VMware ESXI-standalone automation skill

Security checks across malware telemetry and agentic risk

Overview

This is a transparent vmctl post-install validation playbook that can create and remove test VMs, so it should be used only in the intended test environment.

Install or use this only on the intended Hermes/vmctl host after vmctl is already installed and reviewed. Keep actions limited to vmctl-test-* resources, verify the resolved tombstone belongs to the smoke-test VM, and require operator approval before recover --apply or any cleanup involving old, ambiguous, or non-test resources.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill instructs the agent to run destructive lifecycle commands (`vmctl delete --force` and `vmctl purge`) as part of the default cleanup flow, but it does not require an explicit confirmation or a prominent warning about deletion impact at the point of execution. Although the target is intended to be a test VM, the same commands can permanently remove VM state if the wrong name is used or if state/tombstone resolution is incorrect, making operator mistakes more likely during automated post-install runs.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal