ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Vmware Aiops

v1.5.12

Use this skill whenever the user needs to manage VMs in VMware/vSphere/ESXi — it's the entry point for all VM operations. Directly handles: power on/off, clo...

1· 953·3 current·3 all-time
by@zw008
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, CLI commands, and config paths all match a VM lifecycle/tooling skill for vSphere/ESXi; required binary 'vmware-aiops' and config files (~/.vmware-aiops/config.yaml and .env) are appropriate for this purpose.
Instruction Scope
SKILL.md instructs only VMware-related operations (power, deploy, guest-exec, datastore browse, alarms, scanning). It references reading host logs and datastore contents (expected). Guest-exec captures stdout/stderr which can expose sensitive data inside guests — this is normal for guest operations but the operator should be aware.
Install Mechanism
Registry metadata claims 'no install spec', but SKILL.md contains an installer field (uv package vmware-aiops) and setup-guide recommends uv/npx/PyPI/GitHub installs. Using PyPI/GitHub is expected for open-source tooling (moderate risk); the mismatch between registry 'no install' and the SKILL.md installer is an inconsistency to verify.
!
Credentials
The manifest declares VMWARE_AIOPS_CONFIG as the required/primary env var (a path to config.yaml) and lists ~/.vmware-aiops/.env as a required config path. However, SKILL.md states per-target secrets must be stored as VMWARE_<TARGET>_PASSWORD entries in the .env file (these per-target secret env names are not listed as required in the top-level requires.env). This is potentially confusing: the skill will read secret passwords from the .env file even though they are not explicitly declared as required/primary envs in the manifest. Webhooks are optional and disabled by default per documentation.
Persistence & Privilege
always:false (not force-included). No background services are installed automatically; the daemon only runs when the user starts it. The skill stores audit logs at ~/.vmware/audit.db which is reasonable for an audit trail.
What to consider before installing
This skill appears to actually do what its description says (VM lifecycle and guest operations) but there are a few manifest vs runtime mismatches you should check before installing: - Verify installer/source: SKILL.md references 'uv' installs from PyPI/GitHub. Confirm the exact package source and package integrity (PyPI release and GitHub repo: github.com/zw008/VMware-AIops) before installing. - Credentials/config: The skill reads per-target passwords from ~/.vmware-aiops/.env (VMWARE_<TARGET>_PASSWORD entries). Ensure you are comfortable storing service account passwords there (use chmod 600) and use dedicated least-privilege vCenter accounts. The manifest only lists VMWARE_AIOPS_CONFIG as required env — confirm how your environment/agent will supply the .env file and per-target secrets. - Webhooks and networking: Webhooks are disabled by default; if you enable them, point them only at endpoints you control and review payload contents. - Audit/logs: Audit DB is stored locally at ~/.vmware/audit.db. Confirm where this file will live and who has access. - Guest exec risk: Anything run via guest-exec can return stdout/stderr; avoid running commands that might leak secrets unintentionally. If you decide to proceed: review the upstream source code/commit history, test in an isolated lab first, use dedicated vCenter service accounts with minimal privileges, and confirm that installation comes from the expected PyPI/GitHub releases. If the registry/installation metadata can be corrected (declare per-target password envs and the installer), that would reduce ambiguity.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🖥️ Clawdis
OSmacOS · Linux
Binsvmware-aiops
EnvVMWARE_AIOPS_CONFIG
Config~/.vmware-aiops/config.yaml, ~/.vmware-aiops/.env
Primary envVMWARE_AIOPS_CONFIG
aiopsvk979m9x7v0jgeh2pykn1rfrr09835gyxesxivk979m9x7v0jgeh2pykn1rfrr09835gyxlatestvk975bv56ysb0gh360x6xnx2q4985021vmonitoringvk979m9x7v0jgeh2pykn1rfrr09835gyxoperationsvk979m9x7v0jgeh2pykn1rfrr09835gyxvcentervk979m9x7v0jgeh2pykn1rfrr09835gyxvmwarevk979m9x7v0jgeh2pykn1rfrr09835gyx
953downloads
1stars
46versions
Updated 5h ago
v1.5.12
MIT-0
macOS, Linux
@zw008
aiopsesxilatestmonitoringoperationsvcentervmware
Download

VMware AIops

Disclaimer: This is a community-maintained open-source project and is not affiliated with, endorsed by, or sponsored by VMware, Inc. or Broadcom Inc. "VMware" and "vSphere" are trademarks of Broadcom. Source code is publicly auditable at github.com/zw008/VMware-AIops under the MIT license.

VMware family entry point — AI-powered VM lifecycle, deployment, and alarm management — 34 MCP tools.

