by 安全扫描
OpenClaw
安全
medium confidenceNULL
评估建议
This skill appears to do what it claims (NSX DFW and security operations). Before installing: 1) Verify the vmware-nsx-security package source and integrity (confirm the UV package maps to the GitHub repo listed). 2) Confirm the exact env var naming convention (docs use VMWARE_NSX_SECURITY_<TARGET>_PASSWORD; metadata shows a different pattern) so you don't accidentally expose credentials. 3) Use a dedicated, least-privileged NSX account for write operations and keep ~/.vmware-nsx-security/.env a...详细分析 ▾
✓ 用途与能力
Name, description, CLI commands, and required items (vmware-nsx-security binary, config.yaml, per-target password env vars) all align with managing NSX DFW, groups, tags, traceflow, and IDPS.
ℹ 指令范围
SKILL.md stays within NSX security scope and documents setup, doctor checks, and commands. It instructs storing per-target passwords in a ~/.vmware-nsx-security/.env and using VMWARE_NSX_SECURITY_CONFIG to point at config.yaml — these are appropriate. Note: SKILL.md claims 'No webhooks, no outbound network calls' but also documents HTTPS calls to NSX Manager (expected); nothing in the instructions asks to read unrelated system state.
ℹ 安装机制
No code files are bundled (instruction-only), but SKILL.md includes an installer hint (uv package vmware-nsx-security). Installing a tool via a package registry is reasonable for a CLI tool; this is moderate-risk compared with pure instruction-only skills because it requires binaries to be installed. There are no obscure download URLs or extract operations in the provided docs.
ℹ 凭证需求
Requested env/config access (VMWARE_NSX_SECURITY_CONFIG, per-target VMWARE_NSX_SECURITY_<TARGET>_PASSWORD via .env or env vars) is proportionate to managing NSX. Minor inconsistency: metadata.optional lists a different pattern (VMWARE_<TARGET>_PASSWORD) than the docs (VMWARE_NSX_SECURITY_<TARGET>_PASSWORD). Also metadata mentions optional vmware-policy binary; SKILL.md says vmware-policy is a transitive dependency for auditing. Confirm naming and exact env var expectations before installing.
✓ 持久化与权限
always:false and no background services are requested. The skill writes audit logs to ~/.vmware/audit.db (documented). MCP server usage is local stdio and started on-demand by the agent per the setup docs. It does not request system-wide privilege changes or other skills' configs.
安全有层次,运行前请审查代码。
运行时依赖
🖥️ OSmacOS · Linux
版本
latestv1.5.142026/3/27
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install vmware-nsx-security
镜像加速npx clawhub@latest install vmware-nsx-security --registry https://cn.longxiaskill.com