Description

Use this skill whenever the user needs to perform VMware compliance auditing, baseline checking, or drift detection on vSphere/ESXi/NSX environments. Directl...

README (SKILL.md)

VMware Harden (Compliance & Baseline)

Name: Vmware Harden
Author: zw008

Disclaimer: This is a community-maintained open-source project and is not affiliated with, endorsed by, or sponsored by VMware, Inc. or Broadcom Inc. "VMware" and "vSphere" are trademarks of Broadcom. Source code is publicly auditable at github.com/zw008/VMware-Harden under the MIT license.

AI-native VMware compliance scanner — built-in CIS / DISA STIG / vSphere SCG / 等保 2.0 三级 / PCI-DSS baselines, drift detection, LLM-driven remediation advice, and a web dashboard.

Companion skills: vmware-aiops (inventory + collectors data source; host/VM remediation target), vmware-monitor (read-only inspection), vmware-storage (datastore remediation target), vmware-nsx (segment/gateway evidence), vmware-nsx-security (DFW evidence + remediation target), vmware-aria (metrics correlation), vmware-avi (load balancer evidence), vmware-vks (Tanzu Kubernetes evidence), vmware-pilot (remediation execution with approval gates), vmware-policy (audit log). See references/cross-skill-workflows.md for end-to-end remediation flows that span pilot + sibling skills.

What This Skill Does

Category	Tools	Count	Read or Write
Baseline Management	4 built-in baselines (CIS ESXi 8.0, vSphere SCG v8, 等保 2.0 L3, PCI-DSS 4.0) + custom YAML loader	4+N	Read
Scanning	Multi-collector (vCenter, ESXi, NSX, vSAN, K8s) → typed Twin store	1 pipeline	Read (no target writes)
Drift Detection	Snapshot diff, rule status diff, evidence diff	3 types	Read
Remediation Advisor	LLM-driven (Anthropic) suggestions per violation; mock fallback when no key	1 advisor	Read
Web Dashboard	FastAPI + Jinja2 read-only UI for violations / drift / advice	1 server	Read
MCP Server	Compliance query tools	6	All Read

Quick Install

uv tool install vmware-harden
vmware-harden baseline list

For first-time use, ensure a vmware-aiops target is configured (harden uses aiops collectors) and optionally set ANTHROPIC_API_KEY for live remediation advice.

When to Use This Skill

Use vmware-harden when the user needs to:

Run a compliance scan against CIS / DISA STIG / vSphere SCG / 等保 2.0 三级 / PCI-DSS
Author or import a custom YAML baseline (e.g., internal corporate baseline)
Detect drift between two scans of the same target
Get AI-suggested remediation steps for a violation (advice only — does not execute)
Browse a web dashboard of compliance posture across multiple targets

Do NOT use this skill when:

The task is general vCenter/ESXi monitoring or read-only inspection → use vmware-monitor
The task is VM lifecycle, snapshots, or guest operations → use vmware-aiops
The user wants to actually execute a remediation (set advanced setting, change DFW rule, etc.) → use vmware-pilot (multi-step approval-gated workflow)
The task is purely NSX networking/segments → use vmware-nsx

Related Skills — Skill Routing

User Intent	Recommended Skill
"Scan ESXi for CIS compliance"	vmware-harden ← this skill
"Check 等保 2.0 三级"	vmware-harden
"What changed since last week?" (drift)	vmware-harden
"Fix this violation now"	vmware-pilot (approval-gated execution)
"List VMs / hosts / alarms"	vmware-monitor
"Reconfigure / power / migrate VM"	vmware-aiops
"Edit DFW rule"	vmware-nsx-security
"Browse audit log"	vmware-policy (`vmware-audit log`)

Common Workflows

1. First-time scan with 等保 2.0 三级

Install: uv tool install vmware-harden
Verify aiops is configured: vmware-aiops doctor — harden reuses aiops connection for the vCenter collector
List baselines: vmware-harden baseline list — confirm dengbao-2.0-level3-vmware is present
Scan: vmware-harden scan --baseline dengbao-2.0-level3-vmware --target prod-vcenter
Report: vmware-harden report --format json > violations.json (or vmware-harden web for the rendered dashboard)

Failure branch: If you see ConnectError: vmware-aiops target not found, the aiops side is not configured. Run vmware-aiops init first; harden cannot scan without a working collector.

