ClawHub

Vmware Policy

Security checks across malware telemetry and agentic risk

Overview

This VMware policy and audit skill appears purpose-aligned, but its global policy bypass and fail-open behavior need careful review before installation.

Review before installing in production. Create and test a rules file before enabling the VMware skill family, restrict permissions on ~/.vmware/audit.db, define retention/deletion practices, and treat VMWARE_POLICY_DISABLED as an emergency-only setting controlled by administrators.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The capability docs describe persistent audit logging of operation parameters, results, detected agent, workflow ID, and OS user to a local SQLite database, but provide no notice, consent, minimization guidance, or retention/privacy controls beyond size-based rotation. In a shared workstation, multi-user host, or regulated environment, this can expose sensitive operational metadata and user-identifying information long after execution, increasing privacy and insider-risk exposure.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The documented agent-detection behavior inspects environment variables such as OPENAI_API_KEY, CLAUDE_SESSION_ID, and related session markers to infer the calling agent, without warning users that sensitive process environment data may be accessed. Even if values are only checked for presence, this pattern normalizes touching secrets-bearing environment variables and can create privacy concerns, accidental disclosure risk, and compliance issues if later implementations log or expose them.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The CLI reference explicitly documents that setting `VMWARE_POLICY_DISABLED=1` bypasses policy checks, and it does so without any warning, access restrictions, or operational guardrails. In a policy and audit infrastructure skill that wraps 156+ VMware tools, normalizing a global bypass materially lowers security posture because users or downstream automation may disable enforcement while still proceeding with sensitive operations, with only post hoc logging via `ok_bypassed`.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide explicitly states that when no rules file is present, all operations are allowed, but frames this as optional configuration rather than a security-sensitive fail-open condition. In a policy-enforcement component used across many VMware skills, running without rules can silently disable the main protective control and lead operators to believe policy is active when it is not.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Documenting VMWARE_POLICY_DISABLED=1 as a normal environment variable without a strong warning exposes a trivial mechanism to bypass policy enforcement entirely. Because this library wraps many MCP tools, an attacker or misconfigured deployment could disable controls globally while audit logging alone would not prevent dangerous actions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal