← 返回 Skills 市场
192
总下载
0
收藏
0
当前安装
8
版本数
在 OpenClaw 中安装
/install vmware-pilot
功能描述
Use this skill whenever the user wants to design, execute, or manage complex multi-step VMware workflows with human approval and automatic rollback. Pilot is...
安全使用建议
This package looks like a legitimate local orchestration layer for multi-step VMware workflows, but review a few items before installing or granting it access: 1) Clarify VMWARE_PILOT_CONFIG: what exact value (file path, token, JSON) does it expect? The SKILL.md's claim of 'no config' conflicts with the declared required env var. 2) Understand audit persistence: Pilot will log every tool call and its parameters to ~/.vmware/audit.db — those logs could contain sensitive identifiers or parameters passed from companion skills. If that is unacceptable, do not enable the skill or ensure the audit DB is protected/rotated. 3) Verify provenance: install the vmware-pilot-mcp binary only from a trusted source (validate the GitHub repo, release signatures if available). 4) Test in an isolated environment first: install and run with dry-run templates and without connecting companion skills to confirm observed behavior (file creation under ~/.vmware, DB contents, exact use of VMWARE_PILOT_CONFIG). 5) Confirm companion skills' configs are stored and handled securely (they hold the actual vCenter/NSX credentials). If you cannot confirm what VMWARE_PILOT_CONFIG contains or you cannot trust the vmware-pilot-mcp binary source, treat this skill as untrusted.
功能分析
Type: OpenClaw Skill
Name: vmware-pilot
Version: 1.5.14
The vmware-pilot skill bundle is a well-documented orchestration layer for VMware environments, designed to coordinate multi-step workflows across several specialized skills (aiops, nsx, monitor, etc.). It incorporates significant safety features, including human-in-the-loop approval gates for destructive operations, automatic rollback capabilities, and mandatory audit logging via the vmware-policy dependency. The included scripts (scripts/validate_workflow.py and scripts/list_available_tools.py) are utility tools for workflow validation and discovery, and the overall architecture emphasizes security through delegation and persistence without requiring direct infrastructure credentials.
能力标签
能力评估
Purpose & Capability
Name/description (multi-skill VMware orchestration with approval gates and rollback) aligns with the provided files: SKILL.md documents an MCP server, lists companion skills, templates, and orchestration tools. Required binary 'vmware-pilot-mcp' and references to companion skills are appropriate for an orchestration layer.
Instruction Scope
Runtime instructions and references are largely scoped to orchestration: design_workflow/plan_workflow/run_workflow, approval gates, and delegation to companion skills. However, the skill instructs the agent to read and hot-load user files from ~/.vmware/workflows/, persist state to ~/.vmware/workflows.db and ~/.vmware/audit.db, and log full tool calls/parameters — these are expected for a workflow orchestrator but do give the skill access to user home data and cause persistent recording of potentially sensitive parameters passed through workflows.
Install Mechanism
Registry metadata says 'No install spec' but the SKILL.md includes pip/uvx install instructions and an 'installer: kind: uv' header. This is not dangerous by itself but is an inconsistency to clarify: if you plan to install, ensure you install from the official/expected source (the GitHub repo is cited) and verify the vmware-pilot-mcp binary provenance.
Credentials
The skill declares a required environment variable and primary credential VMWARE_PILOT_CONFIG, but SKILL.md also claims 'Pilot has no config file of its own. No credentials stored.' This is contradictory — you should confirm what VMWARE_PILOT_CONFIG holds (path, token, or JSON). Also, because Pilot logs tool calls/parameters to an audit DB, parameters forwarded from companion skills (which may include sensitive credentials or identifiers) could be persisted. The single env var requested is plausible for an orchestrator, but the lack of clarity about its content is a concern.
Persistence & Privilege
The skill persists state and audit logs under ~/.vmware/ (workflows.db, audit.db) and supports hot-loaded templates from ~/.vmware/workflows/. This is normal for an orchestrator but gives it persistent local presence and access to the user's home directory. The skill is not marked 'always: true' and does not request system-wide changes beyond its own directories, which is appropriate; still, persistent logging of parameters raises data-exposure considerations.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install vmware-pilot - 安装完成后,直接呼叫该 Skill 的名称或使用
/vmware-pilot触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.5.14
v1.5.14: code review fixes by @yjs-2026 + Snyk E005 disclaimer
v1.5.3
vmware-pilot 1.5.3
- Documentation update only; no code or functional changes.
- SKILL.md refreshed with existing workflows, scenarios, and companion skills.
- No changes to installer, compatibility, or tool definitions.
- Upgrade is optional for current users.
v1.5.2
vmware-pilot 1.5.2
- Expanded compatibility section to clarify orchestration model (no direct vCenter/NSX credentials, no webhooks, no background services).
- Added clearer description of state persistence, approval gates, and rollback behavior.
- Explicitly listed transitive dependency (only vmware-policy) and reaffirmed no post-install scripts.
- Updated compatibility notes to highlight that companion skills handle their own authentication.
- No changes to workflow logic or APIs; documentation improvements only.
v1.5.1
- Added a disclaimer clarifying that this project is community-maintained, open-source, and not affiliated with or endorsed by VMware, Inc. or Broadcom Inc.
- Mentioned the MIT license and linked the GitHub repository in the disclaimer.
- No changes to features, templates, or technical functionality.
v1.5.0
v1.5.0: Anthropic best practices, [READ]/[WRITE] prefixes, Broadcom attestation
v1.4.10
Anthropic best practices: [READ]/[WRITE] prefixes, Broadcom author attestation
v1.4.9
Security routing fixes and vmware-policy clarity; NSX auth fix for special char passwords
v1.4.4
v1.4.4: vmware-avi family integration, cross-skill routing, sanitize coverage, safety tests
元数据
常见问题
Vmware Pilot 是什么?
Use this skill whenever the user wants to design, execute, or manage complex multi-step VMware workflows with human approval and automatic rollback. Pilot is... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 192 次。
如何安装 Vmware Pilot?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install vmware-pilot」即可一键安装,无需额外配置。
Vmware Pilot 是免费的吗?
是的,Vmware Pilot 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Vmware Pilot 支持哪些平台?
Vmware Pilot 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(macos, linux)。
谁开发了 Vmware Pilot?
由 zw008(@zw008)开发并维护,当前版本 v1.5.14。
推荐 Skills