2. Custom baseline import + scan

Author YAML under ~/.vmware-harden/baselines/my-corp.yaml (see references for schema)
Validate: vmware-harden baseline validate ~/.vmware-harden/baselines/my-corp.yaml
Import: vmware-harden baseline import ~/.vmware-harden/baselines/my-corp.yaml
Scan: vmware-harden scan --baseline my-corp --target prod-vcenter

Failure branch: baseline validate failure usually means a check.path references a node type the collectors do not produce (e.g. nsx.gateway.* when no NSX collector ran). See references/cli-reference.md for valid node paths and the baseline schema.

3. Drift investigation

Run scan today: vmware-harden scan --target prod-vcenter --baseline cis-vmware-esxi-8.0-subset
Run scan again next week (or after a change window): same command
View drift: vmware-harden drift (renders the latest snapshot vs its prior snapshot for the same target)
Get advice on critical drift: vmware-harden advise --violation-id \x3Cid> or vmware-harden advise --all-critical (uses ANTHROPIC_API_KEY; falls back to mock template if unset)
Open web view: vmware-harden web --port 8080 then navigate to /drift

Failure branch: If vmware-harden drift reports No drift detected since previous snapshot, both scans likely ran against the same state. Ensure two scans actually completed against the same --target; the Twin DB at ~/.vmware-harden/twin.duckdb must contain at least two snapshots for that target.

Usage Mode

Scenario	Recommended	Why
Local CLI scans by an operator	CLI	Direct, scripts well into CI
AI agent integration	MCP	6 read-only tools, structured responses
Reviewing posture interactively	Web	`vmware-harden web` — sortable tables, drift timeline
CI/CD pipeline gates	CLI	Exit code reflects compliance pass/fail

MCP Tools (6 — 6 read, 0 write)

Category	Tool	Description
Baseline	`list_baselines`	All built-in + imported baselines (id, framework, version)
Baseline	`get_baseline_rules`	Rules for a given baseline_id (severity, references)
Violation	`list_violations`	Current violations, filterable by severity
Violation	`get_remediation`	Remediation suggestion for a violation_id (LLM or mock)
Drift	`list_drift_events`	Recent drift events from snapshot diff
Scan	`scan_target`	Trigger a scan against a target (read-only on the target)

All 6 tools are read-only with respect to vSphere/NSX. Writes to the local Twin DuckDB are scan-internal and do not modify any VMware resource. Actual remediation execution is intentionally deferred to vmware-pilot (approval-gated).

CLI Quick Reference

vmware-harden baseline list
vmware-harden baseline import \x3Cpath>
vmware-harden baseline validate \x3Cpath>
vmware-harden scan --baseline \x3Cid> --target \x3Cname>
vmware-harden report [--format text|json]
vmware-harden drift [--format text|json]
vmware-harden advise (--violation-id \x3Cid> | --all-critical)
vmware-harden web [--host 127.0.0.1] [--port 8080]

Full CLI reference: see references/cli-reference.md Full capabilities table with response token estimates: see references/capabilities.md

Troubleshooting

"vmware-aiops target not found" / collectors return empty

Harden does not connect to vCenter directly — it relies on vmware-aiops collectors. Run vmware-aiops doctor and confirm the --target name matches an aiops target.

`ANTHROPIC_API_KEY` not set — advice looks generic

The advisor falls back to a deterministic mock template when no API key is present. Set export ANTHROPIC_API_KEY=... in your shell or in ~/.vmware-harden/.env for live LLM-driven suggestions.

`uvx` reports "UnknownIssuer" behind a corporate TLS proxy

Don't use uvx for the MCP server in this environment. Use the entry point installed by uv tool install:

{
  "command": "vmware-harden-mcp",
  "args": []
}

This avoids uvx re-resolving PyPI through the corporate MitM proxy. As a workaround, UV_NATIVE_TLS=true lets uv use the system CA store. See CLAUDE.md 踩坑 #25.

"Twin DB not found" on first MCP call

Run at least one scan first: vmware-harden scan --baseline cis-vmware-esxi-8.0-subset --target \x3Ct>. The DuckDB file is created on first scan at ~/.vmware-harden/twin.duckdb (override with VMWARE_HARDEN_DB).

等保 baseline rules are not firing (all checks "skipped")

The 等保 baseline references node types from multiple collectors (vCenter advanced settings + ESXi NTP + NSX DFW). If only the vCenter collector ran, rules referencing nsx.* paths skip with status "no evidence". Run a scan with all collectors enabled, or filter the baseline to only the relevant rules.

Web dashboard shows 0 violations even after a scan

Verify the dashboard is reading the same DuckDB. If VMWARE_HARDEN_DB is set in your shell but not in the systemd/launchd unit running vmware-harden web, the web server reads the default ~/.vmware-harden/twin.duckdb while your scans wrote elsewhere.

