← 返回 Skills 市场
436
总下载
0
收藏
0
当前安装
23
版本数
在 OpenClaw 中安装
/install vmware-nsx-security
功能描述
Use this skill whenever the user needs to manage VMware NSX security — distributed firewall (DFW) policies, security groups, microsegmentation, and IDS/IPS....
安全使用建议
This skill appears coherent for managing NSX security, but take normal precautions before installing: verify the uv package origin (review the linked GitHub repo and package on the registry), ensure the NSX account used has only the necessary permissions (least privilege), store ~/.vmware-nsx-security/.env securely (chmod 600) and avoid putting highly privileged global admin credentials there, and confirm that vmware-policy (the stated dependency that writes ~/.vmware/audit.db) is trustworthy. Also be aware the tool will make HTTPS calls to your configured NSX Managers (required for its functionality). If you need higher assurance, ask for the package source tarball, inspect its code, or run it in an isolated environment first.
功能分析
Type: OpenClaw Skill
Name: vmware-nsx-security
Version: 1.5.15
The vmware-nsx-security skill bundle is a well-documented toolset for managing VMware NSX security features like distributed firewalls, security groups, and IDPS. It includes significant safety and security features, such as mandatory audit logging to a local SQLite database via the 'vmware-policy' dependency, input sanitization for API-sourced strings, and 'dry-run' modes for destructive operations. The instructions in SKILL.md are focused on legitimate administrative tasks, and the credential management strategy (using environment variables and .env files with restricted permissions) follows security best practices.
能力评估
Purpose & Capability
Name/description, required binary (vmware-nsx-security), required env var (VMWARE_NSX_SECURITY_CONFIG), and required config paths (~/.vmware-nsx-security/config.yaml and .env) all align with managing NSX distributed firewall, groups, tags, traceflow and IDPS. Companion skills and exclusions (networking, VM lifecycle) are clearly documented.
Instruction Scope
SKILL.md instructs the agent to run the vmware-nsx-security CLI and to read the local config and .env for per-target passwords; workflows, dry-run options, and doctor checks are narrowly scoped to NSX security tasks. It does not instruct the agent to read unrelated system files or exfiltrate data to external endpoints. It does require network access to configured NSX Manager hosts (HTTPS/443), which is expected.
Install Mechanism
The package is intended to be installed via the 'uv' tool (uv tool install vmware-nsx-security) per SKILL.md. The registry metadata shows no separate install spec, but the SSH/HTTP download risk is low if you install from a trusted source. As with any third-party CLI, installing an untrusted package from a public registry carries typical supply-chain risks; review the GitHub source and package origin before installing.
Credentials
Requested environment/config artifacts are proportional: a config path env (VMWARE_NSX_SECURITY_CONFIG) and per-target password variables (recommended in ~/.vmware-nsx-security/.env) are appropriate for managing NSX managers. The primaryEnv is the config-path env var (not a raw secret) — per-target passwords are expected and documented. The skill requires access to files that contain secrets (.env) which is reasonable for the function but should be protected (chmod 600).
Persistence & Privilege
The skill does not request always:true or any system-wide persistent privileges. It documents an audit DB (~/.vmware/audit.db) and an on-demand MCP stdio transport; no background services or modifications to other skills are described. Autonomous invocation by the agent is allowed (platform default) but not exceptional for this type of skill.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install vmware-nsx-security - 安装完成后,直接呼叫该 Skill 的名称或使用
/vmware-nsx-security触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.5.15
v1.5.15: single-command MCP entry point (vmware-nsx-security mcp), verify_ssl default true. Legacy entry point kept for backward compat.
v1.5.14
v1.5.14: code review fixes by @yjs-2026 + Snyk E005 disclaimer
v1.5.12
Security & bug fixes from @yjs-2026 code review
v1.5.11
Align with VMware skill family v1.5.11
v1.5.10
Security: python-multipart 0.0.22→0.0.26 (DoS fix)
v1.5.8
Fix: scope SSL warning suppression
v1.5.7
Align with VMware skill family v1.5.7
v1.5.6
Align with VMware skill family v1.5.6
v1.5.5
Fix: missing import re in traceflow, switch auth to form-body for special char passwords
v1.5.4
Security: pytest 9.0.2→9.0.3 (CVE-2025-71176); Align family v1.5.4
v1.5.3
## vmware-nsx-security 1.5.3
- No file or SKILL.md content changes detected in this version.
- No new features, fixes, or breaking changes reported.
v1.5.2
## VMware NSX Security Skill 1.5.2
- Added a clear open-source project disclaimer (not affiliated with VMware/Broadcom) to SKILL.md.
- Expanded and clarified compatibility notes:
- Each NSX Manager target password must be set as a specific environment variable (pattern: VMWARE_<TARGET>_PASSWORD).
- Passwords are never logged or echoed.
- Destructive operations (DFW policy/group delete, IDS/IPS config) have added safeguards or double confirmation.
- Clarified the absence of webhooks, outbound network, or guest operations; all actions are local via NSX Policy API.
- Noted that only vmware-policy is a transitive dependency, with no post-install scripts or background services.
- No tool, functionality, or command-line usage changes; documentation-only update.
v1.5.0
v1.5.0: Anthropic best practices, [READ]/[WRITE] prefixes, Broadcom attestation
v1.4.10
Anthropic best practices: [READ]/[WRITE] prefixes, negative routing, Broadcom author attestation
v1.4.9
Security routing fixes and vmware-policy clarity; NSX auth fix for special char passwords
v1.4.8
Security patch: bump cryptography 46.0.6→46.0.7 (CVE-2026-39892), urllib3→2.6.3, requests→2.33.0
v1.4.7
Fix: align openclaw metadata; add .env config and vmware-policy optional dep; standardize audit path to ~/.vmware/audit.db
v1.4.6
fix: remove suspicious content for clean scan
v1.4.5
Security: pygments ReDoS CVE fix; Infrastructure: uv.lock for all repos
v1.4.4
v1.4.4: vmware-avi family integration, cross-skill routing, sanitize coverage, safety tests
元数据
常见问题
Vmware Nsx Security 是什么?
Use this skill whenever the user needs to manage VMware NSX security — distributed firewall (DFW) policies, security groups, microsegmentation, and IDS/IPS.... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 436 次。
如何安装 Vmware Nsx Security?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install vmware-nsx-security」即可一键安装,无需额外配置。
Vmware Nsx Security 是免费的吗?
是的,Vmware Nsx Security 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Vmware Nsx Security 支持哪些平台?
Vmware Nsx Security 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(macos, linux)。
谁开发了 Vmware Nsx Security?
由 zw008(@zw008)开发并维护,当前版本 v1.5.15。
推荐 Skills