Start here: install vmware-aiops first, then add modules as needed. Run vmware-aiops hub status to see which family members are installed. Family: vmware-monitor (inventory/health), vmware-storage (iSCSI/vSAN), vmware-vks (Tanzu Kubernetes), vmware-nsx (NSX networking), vmware-nsx-security (DFW/firewall), vmware-aria (metrics/alerts/capacity), vmware-avi (AVI/ALB/AKO). | vmware-pilot (workflow orchestration) | vmware-policy (audit/policy)

What This Skill Does

CategoryToolsCount
VM Lifecyclepower on/off, TTL auto-delete, clean slate6
DeploymentOVA, template, linked clone, batch clone/deploy8
Guest Opsexec commands, upload/download files, provision5
Plan/Applymulti-step planning with rollback4
Clustercreate, delete, HA/DRS config, add/remove hosts6
Datastorebrowse files, scan for images2
Alarm Managementlist alarms, acknowledge, reset3

Quick Install

uv tool install vmware-aiops
vmware-aiops doctor
vmware-aiops hub status   # see which family members are installed

VMware Family — Install What You Need

vmware-aiops is the entry point. Add modules for additional capabilities:

ModuleInstallAdds
vmware-monitoruv tool install vmware-monitorRead-only inventory, alarms, events
vmware-storageuv tool install vmware-storageiSCSI, vSAN, datastore management
vmware-vksuv tool install vmware-vksTanzu Kubernetes (vSphere 8.x+)
vmware-nsxuv tool install vmware-nsx-mgmtNSX networking: segments, gateways, NAT
vmware-nsx-securityuv tool install vmware-nsx-securityDFW microsegmentation, security groups
vmware-ariauv tool install vmware-ariaAria Ops metrics, alerts, capacity
vmware-aviuv tool install vmware-aviAVI load balancer, ALB, AKO, Ingress

Each module stays independent — small tool count keeps local models (Ollama, Qwen) accurate.

When to Use This Skill

  • Power on/off, create, delete, snapshot, clone, or migrate VMs
  • Deploy VMs from OVA, templates, linked clones, or batch specs
  • Run commands or transfer files inside a VM (Guest Operations)
  • Create/configure clusters (HA/DRS)
  • Browse datastores for deployable images
  • Plan and execute multi-step operations with rollback
  • List, acknowledge, and reset vCenter triggered alarms

Use companion skills for:

  • Inventory, health, alarms, VM info → vmware-monitor
  • iSCSI, vSAN, datastore management → vmware-storage
  • Tanzu Kubernetes (Supervisor, Namespace, TKC) → vmware-vks
  • Load balancing, AVI/ALB, AKO, Ingress → vmware-avi

Related Skills — Skill Routing

User IntentRecommended Skill
Read-only monitoring, zero riskvmware-monitor (uv tool install vmware-monitor)
Storage: iSCSI, vSAN, datastoresvmware-storage (uv tool install vmware-storage)
VM lifecycle, deployment, guest opsvmware-aiops ← this skill
Tanzu Kubernetes (vSphere 8.x+)vmware-vks (uv tool install vmware-vks)
NSX networking: segments, gateways, NATvmware-nsx (uv tool install vmware-nsx-mgmt)
NSX security: DFW rules, security groupsvmware-nsx-security (uv tool install vmware-nsx-security)
Aria Ops: metrics, alerts, capacityvmware-aria (uv tool install vmware-aria)
Multi-step workflows with approvalvmware-pilot
Load balancer, AVI, ALB, AKO, Ingressvmware-avi (uv tool install vmware-avi)
Audit log queryvmware-policy (vmware-audit CLI)

Common Workflows

Deploy a Lab Environment

  1. Browse datastore for OVA images → vmware-aiops datastore browse <ds> --pattern "*.ova"
  2. Deploy VM from OVA → vmware-aiops deploy ova ./image.ova --name lab-vm --datastore ds1
  3. Run provisioning script inside VM → vmware-aiops vm guest-exec lab-vm --cmd /usr/bin/python3 --args "setup.py" --user admin
  4. Create baseline snapshot → vmware-aiops vm snapshot-create lab-vm --name baseline
  5. Set TTL for auto-cleanup → vmware-aiops vm set-ttl lab-vm --minutes 480

Batch Clone for Testing

  1. Create plan: vm_create_plan with multiple clone + reconfigure steps
  2. Review plan with user (shows affected VMs, irreversible warnings)
  3. Apply: vm_apply_plan executes sequentially, stops on failure
  4. If failed: vm_rollback_plan reverses executed steps
  5. Set TTL on all clones for auto-cleanup

Migrate VM to Another Host

  1. Check VM info via vmware-monitor → verify power state and current host
  2. Migrate: vmware-aiops vm migrate my-vm --to-host esxi-02
  3. Verify migration completed

