ClawHub

VCF Log Explorer (MCP)

v1.0.1

An MCP server that provides native tools to dynamically search VMware Aria Operations for Logs (Log Insight).

0· 66·0 current·0 all-time
byRohit Kasture@kasture-rohit
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (VCF Log Insight MCP Explorer) matches the provided files and runtime behavior. Required env vars (LOGINSIGHT_HOST, LOGINSIGHT_API_TOKEN) directly relate to calling the Log Insight API. Declared dependencies (mcp, requests) are appropriate for running an MCP server and making HTTP requests.
Instruction Scope
SKILL.md instructs the agent to run the provided Python MCP server and set the two Log Insight env vars — this is expected. The instructions do not ask the agent to read unrelated files or credentials. The code formats and returns log events to the caller only. One small scope caveat: the MCP server will hold the API token in its process environment while running, so any actor with access to that process can potentially read it.
Install Mechanism
No special install mechanic is used beyond 'pip install -r requirements.txt'. This is a moderate-risk install vector (PyPI packages). The requirements are minimal and expected, but you should verify the 'mcp' package's provenance and versions before installation.
Credentials
Only LOGINSIGHT_HOST and LOGINSIGHT_API_TOKEN are required, which is proportionate to the stated functionality. The skill will use the API token to query logs; treat this token as sensitive. The code does not request unrelated secrets or system credentials.
Persistence & Privilege
The skill is not marked 'always: true'. It runs as an MCP server process when configured and can be invoked autonomously by the agent (platform default). This is expected for an MCP-based tool; there are no attempts to modify other skills or system-wide settings.
Assessment
This skill appears to do what it says, but review and harden before deploying: 1) The code disables TLS verification (requests.get(..., verify=False)) — acceptable for internal servers with self-signed certs but exposes you to MITM if used incorrectly; prefer supplying a CA bundle or enabling verification. 2) Verify the 'mcp' PyPI package source and pinned versions before pip install. 3) Treat LOGINSIGHT_API_TOKEN as highly sensitive; run the MCP server in an isolated environment or container and restrict access to the process. 4) Consider URL-encoding user-supplied keywords to avoid malformed requests. 5) If multiple agents or users share the host, be cautious that the env token is visible to local processes and administrators. If you want, I can suggest a small code patch to enable TLS verification and URL-encoding of the query parameter.

Like a lobster shell, security has layers — review code before you run it.

latestvk972vwp5vqzry0gh2q5ct4pvvd848mqwloginsightvk971hwm9smzff4nwf6c1kmdmhs849735mcpvk971hwm9smzff4nwf6c1kmdmhs849735pythonvk971hwm9smzff4nwf6c1kmdmhs849735vcfvk971hwm9smzff4nwf6c1kmdmhs849735vmwarevk971hwm9smzff4nwf6c1kmdmhs849735

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvLOGINSIGHT_HOST, LOGINSIGHT_API_TOKEN

Comments