← Back to Skills Marketplace

Vmware Nsx Security

Name: Vmware Nsx Security
Author: zw008

by zw008 · GitHub ↗ · v1.5.15 · MIT-0

macoslinux ✓ Security Clean

436

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install vmware-nsx-security

Description

Use this skill whenever the user needs to manage VMware NSX security — distributed firewall (DFW) policies, security groups, microsegmentation, and IDS/IPS....

Usage Guidance

This skill appears coherent for managing NSX security, but take normal precautions before installing: verify the uv package origin (review the linked GitHub repo and package on the registry), ensure the NSX account used has only the necessary permissions (least privilege), store ~/.vmware-nsx-security/.env securely (chmod 600) and avoid putting highly privileged global admin credentials there, and confirm that vmware-policy (the stated dependency that writes ~/.vmware/audit.db) is trustworthy. Also be aware the tool will make HTTPS calls to your configured NSX Managers (required for its functionality). If you need higher assurance, ask for the package source tarball, inspect its code, or run it in an isolated environment first.

Capability Analysis

Type: OpenClaw Skill Name: vmware-nsx-security Version: 1.5.15 The vmware-nsx-security skill bundle is a well-documented toolset for managing VMware NSX security features like distributed firewalls, security groups, and IDPS. It includes significant safety and security features, such as mandatory audit logging to a local SQLite database via the 'vmware-policy' dependency, input sanitization for API-sourced strings, and 'dry-run' modes for destructive operations. The instructions in SKILL.md are focused on legitimate administrative tasks, and the credential management strategy (using environment variables and .env files with restricted permissions) follows security best practices.

Capability Assessment

✓ Purpose & Capability

Name/description, required binary (vmware-nsx-security), required env var (VMWARE_NSX_SECURITY_CONFIG), and required config paths (~/.vmware-nsx-security/config.yaml and .env) all align with managing NSX distributed firewall, groups, tags, traceflow and IDPS. Companion skills and exclusions (networking, VM lifecycle) are clearly documented.

✓ Instruction Scope

SKILL.md instructs the agent to run the vmware-nsx-security CLI and to read the local config and .env for per-target passwords; workflows, dry-run options, and doctor checks are narrowly scoped to NSX security tasks. It does not instruct the agent to read unrelated system files or exfiltrate data to external endpoints. It does require network access to configured NSX Manager hosts (HTTPS/443), which is expected.

ℹ Install Mechanism

The package is intended to be installed via the 'uv' tool (uv tool install vmware-nsx-security) per SKILL.md. The registry metadata shows no separate install spec, but the SSH/HTTP download risk is low if you install from a trusted source. As with any third-party CLI, installing an untrusted package from a public registry carries typical supply-chain risks; review the GitHub source and package origin before installing.

✓ Credentials

Requested environment/config artifacts are proportional: a config path env (VMWARE_NSX_SECURITY_CONFIG) and per-target password variables (recommended in ~/.vmware-nsx-security/.env) are appropriate for managing NSX managers. The primaryEnv is the config-path env var (not a raw secret) — per-target passwords are expected and documented. The skill requires access to files that contain secrets (.env) which is reasonable for the function but should be protected (chmod 600).

✓ Persistence & Privilege

The skill does not request always:true or any system-wide persistent privileges. It documents an audit DB (~/.vmware/audit.db) and an on-demand MCP stdio transport; no background services or modifications to other skills are described. Autonomous invocation by the agent is allowed (platform default) but not exceptional for this type of skill.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install vmware-nsx-security
After installation, invoke the skill by name or use /vmware-nsx-security
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.5.15

v1.5.15: single-command MCP entry point (vmware-nsx-security mcp), verify_ssl default true. Legacy entry point kept for backward compat.

v1.5.14

v1.5.14: code review fixes by @yjs-2026 + Snyk E005 disclaimer

v1.5.12

Security & bug fixes from @yjs-2026 code review

v1.5.11

Align with VMware skill family v1.5.11

v1.5.10

Security: python-multipart 0.0.22→0.0.26 (DoS fix)

v1.5.8

Fix: scope SSL warning suppression

v1.5.7

Align with VMware skill family v1.5.7

v1.5.6

Align with VMware skill family v1.5.6

v1.5.5

Fix: missing import re in traceflow, switch auth to form-body for special char passwords

v1.5.4

Security: pytest 9.0.2→9.0.3 (CVE-2025-71176); Align family v1.5.4

v1.5.3

## vmware-nsx-security 1.5.3 - No file or SKILL.md content changes detected in this version. - No new features, fixes, or breaking changes reported.

v1.5.2

## VMware NSX Security Skill 1.5.2 - Added a clear open-source project disclaimer (not affiliated with VMware/Broadcom) to SKILL.md. - Expanded and clarified compatibility notes: - Each NSX Manager target password must be set as a specific environment variable (pattern: VMWARE_<TARGET>_PASSWORD). - Passwords are never logged or echoed. - Destructive operations (DFW policy/group delete, IDS/IPS config) have added safeguards or double confirmation. - Clarified the absence of webhooks, outbound network, or guest operations; all actions are local via NSX Policy API. - Noted that only vmware-policy is a transitive dependency, with no post-install scripts or background services. - No tool, functionality, or command-line usage changes; documentation-only update.

v1.5.0

v1.5.0: Anthropic best practices, [READ]/[WRITE] prefixes, Broadcom attestation

v1.4.10

Anthropic best practices: [READ]/[WRITE] prefixes, negative routing, Broadcom author attestation

v1.4.9

Security routing fixes and vmware-policy clarity; NSX auth fix for special char passwords

v1.4.8

Security patch: bump cryptography 46.0.6→46.0.7 (CVE-2026-39892), urllib3→2.6.3, requests→2.33.0

v1.4.7

Fix: align openclaw metadata; add .env config and vmware-policy optional dep; standardize audit path to ~/.vmware/audit.db

v1.4.6

fix: remove suspicious content for clean scan

v1.4.5

Security: pygments ReDoS CVE fix; Infrastructure: uv.lock for all repos

v1.4.4

v1.4.4: vmware-avi family integration, cross-skill routing, sanitize coverage, safety tests

Metadata

Slug vmware-nsx-security

Version 1.5.15

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 23

Frequently Asked Questions

What is Vmware Nsx Security?

Use this skill whenever the user needs to manage VMware NSX security — distributed firewall (DFW) policies, security groups, microsegmentation, and IDS/IPS.... It is an AI Agent Skill for Claude Code / OpenClaw, with 436 downloads so far.

How do I install Vmware Nsx Security?

Run "/install vmware-nsx-security" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Vmware Nsx Security free?

Yes, Vmware Nsx Security is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Vmware Nsx Security support?

Vmware Nsx Security is cross-platform and runs anywhere OpenClaw / Claude Code is available (macos, linux).

Who created Vmware Nsx Security?

It is built and maintained by zw008 (@zw008); the current version is v1.5.15.

More Skills