Back to skill

Security audit

Vmware Aria

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed VMware Aria Operations monitoring and alert-management integration, with sensitive but purpose-aligned access.

Install only for agents that should access VMware Aria Operations data. Use least-privilege Aria accounts, keep production TLS verification enabled, protect ~/.vmware-aria/.env, and require explicit approval for alert cancellation, alert-definition changes, report deletion, and any future auto-remediation behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The capability documentation is internally contradictory: it states under 'What vmware-aria Cannot Do' that creating alert definitions is not possible, while elsewhere it explicitly documents `create_alert_definition` support and the corresponding POST endpoint. This can mislead agents, reviewers, or policy layers into making incorrect trust or authorization decisions, potentially enabling write actions that operators believed were unavailable.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
| **L5** | Auto-remediation from learned pattern | Pattern library only; requires `risk:low` + `reversible:true` + `repeatable:true` | *(roadmap — candidates: auto-acknowledge known-noisy alerts, auto-cancel resolved-by-event alerts)* |

**Notes**:
- L1/L2 tools are always safe for agents to call without confirmation.
- L3 alert-state writes pass through the `@vmware_tool` decorator: connection check → policy check → audit log. Cancel is irreversible by Aria API design and treated as a destructive operation.
- For VM/host operations see [vmware-aiops](https://github.com/zw008/VMware-AIops); Aria recommendations are advisory, not actuating.
Confidence
79% confidence
Finding
without confirmation

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
references/capabilities.md:75

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
references/setup-guide.md:232