Audit & Safety

Source code: github.com/zw008/VMware-Harden — MIT license, publicly auditable.
Config / state files: custom baselines in ~/.vmware-harden/baselines/*.yaml; Twin DuckDB at ~/.vmware-harden/twin.duckdb. No passwords are stored — all credentials live in the upstream skill (~/.vmware-aiops/.env).
Webhook data scope: none. Harden makes no outbound network calls other than (a) optional Anthropic API requests when ANTHROPIC_API_KEY is set for advisor suggestions, and (b) the local web dashboard bound to 127.0.0.1 by default.
TLS verification: harden does not connect to vCenter/NSX directly — TLS handling is delegated to vmware-aiops. The advisor's HTTPS calls to api.anthropic.com use system TLS verification (no opt-out).
Prompt injection protection: advisor LLM context is built exclusively from typed Twin queries (rule id, severity, evidence dict) — no free-text user input is forwarded. Evidence text passes through _sanitize() (truncate ≤500 chars, strip C0/C1 control characters).
Least privilege: all 6 MCP tools are read-only. Remediation execution is intentionally not exposed — agents that need to apply a fix must invoke vmware-pilot, which provides approval gates and audit logging.

All MCP operations are audited via the @vmware_tool decorator (vmware-policy dependency) to ~/.vmware/audit.db. View with vmware-audit log --last 20.

Full setup / security / AI platform compatibility: see references/setup-guide.md

License

MIT — github.com/zw008/VMware-Harden

Usage Guidance

Install only after verifying the external vmware-harden package and source. Use read-only VMware credentials where possible, run scans intentionally, protect the local DuckDB/audit files, and enable Anthropic-backed advice only if your organization permits sending compliance evidence to that provider.

Capability Analysis

Type: OpenClaw Skill Name: vmware-harden Version: 1.5.18 The vmware-harden skill is a well-documented compliance auditing tool for VMware environments that follows strong security principles, including least privilege and separation of concerns. It provides read-only MCP tools for scanning and drift detection, while intentionally deferring remediation execution to a separate skill (vmware-pilot) to ensure human-in-the-loop approval. The bundle includes explicit prompt-injection protections (sanitizing evidence data), audit logging via the @vmware_tool decorator, and clear instructions that restrict the agent's scope to auditing rather than modification.

Capability Tags

requires-sensitive-credentials

Capability Assessment

ℹ Purpose & Capability

The stated purpose, VMware compliance scanning and drift detection, matches the documented scan/report/advise/dashboard capabilities. The skill repeatedly states that managed VMware resources are read-only, while remediation is routed to separate approval-gated VMware skills.

ℹ Instruction Scope

The instructions use Bash/Read/Write for expected CLI workflows. The scan path is documented as potentially heavy live VMware/NSX collector I/O and should be run deliberately rather than in loops.

ℹ Install Mechanism

The skill is instruction-only in the supplied artifacts and installs/runs an external uv/PyPI package, so the package code itself was not reviewed here.

ℹ Credentials

Access to VMware/NSX evidence and optional Anthropic advice is proportionate to compliance auditing, but these are sensitive enterprise data flows that users should scope carefully.

ℹ Persistence & Privilege

The skill persists snapshots, violations, drift, suggestions, and imported baselines in local files. This is disclosed and purpose-aligned, but the stored posture data may be sensitive.

Version History

v1.5.18

v1.5.18: GA family promotion + EU NIS2 + BSI IT-Grundschutz baselines + doctor command (6 baselines / 87 rules total)

v1.0.1

v1.0.1: add mcp-name marker for MCP Registry ownership validation; functionally identical to 1.0.0

v1.0.0

v1.0 first public release: M1 (Twin) + M2 (4 baselines, drift, web) + M3 (Remediation Advisor, real MCP server, family integration)

Metadata

Slug vmware-harden

Version 1.5.18

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 3

Frequently Asked Questions

What is Vmware Harden?

Use this skill whenever the user needs to perform VMware compliance auditing, baseline checking, or drift detection on vSphere/ESXi/NSX environments. Directl... It is an AI Agent Skill for Claude Code / OpenClaw, with 63 downloads so far.

How do I install Vmware Harden?

Run "/install vmware-harden" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Vmware Harden free?

Yes, Vmware Harden is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Vmware Harden support?

Vmware Harden is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Vmware Harden?

It is built and maintained by zw008 (@zw008); the current version is v1.5.18.

More Skills

Vmware Harden