← 返回 Skills 市场

Vmware Monitor

Name: Vmware Monitor
Author: zw008

作者 zw008 · GitHub ↗ · v1.5.15 · MIT-0

macoslinux ⚠ suspicious

999

总下载

当前安装

版本数

在 OpenClaw 中安装

/install vmware-monitor

功能描述

Use this skill for safe, risk-free queries of VMware infrastructure — code-level enforced safety means no destructive operations exist in the codebase. Direc...

安全使用建议

Before installing/using this skill: 1) Verify the package source and publisher: confirm the PyPI package and GitHub repo (https://github.com/zw008/VMware-Monitor) match and review recent commits/maintainers. 2) Confirm the installer path you plan to use (PyPI vs GitHub vs npx) and prefer pinned versions from a trusted index. 3) Inspect the code (or ask for a vetted review) to ensure no unexpected network callbacks or write operations exist — SKILL.md claims read-only but you should validate. 4) Use least-privilege vCenter accounts (read-only) for monitoring; do not store highly privileged credentials in the .env. 5) Ensure ~/.vmware-monitor/.env is chmod 600 and that you are comfortable with an audit DB at ~/.vmware/audit.db. 6) Disable or carefully configure webhooks; only point them to endpoints you control and verify payload contents in a test environment. 7) Clarify the metadata inconsistencies (manifest says no install spec but SKILL.md lists installer; primaryEnv points to a config path) with the publisher before trusting in production. If you cannot validate the package origin and code, treat it as untrusted and avoid installing with production credentials.

功能分析

Type: OpenClaw Skill Name: vmware-monitor Version: 1.5.15 The vmware-monitor skill is a comprehensive read-only infrastructure monitoring tool for VMware vCenter and ESXi environments. It demonstrates strong security awareness by including built-in prompt injection mitigation (wrapping vSphere data in boundary markers), mandatory audit logging via the vmware-policy dependency, and explicit warnings against disabling SSL verification in production. All tools and CLI commands (found in SKILL.md and cli-reference.md) are strictly limited to data retrieval and monitoring, with no evidence of destructive capabilities, unauthorized data exfiltration, or malicious intent.

能力评估

ℹ Purpose & Capability

Name/description (read-only VMware monitoring) aligns with required binaries (vmware-monitor), config paths (~/.vmware-monitor/config.yaml, .env), and declared optional webhooks. The per-target password pattern in .env is expected for querying targets. Minor inconsistency: primaryEnv is set to VMWARE_MONITOR_CONFIG (a config file path) rather than a secret credential, which is unusual but not necessarily dangerous.

✓ Instruction Scope

SKILL.md instructions confine actions to read-only queries, listing, health checks, and an opt-in daemon scanner. Instructions reference only the declared config files and per-target env vars. It explicitly warns about safety, suggests chmod 600 for the .env file, and says the daemon is user-started only. No instructions ask the agent to read unrelated system files or exfiltrate secrets.

ℹ Install Mechanism

Registry metadata says 'No install spec — instruction-only', but SKILL.md includes an installer block and recommends multiple install routes (uv tool install / PyPI, GitHub clone, npx, clawhub). Installing from PyPI or GitHub is common but has moderate risk; the manifest inconsistency (no declared install spec vs SKILL.md listing an installer) should be clarified. Multiple install methods and repository sources are normal but worth verifying the package origin and maintainer identity before installing.

ℹ Credentials

The skill requires VMWARE_MONITOR_CONFIG and expects per-target VMWARE_<TARGET>_PASSWORD entries stored in ~/.vmware-monitor/.env — this is coherent for a tool that connects to vCenter/ESXi. Optional webhook envs are justified by the daemon notification feature. Concern: primaryEnv is declared as VMWARE_MONITOR_CONFIG (a config file path) rather than a credential, which is atypical and may indicate metadata inaccuracy. Also verify that storing passwords in .env is acceptable for your environment and protected with proper filesystem permissions.

✓ Persistence & Privilege

always:false and explicit user-initiated daemon are appropriate. The skill does not request system-wide persistence or modifications to other skills. It documents an audit DB at ~/.vmware/audit.db (via vmware-policy dependency) — verify that location and permissions meet your policy.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install vmware-monitor
安装完成后，直接呼叫该 Skill 的名称或使用 /vmware-monitor 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.5.15

v1.5.15: single-command MCP entry point (vmware-monitor mcp), verify_ssl default true. Legacy entry point kept for backward compat.

v1.5.14

v1.5.14: code review fixes by @yjs-2026 + Snyk E005 disclaimer

v1.5.12

Security & bug fixes from @yjs-2026 code review

v1.5.11

Align with VMware skill family v1.5.11

v1.5.10

Security: python-multipart 0.0.22→0.0.26 (DoS fix)

v1.5.8

Align with VMware skill family v1.5.8

v1.5.7

Align with VMware skill family v1.5.7

v1.5.6

Fix CRITICAL: mcp_server missing from wheel

v1.5.5

Align with VMware skill family v1.5.5

v1.5.4

Security: pytest 9.0.2→9.0.3 (CVE-2025-71176); Deps: rich <16.0; Align family v1.5.4

v1.5.3

No user-facing changes in this version. - No file changes detected since the previous release. - Behavior, features, and documentation remain unchanged.

v1.5.2

No file changes detected for version 1.5.2. - No updates or modifications were made to this release. - All functionality remains unchanged from the previous version.

v1.5.1

- Added legal disclaimer clarifying this project is community-maintained and not affiliated with or endorsed by VMware/Broadcom. - Updated compatibility section: clarified credential requirements and details on environment variable names for vCenter/ESXi targets. - Provided visibility into webhook usage: clarified that Slack/Discord webhook URLs are user-configured and only used by the opt-in daemon for alert summaries, not for transmitting sensitive data. - Stated that the background monitoring daemon is user-initiated and never auto-started. - No changes to CLI commands, features, or capabilities.

v1.5.0

v1.5.0: Anthropic best practices, [READ]/[WRITE] prefixes, Broadcom attestation

v1.4.10

Anthropic best practices: [READ]/[WRITE] prefixes, limit params, Broadcom author attestation

v1.4.9

Security routing fixes and vmware-policy clarity; NSX auth fix for special char passwords

v1.4.8

Security patch: bump cryptography 46.0.6→46.0.7 (CVE-2026-39892), urllib3→2.6.3, requests→2.33.0

v1.4.7

Fix: align openclaw metadata with runtime requirements; standardize audit path to ~/.vmware/audit.db; correct credential env var docs to VMWARE_<TARGET>_PASSWORD convention

v1.4.6

fix: remove suspicious content for clean scan

v1.4.5

Security: pygments ReDoS CVE fix; Infrastructure: uv.lock for all repos

元数据

Slug vmware-monitor

版本 1.5.15

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 43

常见问题

Vmware Monitor 是什么？

Use this skill for safe, risk-free queries of VMware infrastructure — code-level enforced safety means no destructive operations exist in the codebase. Direc... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 999 次。

如何安装 Vmware Monitor？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install vmware-monitor」即可一键安装，无需额外配置。

Vmware Monitor 是免费的吗？

是的，Vmware Monitor 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Vmware Monitor 支持哪些平台？

Vmware Monitor 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（macos, linux）。

谁开发了 Vmware Monitor？

由 zw008（@zw008）开发并维护，当前版本 v1.5.15。