ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Vmware Pilot

v1.4.4

Use this skill whenever the user wants to design, execute, or manage complex multi-step VMware workflows with human approval and automatic rollback. Pilot is...

0· 34·0 current·0 all-time
by@zw008
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
SKILL.md, capability docs, and included scripts are coherent with a multi-skill VMware orchestration/orchestrator. Required items (a vmware-pilot MCP binary and a config env var VMWARE_PILOT_CONFIG) are plausible for an MCP server. However, the registry says “No install spec — instruction-only” while the documentation and metadata reference installing a uvx/pip package and require a binary (vmware-pilot-mcp). That mismatch (no explicit install spec but a required binary) is unexpected and should be explained by the publisher.
Instruction Scope
Runtime instructions focus on designing, planning, executing, and rolling back multi-step VMware workflows and delegate all infrastructure calls to companion skills. They reference local state and audit DBs under ~/.vmware and hot-loading YAML templates from ~/.vmware/workflows/, which is within the orchestration purpose. No instructions request unrelated system credentials or global state beyond these project-scoped files.
!
Install Mechanism
Registry metadata lists no install spec but SKILL.md shows pip/uvx installation commands and requires vmware-pilot-mcp. The skill includes code files (scripts/) but no formal install spec was published. This leaves unclear how the required binary is delivered and verified for integrity — a risk if the binary would be downloaded/installed from an untrusted source. Confirm a trustworthy, auditable install path (PyPI, official GitHub releases, or a vetted uv tap) before installing.
Credentials
Only VMWARE_PILOT_CONFIG is declared as required and is set as primaryEnv, which is reasonable for an orchestrator config. The SKILL.md explicitly states Pilot itself holds no vCenter/NSX/AVI credentials and delegates to companion skills (which have their own config paths). Note: audit logs and saved templates under ~/.vmware may contain operation parameters (which could be sensitive) — treat those files carefully and ensure companion skills' credentials remain separate and limited.
Persistence & Privilege
The skill persists workflow state (~/.vmware/workflows.db), audit logs (~/.vmware/audit.db), and hot-reloads YAML from ~/.vmware/workflows/. This is consistent with its orchestration role but increases local persistence and attack surface (malicious/errant templates can trigger destructive sequences). always:false and no cross-skill config modification are good; however, verify file permissions and who/what can drop YAMLs into the workflows directory.
What to consider before installing
This skill appears to be a genuine VMware orchestration/orchestrator, but there are a few red flags you should check before installing or enabling it: - Source & install: The registry states no install spec, yet SKILL.md advertises `pip install vmware-pilot` / `uvx --from vmware-pilot vmware-pilot-mcp` and the skill requires a vmware-pilot-mcp binary. Ask the publisher where vmware-pilot-mcp is obtained and verify it comes from a trusted, signed release (official PyPI package or GitHub release). Do not run unverified install commands. - VMWARE_PILOT_CONFIG: Inspect what this env var contains. Because Pilot claims not to store vCenter credentials, VMWARE_PILOT_CONFIG should not contain unrelated high-privilege secrets; prefer minimal orchestration config and keep service credentials in the companion skills' configs. - Local persistence & templates: Workflows and audit logs are stored under ~/.vmware and YAML templates are hot-reloaded. Ensure that directory is writable only by trusted users and review any third-party or team-contributed YAML templates before placing them there — templates can orchestrate destructive operations. - Companion skills: Pilot delegates all destructive operations to companion skills. Make sure each companion skill is installed from a trusted source and that their config files (e.g., ~/.vmware-aiops/config.yaml) use least-privilege service accounts. - Code review: The package includes helper scripts (validate_workflow.py, list_available_tools.py). If you plan to run this skill in a sensitive environment, review/scan the included code and confirm the project's repository (the SKILL.md points at github.com/zw008/VMware-Pilot) matches the package you install. If you cannot verify the install source or the origin of vmware-pilot-mcp, treat the skill as untrusted and avoid installing/enabling it in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk970v1syxsdt6fmapc49gjpw71841bwa

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧭 Clawdis
OSmacOS · Linux
Binsvmware-pilot-mcp
EnvVMWARE_PILOT_CONFIG
Primary envVMWARE_PILOT_CONFIG

Comments