ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

VCF Regulatory Compliance

v1.0.1

An MCP server that interfaces with VMware Aria Operations to run regulatory compliance checks (ISO 27001, PCI DSS, CIS, etc.) against the VCF environment.

0· 94·0 current·0 all-time
byRohit Kasture@kasture-rohit

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for kasture-rohit/vcf-compliance-mcp.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "VCF Regulatory Compliance" (kasture-rohit/vcf-compliance-mcp) from ClawHub.
Skill page: https://clawhub.ai/kasture-rohit/vcf-compliance-mcp
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: ARIA_OPS_HOST, ARIA_OPS_API_TOKEN
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install vcf-compliance-mcp

ClawHub CLI

Package manager switcher

npx clawhub@latest install vcf-compliance-mcp
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill declares ARIA_OPS_HOST and ARIA_OPS_API_TOKEN and the server.py uses exactly those environment variables to call Aria Operations suite-api endpoints for compliance alerts. Required inputs and the described capability (VCF/Aria compliance checks) are coherent.
Instruction Scope
SKILL.md only instructs installing dependencies and launching the included MCP server with the two Aria env vars. The runtime code only reads those env vars and queries the specified Aria host. Note: the code disables TLS verification (verify=False) and suppresses insecure-cert warnings to accommodate self-signed VCF certs — this is understandable for private infra but is a security consideration (MITM risk) and should be accepted only for trusted internal endpoints.
Install Mechanism
No automated install/download is present; this is instruction-only with a requirements.txt. The user must run pip install -r requirements.txt — no remote arbitrary archive downloads or obscure installers were included.
Credentials
Only ARIA_OPS_HOST and ARIA_OPS_API_TOKEN are required, which are appropriate and proportional for querying VMware Aria Operations. No unrelated secrets, system paths, or extra credentials are requested.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or system-wide configuration changes. It runs as a user-launched MCP server and does not alter other skills or agent-wide settings.
Assessment
This skill appears to do what it says, but review a few operational-security items before installing: 1) Only provide ARIA_OPS_API_TOKEN that has the minimum privileges needed for read-only compliance queries and rotate the token regularly. 2) Run the MCP server on a host with restricted network access and ensure ARIA_OPS_HOST points to your internal Aria Operations instance (do not point to unknown external hosts). 3) Note server.py disables TLS verification (verify=False) to allow self-signed certs — accept this only if you trust the network path; consider replacing with a CA-trusted cert or enabling verification. 4) Inspect the included server.py yourself (or with your security team) before supplying secrets. 5) If you plan to allow autonomous invocation, be aware the agent could call the tool automatically — restrict token scope and monitor usage/logging.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

EnvARIA_OPS_HOST, ARIA_OPS_API_TOKEN
latestvk97ess5zt1w8y4kqsqg0n6qmt98490nr
94downloads
0stars
2versions
Updated 3w ago
v1.0.1
MIT-0
Rohit Kasture@kasture-rohit
latest
Download

VCF Regulatory Compliance Scanner

This skill uses the Model Context Protocol (MCP) to provide the AI agent with a native get_vcf_compliance_status tool. It queries VMware Aria Operations to generate instant audit reports for standard security frameworks.

Setup Instructions for OpenClaw

To use this skill, the OpenClaw agent must run the attached Python MCP server.

  1. Install dependencies: pip install -r requirements.txt
  2. Configure your OpenClaw settings to launch this MCP server. Add the following to your agent's MCP configuration:
{
  "mcpServers": {
    "vcf-compliance": {
      "command": "python",
      "args": ["server.py"],
      "env": {
        "ARIA_OPS_HOST": "your-aria-ops-fqdn",
        "ARIA_OPS_API_TOKEN": "your-api-token"
      }
    }
  }
}

Comments

Loading comments...