Security audit

VCF Regulatory Compliance

Security checks across malware telemetry and agentic risk

Overview

This VMware compliance MCP is not destructive, but it needs review because it uses an Aria Operations API token over certificate-unverified HTTPS and can return simulated audit results when the real API call fails.

Install only after reviewing the code and using a dedicated read-only, least-privilege Aria Operations token. Do not use the simulated fallback output as audit evidence; the server should return a clear error when live data cannot be retrieved. Prefer pinned dependency versions and enable certificate verification with a trusted CA bundle instead of running with verify=False.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill declares required environment variables under metadata, but it does not declare explicit permissions while clearly requiring environment access and network connectivity to reach VMware Aria Operations. This creates a transparency and policy-enforcement gap: operators may approve or run the skill without understanding that it can access sensitive credentials and make outbound authenticated requests.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The documentation instructs users to supply an API token in MCP configuration but provides no warning about secure storage, token scope, rotation, or logging exposure. In practice, users may paste long-lived privileged tokens into plaintext config files or shared environments, increasing the risk of credential leakage and unauthorized access to compliance data or the underlying Aria Operations instance.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.