Vmware Nsx Security
v1.5.12Use this skill whenever the user needs to manage VMware NSX security — distributed firewall (DFW) policies, security groups, microsegmentation, and IDS/IPS....
⭐ 0· 323·0 current·0 all-time
by@zw008
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name, description, and declared capabilities (DFW rules, groups, tags, traceflow, IDPS) match the required binary (vmware-nsx-security), the config paths (~/.vmware-nsx-security/config.yaml and .env), and the environment variable (VMWARE_NSX_SECURITY_CONFIG). Required items are proportionate to an NSX security CLI.
Instruction Scope
SKILL.md instructions are focused on NSX security tasks (create/list policies/rules/groups, run traceflow, check IDPS). It explicitly excludes networking and VM lifecycle. It instructs adding an MCP server entry and storing per-target passwords in ~/.vmware-nsx-security/.env — which is expected but elevates the need to protect that file. One minor inconsistency: the doc says "No webhooks, no outbound network calls" but also documents HTTPS calls to the NSX Policy API (expected for the tool).
Install Mechanism
The registry shows this as instruction-only (no packaged code included), while SKILL.md documents installation via 'uv tool install vmware-nsx-security' which is a reasonable, traceable package installer. No arbitrary download URLs or extract-from-unknown-host steps are present in the package metadata or docs. Verify the uv package source (GitHub repo) before installing.
Credentials
Requested env/config access is proportional: a single VMWARE_NSX_SECURITY_CONFIG path plus per-target password variables are typical for a management CLI. Minor documentation inconsistency: some metadata mentions a placeholder VMWARE_<TARGET>_PASSWORD while the rest of the docs use VMWARE_NSX_SECURITY_<TARGET>_PASSWORD. The skill writes audit logs to ~/.vmware/audit.db — expected for auditing but worth securing.
Persistence & Privilege
The skill is not always-enabled, is user-invocable, and does not request elevated platform-wide privileges. It suggests running an MCP command (vmware-nsx-security-mcp) on-demand; this is normal for an MCP-based tool. No evidence the skill modifies other skills' configs or demands permanent privileged presence.
Assessment
This skill appears to do what it says, but before installing: 1) Verify the 'uv' package origin (check the GitHub repo and package publisher) and inspect the installed binaries if possible. 2) Use least-privileged NSX accounts (avoid global admin) and restrict passwords to per-target env vars or a secure secrets store; follow the docs' chmod 600 advice. 3) Secure ~/.vmware/audit.db and config files (config.yaml and .env). 4) Note the small docs inconsistencies (env var naming and references to vmware-nsx-security-mcp); confirm the actual binary names and env var patterns after install. 5) If you require higher assurance, review the package source code or run the binary in a controlled environment before granting it access to production NSX Managers.Like a lobster shell, security has layers — review code before you run it.
latestvk979z8n9fpf3p805dtdjajyrss850311
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔒 Clawdis
OSmacOS · Linux
Binsvmware-nsx-security
EnvVMWARE_NSX_SECURITY_CONFIG
Config~/.vmware-nsx-security/config.yaml, ~/.vmware-nsx-security/.env
Primary envVMWARE_NSX_SECURITY_CONFIG