Back to skill

Security audit

Vmware Avi

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed VMware AVI/NSX ALB operations integration with real infrastructure impact, but its high-impact actions are purpose-aligned and documented with confirmation and audit controls.

Install this only for users who intentionally want an agent to administer VMware AVI/NSX ALB and AKO environments. Use least-privilege AVI and Kubernetes accounts, prefer injecting passwords from a secret manager instead of storing them in .env, avoid typing passwords into shell commands, keep TLS verification enabled for production, and review every confirmation prompt before allowing traffic-affecting actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger rules are unusually broad and explicitly include generic terms like "ingress," "load balancer," and even mandate "Always use this skill" for many requests. In an agent routing context, this can cause the skill to activate for loosely related tasks and expose high-impact operational actions such as disabling virtual services, draining pool members, restarting AKO, or forcing sync, increasing the chance of misrouting and unintended infrastructure changes.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The troubleshooting example instructs users to append a plaintext password directly into ~/.vmware-avi/.env using echo, which increases the chance of shell history leakage, accidental disclosure on shared terminals, and insecure secret handling. Although the guide elsewhere discusses file permissions and obfuscation, this specific command normalizes unsafe secret entry practices in an operational setup guide for infrastructure credentials.

Session Persistence

Medium
Category
Rogue Agent
Content
### Password Management

- Passwords are **never** stored in `config.yaml` -- only in `.env`
- The `.env` file must have `chmod 600` permissions (owner read/write only)
- `vmware-avi doctor` warns if `.env` permissions are too open
- Never commit `.env` files to version control
Confidence
76% confidence
Finding
write only) - `vmware-avi doctor` warns if `.env` permissions are too open - Never commit `.env` files to version control ### Audit Logging All operations (CLI and MCP) are recorded via vmware-polic

Tool Parameter Abuse

High
Category
Tool Misuse
Content
### "Controller unreachable" in doctor

1. Verify the `host` and `port` in config.yaml are correct
2. Test network connectivity: `curl -k https://avi-controller.example.com/api/cluster`
3. For self-signed certs, set `verify_ssl: false` in config.yaml
4. Check if a firewall or VPN is blocking port 443
Confidence
90% confidence
Finding
curl -k

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
references/setup-guide.md:155