The skill lacks version pinning for dependencies, references missing external documentation files, and fails to meet metadata specifications, creating risks of supply chain compromise and unpredictable runtime behavior.
npx skills add https://github.com/zw008/VMware-MonitorNER model detected organization in skill content (confidence: 0.85)
M**
NER model detected organization in skill content (confidence: 0.55)
*
SKILL.md links to "references/health-summary-template.md" but the file is not part of the skill package — the workflow silently degrades or the content is sourced elsewhere at runtime
[`references/health-summary-template.md`](references/health-summary-template.md)
SKILL.md links to "references/investigation-protocol.md" but the file is not part of the skill package — the workflow silently degrades or the content is sourced elsewhere at runtime
[`references/investigation-protocol.md`](references/investigation-protocol.md)
Skill does not specify a license field. Specifying a license helps users understand usage terms.
Skill 'compatibility' field exceeds the Agent Skills spec limit of 500 characters.
The installation instructions use 'uv tool install vmware-monitor' without version pinning, which may lead to the execution of unverified or malicious code updates in the future.
uv tool install vmware-monitor
[](https://mondoo.com/ai-agent-security/skills/github/zw008/VMware-Monitor/vmware-monitor)<a href="https://mondoo.com/ai-agent-security/skills/github/zw008/VMware-Monitor/vmware-monitor"><img src="https://mondoo.com/ai-agent-security/api/badge/github/zw008/VMware-Monitor/vmware-monitor.svg" alt="Mondoo Skill Check" /></a>https://mondoo.com/ai-agent-security/api/badge/github/zw008/VMware-Monitor/vmware-monitor.svgSkills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.