Veeam MCP
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill matches its Veeam monitoring purpose, but it asks for persistent Veeam admin credentials and passes them to an unreviewed beta Docker MCP server while the registry metadata declares no credential or config requirements.
Review this skill carefully before installing. It appears purpose-aligned for Veeam monitoring, but only use it if you can verify the external Veeam MCP Docker server, are comfortable storing Veeam credentials locally, and can provide a least-privilege account instead of broad admin credentials where possible.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the credentials file, local machine, or Docker MCP server is compromised, an attacker could access sensitive Veeam backup and monitoring systems with administrative authority.
The skill requires persistent admin credentials for backup infrastructure. For a query/monitoring skill, this is high-impact authority, and the registry metadata does not declare a primary credential or required config path.
- Admin credentials for Veeam servers ... Create `~/.veeam-mcp-creds.json` ... "password": "your_secure_password"
Use a dedicated least-privilege or read-only Veeam account if possible, restrict file permissions, rotate credentials after testing, and ensure the skill metadata clearly declares the credential and config requirements.
Users must trust a separately obtained Docker image with privileged backup-system credentials, and ClawScan cannot verify what that server does with the credentials or data.
The central runtime that handles Veeam API access is external to the reviewed skill, beta, and not pinned by source URL, image digest, or version. The included scripts later run that image with Veeam admin credentials.
The Veeam Intelligence MCP server is currently in **beta** ... Once you have the MCP server package, build the Docker image: `docker build -t veeam-intelligence-mcp-server .`
Only obtain the MCP server from an official Veeam source, verify its provenance, pin a trusted image version or digest, and review the server before providing admin credentials.
This is expected integration behavior, but it means the Docker image and local host environment can see sensitive credentials, and certificate validation may be weaker than a standard trusted-certificate setup.
The Docker execution is central to the skill's purpose, but each query injects the Veeam URL, username, password, and self-signed-certificate acceptance into the container environment.
docker run -i --rm \
-e "PRODUCT_NAME=$PRODUCT_NAME" \
-e "WEB_URL=$URL" \
-e "ADMIN_USERNAME=$USERNAME" \
-e "ADMIN_PASSWORD=$PASSWORD" \
-e "ACCEPT_SELF_SIGNED_CERT=true" \
veeam-intelligence-mcp-serverRun only trusted images, prefer valid internal TLS certificates where possible, limit local access to the host, and avoid using high-privilege production credentials for testing.
Backup job status, repository capacity, alerts, and infrastructure health details may be exposed to the MCP server and Veeam Intelligence components.
The skill routes natural-language questions and Veeam backup or monitoring data through an MCP server and Veeam Intelligence. That data flow is disclosed and purpose-aligned, but it involves sensitive infrastructure information.
User Question → OpenClaw Skill → Docker MCP Server → Veeam API ... Veeam Intelligence ... JSON Response
Confirm that Veeam Intelligence and the MCP server are approved for your environment, and avoid asking the skill to process secrets or data outside the intended Veeam monitoring scope.