← 返回 Skills 市场

Vmware Aiops

Name: Vmware Aiops
Author: zw008

作者 zw008 · GitHub ↗ · v1.5.15 · MIT-0

macoslinux ⚠ suspicious

1058

总下载

当前安装

版本数

在 OpenClaw 中安装

/install vmware-aiops

功能描述

Use this skill whenever the user needs to manage VMs in VMware/vSphere/ESXi — it's the entry point for all VM operations. Directly handles: power on/off, clo...

安全使用建议

This skill appears internally consistent with VMware VM management. Before installing: 1) Verify the package source and checksum on PyPI/GitHub (registry shows 'Source: unknown'); 2) Review the open-source repo (vmware-aiops) to confirm prompt-injection protections, logging behavior, and that passwords are never leaked; 3) Use least-privilege vCenter/ESXi service accounts for the per-target passwords stored in ~/.vmware-aiops/.env and set strict file permissions (chmod 600); 4) Be cautious enabling guest-exec or daemonized scanning in production (these can access VM guest output and host logs); 5) Only enable webhooks to endpoints you control and audit the webhook payload format; 6) Consider testing in an isolated lab before production and pin the tool version when installing from PyPI.

功能分析

Type: OpenClaw Skill Name: vmware-aiops Version: 1.5.15 The skill provides high-privilege administrative control over VMware infrastructure, including the ability to execute arbitrary commands inside guest VMs (vm_guest_exec), upload/download files, and perform destructive batch operations. While these capabilities are aligned with the stated purpose and the documentation highlights safety features like audit logging (via vmware-policy) and double-confirmation for destructive actions, the inherent risk of Remote Code Execution (RCE) and credential management within an AI agent context is significant. Additionally, the inclusion of a background daemon for log scanning and webhook integration (Slack/Discord) in SKILL.md and references/capabilities.md increases the potential attack surface for data exfiltration or unauthorized monitoring if the agent is compromised.

能力评估

✓ Purpose & Capability

The skill is an entry-point for VMware VM lifecycle operations and legitimately requires a vmware-aiops CLI binary, a config YAML, and per-target credentials in ~/.vmware-aiops/.env. The declared optional webhooks and policy/audit integration are consistent with the stated scope. Note: registry metadata shows 'Source: unknown' while SKILL.md points to a GitHub repo and PyPI — verify the package origin before installation.

ℹ Instruction Scope

SKILL.md instructs the agent to run CLI commands that perform destructive VM ops, guest exec/upload/download, datastore browsing, and host log scanning — all within the claimed domain. These behaviors are expected for a VM ops tool, but guest-exec will capture stdout/stderr (potentially sensitive data) and scheduled scans read host logs; the doc claims truncation/sanitization and no credential/PII in webhooks, but you should validate those protections in the source code.

✓ Install Mechanism

The registry entry is instruction-only (no install spec), and the SKILL.md documents installation via 'uv tool install' / PyPI / GitHub. No embedded downloads, extract instructions, or obscure URLs are present in the skill files. Because the skill requires an external binary, confirm you install the intended package from the official GitHub/PyPI source.

✓ Credentials

Required env/config (VMWARE_AIOPS_CONFIG, ~/.vmware-aiops/.env with per-target VMWARE_<TARGET>_PASSWORD) is proportional to a vCenter/ESXi management tool. Optional webhook URLs and an optional vmware-policy binary are reasonable. Ensure per-target passwords are stored with least-privilege service accounts and secure file permissions as recommended (chmod 600).

✓ Persistence & Privilege

The skill does not force persistent inclusion (always:false). It documents an optional daemon for scheduled scanning that only runs when explicitly started and local audit logging to ~/.vmware/audit.db. These are reasonable for the functionality described; confirm you want the daemon enabled before starting it.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install vmware-aiops
安装完成后，直接呼叫该 Skill 的名称或使用 /vmware-aiops 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.5.15

v1.5.15: single-command MCP entry point (vmware-aiops mcp), verify_ssl default true. Legacy entry point kept for backward compat.

v1.5.14

v1.5.14: code review fixes by @yjs-2026 + Snyk E005 disclaimer

v1.5.12

Security & bug fixes from @yjs-2026 code review

v1.5.11

Align with VMware skill family v1.5.11

v1.5.10

Security: python-multipart 0.0.22→0.0.26 (DoS fix)

v1.5.8

Security fixes (guest_exec injection, tar-bomb, guest SSL) + cli.py split

v1.5.7

Align with VMware skill family v1.5.7

v1.5.6

Fix CRITICAL: mcp_server missing from wheel

v1.5.5

Align with VMware skill family v1.5.5

v1.5.4

Security: pytest 9.0.2→9.0.3 (CVE-2025-71176); Deps: rich <16.0; Align family v1.5.4

v1.5.3

Version 1.5.3 of vmware-aiops - No file changes detected in this release. - Behavior, features, and documentation remain the same as the previous version.

v1.5.2

vmware-aiops v1.5.2 changelog: - Updated compatibility section in SKILL.md to clarify security controls, credential handling, and destructive operations. - Added detailed guidance on per-target credentials, operation auditing, CLI safeguards, and webhook/privacy defaults. - No changes to functionality or interfaces; documentation update only.

v1.5.1

- Added a project disclaimer clarifying community maintenance and lack of official VMware/Broadcom affiliation. - Updated documentation to state "VMware" and "vSphere" are Broadcom trademarks. - Linked the public source code and license for transparency.

v1.5.0

v1.5.0: Anthropic best practices, [READ]/[WRITE] prefixes, Broadcom attestation

v1.4.10

Anthropic best practices: [READ]/[WRITE] tool prefixes, R/W counts, negative routing, Broadcom author attestation

v1.4.9

Security routing fixes and vmware-policy clarity; NSX auth fix for special char passwords

v1.4.8

Security patch: bump cryptography 46.0.6→46.0.7 (CVE-2026-39892), urllib3→2.6.3, requests→2.33.0

v1.4.7

Fix: align openclaw metadata with runtime requirements; standardize audit path to ~/.vmware/audit.db; correct credential env var docs to VMWARE_<TARGET>_PASSWORD convention

v1.4.6

fix: remove suspicious content for clean scan

v1.4.5

Security: pygments ReDoS CVE fix; Infrastructure: uv.lock for all repos

元数据

Slug vmware-aiops

版本 1.5.15

许可证 MIT-0

累计安装 3

当前安装数 3

历史版本数 48

常见问题

Vmware Aiops 是什么？

Use this skill whenever the user needs to manage VMs in VMware/vSphere/ESXi — it's the entry point for all VM operations. Directly handles: power on/off, clo... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 1058 次。

如何安装 Vmware Aiops？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install vmware-aiops」即可一键安装，无需额外配置。

Vmware Aiops 是免费的吗？

是的，Vmware Aiops 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Vmware Aiops 支持哪些平台？

Vmware Aiops 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（macos, linux）。

谁开发了 Vmware Aiops？

由 zw008（@zw008）开发并维护，当前版本 v1.5.15。