Usage Mode

ScenarioRecommendedWhy
Local/small models (Ollama, Qwen)CLI~2K tokens vs ~8K for MCP
Cloud models (Claude, GPT-4o)EitherMCP gives structured JSON I/O
Automated pipelinesMCPType-safe parameters, structured output

MCP Tools (34 — 20 read, 14 write)

CategoryToolsR/W
VM Lifecycle (6)vm_list_ttlRead
vm_power_on, vm_power_off, vm_set_ttl, vm_cancel_ttl, vm_clean_slateWrite
Deployment (8)deploy_vm_from_ova, deploy_vm_from_template, deploy_linked_clone, attach_iso_to_vm, convert_vm_to_template, batch_clone_vms, batch_linked_clone_vms, batch_deploy_from_specWrite
Guest Ops (5)vm_guest_exec_output, vm_guest_downloadRead
vm_guest_exec, vm_guest_upload, vm_guest_provisionWrite
Plan/Apply (4)vm_list_plans, vm_create_planRead
vm_apply_plan, vm_rollback_planWrite
Datastore (2)browse_datastore, scan_datastore_imagesRead
Cluster (6)cluster_infoRead
cluster_create, cluster_delete, cluster_add_host, cluster_remove_host, cluster_configureWrite
Alarm Management (3)list_vcenter_alarmsRead
acknowledge_vcenter_alarm, reset_vcenter_alarmWrite

Read/write split: 20 tools are read-only, 14 modify state. All write tools require explicit parameters and are audit-logged. Destructive operations (delete, force power-off) require double confirmation.

CLI Quick Reference

# VM operations
vmware-aiops vm power-on <name> [--target <t>]
vmware-aiops vm power-off <name> [--force]
vmware-aiops vm create <name> --cpu 4 --memory 8192 --disk 100
vmware-aiops vm delete <name>
vmware-aiops vm clone <name> --new-name <new>
vmware-aiops vm migrate <name> --to-host <host>

# Guest operations (requires VMware Tools)
vmware-aiops vm guest-exec <name> --cmd <script-path> --args "<args>" --user <username>
vmware-aiops vm guest-upload <name> --local ./script.sh --guest /tmp/script.sh --user <username>

# Deploy
vmware-aiops deploy ova <path> --name <vm> --datastore <ds>
vmware-aiops deploy linked-clone --source <vm> --snapshot <snap> --name <new>

# Cluster
vmware-aiops cluster create <name> --ha --drs
vmware-aiops cluster info <name>

# Datastore
vmware-aiops datastore browse <ds> --pattern "*.ova"

# Alarm management
vmware-aiops alarm list [--target <t>]
vmware-aiops alarm acknowledge <entity_name> <alarm_name> [--target <t>]
vmware-aiops alarm reset <entity_name> <alarm_name> [--target <t>]

# Family
vmware-aiops hub status        # show installed family members + install commands

Full CLI reference: see references/cli-reference.md

Troubleshooting

"VM not found" error

VM names are case-sensitive in vSphere. Use exact name from vmware-monitor inventory vms.

Guest exec returns empty output

Use vm_guest_exec_output instead of vm_guest_exec — it auto-captures stdout/stderr. Basic vm_guest_exec only returns exit code.

Deploy OVA times out

Large OVA files (>10GB) may exceed the default 120s timeout. The upload happens via HTTP NFC lease — ensure network between the machine running vmware-aiops and ESXi is stable.

Plan apply fails mid-way

Run vmware-aiops plan list to see failed plan status. Ask user if they want to rollback with vm_rollback_plan. Irreversible steps (delete_vm) are skipped during rollback.

Connection refused / SSL error

  1. Verify target is reachable: vmware-aiops doctor
  2. For self-signed certs: set disableSslCertValidation: true in config.yaml (lab environments only)

Setup

uv tool install vmware-aiops
mkdir -p ~/.vmware-aiops
vmware-aiops init  # generates config.yaml and .env templates
chmod 600 ~/.vmware-aiops/.env

All tools are automatically audited via vmware-policy. Audit logs: vmware-audit log --last 20

Full setup guide, security details, and AI platform compatibility: see references/setup-guide.md

Audit & Safety

All operations are automatically audited via vmware-policy (@vmware_tool decorator):

  • Every tool call logged to ~/.vmware/audit.db (SQLite, framework-agnostic)
  • Policy rules enforced via ~/.vmware/rules.yaml (deny rules, maintenance windows, risk levels)
  • Risk classification: each tool tagged as low/medium/high/critical
  • View recent operations: vmware-audit log --last 20
  • View denied operations: vmware-audit log --status denied

vmware-policy is automatically installed as a dependency — no manual setup needed.

License

MIT — github.com/zw008/VMware-AIops

Comments

Loading comments...