ClawHub
Back to skill

Security audit

Vmware Debug

Security checks across malware telemetry and agentic risk

Overview

This VMware troubleshooting skill is disclosed as a read-only diagnostic helper and the reviewed artifacts do not show hidden data access, persistence, or automatic fixes.

Install this if you want a read-only VMware diagnosis helper, but review the third-party vmware-debug package/source you are installing with uv and avoid feeding it logs or event bundles that contain secrets unless you trust the local environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Natural-Language Policy Violations

Low
Confidence
97% confidence
Finding
This markdown file contains Chinese phrases in otherwise English documentation (e.g. "踩坑" and "联动") without indicating that the skill supports multiple languages or that the content is intentionally region-specific. That can violate language/locale policy by implicitly forcing some users to interpret mixed-language guidance without opt-in.

Credential Access

High
Category
Privilege Escalation
Content
| CPU / memory contention | vmware-aria (metrics/anomalies) | rightsizing via pilot |
| HA / DRS / cluster | vmware-monitor, vmware-aiops | cluster remediation via pilot |
| Power / clone / snapshot | vmware-aiops, vmware-monitor | task status, then fix via aiops |
| Auth / cert / login | check creds & cert; (security) | fix config/.env |

## Common Workflows
Confidence
60% confidence
Finding
.env

Session Persistence

Medium
Category
Rogue Agent
Content
## Audit & Safety

Read-only by construction: no write tools, no network, nothing executed. Remediation
is always routed to aiops/pilot, where the double-confirm / approval / audit gates live
(audit DB `~/.vmware/audit.db`). See `references/setup-guide.md`.
Confidence
60% confidence
Finding
write tools, no network, nothing executed. Remediation is always routed to aiops/pilot, where the double-confirm / approval / audit gates live (audit DB `~/.vmware

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal