Security audit

Vmware Log Insight

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed, read-only VMware Log Insight query helper, with local credential handling risks that users should manage carefully.

Before installing, use a read-only Log Insight service account, keep ~/.vmware-log-insight/.env chmod 600, and prefer injecting the password from a secret manager instead of leaving it in the .env file. Treat returned logs as sensitive operational data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Session Persistence

Medium

Category: Rogue Agent
Content: ## Audit & Safety Read-only by construction (no write tools). MCP tools run through `@vmware_tool(risk_level="low")`, which records each call to the shared audit DB (`~/.vmware/audit.db`). Credentials load from `~/.vmware-log-insight/.env` (`chmod 600`); plaintext passwords there are auto-rewritten to a grep-safe
Confidence: 84% confidence
Finding: write tools). MCP tools run through `@vmware_tool(risk_level="low")`, which records each call to the shared audit DB (`~/.vmware/audit.db`). Credentials load from `~/.vmware-log-insight

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal