Vmware Pilot

Security checks across malware telemetry and agentic risk

Overview

This VMware orchestration skill is aligned with its stated purpose, but it under-scopes safety controls for high-impact infrastructure changes.

Review generated and custom workflows before execution, do not assume rollback is automatic, restrict write access to ~/.vmware/workflows, protect ~/.vmware audit/baseline files, and treat kubeconfig outputs and workflow parameters as sensitive operational material.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: # Warn about missing approval gate if not has_approval: warnings.append( "No approval gate found — consider adding one before destructive steps" ) # Warn about destructive steps before any approval gate
Confidence: 96% confidence
Finding: No approval

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal