ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Veeam MCP

v1.0.3

Query Veeam Backup & Replication and Veeam ONE via MCP server running in Docker. Provides intelligent backup monitoring, job analysis, capacity planning, and infrastructure health checks.

0· 1.7k·2 current·2 all-time
by@jgm2025
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to be an instruction-only wrapper around a locally-run Veeam MCP Docker server, which is consistent with the files. However the registry metadata declares no required config paths or binaries, while the SKILL.md and scripts clearly require Docker, jq, and a credentials file at ~/.veeam-mcp-creds.json. The metadata omission is an incoherence that could mislead users about what the skill needs.
Instruction Scope
Runtime instructions and scripts operate within the stated scope: they read a local credentials file, build/run a Docker MCP server, and send JSON-RPC requests to Veeam. They do pass admin credentials into the Docker container via environment variables and instruct users to cat or jq the credentials file for troubleshooting; the SKILL.md also asserts 'No credentials exposed in logs or command history' which depends on how the user runs commands and on the image behavior. There are no obvious instructions to exfiltrate data to third-party endpoints, but the runtime depends on the MCP Docker image — its behavior must be trusted/verified.
Install Mechanism
There is no automated install spec in the skill bundle (instruction-only plus helper scripts), so nothing arbitrary is downloaded or extracted by the skill itself. The higher-risk element is that the skill requires a separate MCP Docker image (user-obtained or built from a package). The skill does not provide or fetch that image, so install risk is limited to user decisions about the image source.
Credentials
The skill does not request unrelated credentials, but it requires privileged admin credentials for Veeam B&R and/or Veeam ONE (stored in a local JSON file). That is proportionate to the stated functionality, but these are high-privilege secrets and the skill's metadata does not declare that a config path is required. Also the scripts assume jq and Docker are available but these binaries are not listed in the registry metadata.
Persistence & Privilege
The skill is not marked always:true and does not request elevated platform privileges. It instructs users to create a credentials file in the user's home directory and run short-lived Docker containers (with --rm). This level of persistence and privilege is typical for CLI wrapper skills and is proportionate to the purpose.
What to consider before installing
Before installing or running this skill: - Be aware the registry metadata is incomplete: the scripts require Docker and jq and a credentials file at ~/.veeam-mcp-creds.json (create from the provided template). The skill will not work until those are present. - The skill relies on a Veeam MCP Docker image you must obtain/build. Only use an image/package from Veeam or another trusted vendor; verify release sources and checksums before building/running the container. - The skill needs admin credentials for your Veeam servers. Prefer a least-privilege service account where possible; protect ~/.veeam-mcp-creds.json (chmod 600) and avoid storing long-lived full-admin credentials unless necessary. - Passing credentials into docker via -e exposes them to the container environment (and to docker inspect while the container runs). Consider running containers in a restricted network, inspect the image contents before use, and avoid running on hosts where untrusted users can inspect Docker state. - The SKILL.md asserts 'no credentials exposed in logs or command history' — that depends on how you run commands (avoid echoing sensitive files/commands into shells that are logged). - Because the skill's source/homepage are not provided in the registry metadata, verify the repository or package origin (GitHub repo, vendor page, or direct Veeam distribution) before trusting the MCP image. If you need, I can list the exact places the metadata and SKILL.md diverge and suggest minimal metadata updates (required binaries and config path) or produce a checklist to safely validate the MCP Docker image before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f550sy749rpkw0j74v68z9580ktsa

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments