params are redacted if configured). No instructions to transmit data to external endpoints are present.
Install Mechanism
The skill is instruction-only (no code files) and references installation via the platform 'uv' (installer: kind: uv, package: vmware-policy) which is a low-risk, registry-style mechanism. Minor inconsistency: registry metadata indicates 'No install spec' while SKILL.md contains an 'installer' block. Nothing points to downloads from untrusted URLs or archive extraction.
Credentials
No required credentials are requested. The skill relies on/reads standard env vars for agent detection (CLAUDE_SESSION_ID, OLLAMA_HOST, OPENAI_API_KEY, DEERFLOW_SESSION) and supports VMWARE_POLICY_DISABLED for bypass. This is expected, but because parameters/results are recorded in the audit DB, ensure sensitive parameters are listed in sensitive_params to avoid logging secrets.
Persistence & Privilege
always:false and no unusual persistence flags. The skill is intended to be auto-installed as a dependency across the VMware skill family and to wrap many tools; that increases its influence/attack surface if it were malicious, but the skill itself does not request elevated system-wide privileges or modify other skills' configs. Autonomous invocation is allowed (default) which is expected for skills.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install vmware-policy - After installation, invoke the skill by name or use
/vmware-policy - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.5.14
v1.5.14: code review fixes by @yjs-2026 + Snyk E005 disclaimer
v1.5.0
v1.5.0: Anthropic best practices, [READ]/[WRITE] prefixes, Broadcom attestation
v1.4.10
remove unused VMWARE_POLICY_CONFIG, agent detection transparency, Broadcom author attestation
v1.4.4
v1.4.4: vmware-avi family integration, cross-skill routing, sanitize coverage, safety tests
Metadata
Frequently Asked Questions
What is Vmware Policy?
Unified audit logging, policy enforcement, and input sanitization for the entire VMware MCP skill family. Use when querying audit logs, managing policy rules... It is an AI Agent Skill for Claude Code / OpenClaw, with 174 downloads so far.
How do I install Vmware Policy?
Run "/install vmware-policy" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Vmware Policy free?
Yes, Vmware Policy is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Vmware Policy support?
Vmware Policy is cross-platform and runs anywhere OpenClaw / Claude Code is available (macos, linux).
Who created Vmware Policy?
It is built and maintained by zw008 (@zw008); the current version is v1.5.14.
More Skills