VMware Monitor (Read-Only)

Disclaimer: This is a community-maintained open-source project and is not affiliated with, endorsed by, or sponsored by VMware, Inc. or Broadcom Inc. "VMware" and "vSphere" are trademarks of Broadcom. Source code is publicly auditable at github.com/zw008/VMware-Monitor under the MIT license.

Read-only VMware vCenter/ESXi monitoring — 8 MCP tools, zero destructive code.

Code-level safety: This skill contains NO power, create, delete, snapshot, or modify operations. Not disabled — they don't exist in the codebase.
Companion skills: vmware-aiops (VM lifecycle), vmware-storage (iSCSI/vSAN), vmware-vks (Tanzu Kubernetes), vmware-nsx (NSX networking), vmware-nsx-security (DFW/firewall), vmware-aria (metrics/alerts/capacity), vmware-avi (AVI/ALB/AKO).
| vmware-pilot (workflow orchestration) | vmware-policy (audit/policy)

What This Skill Does

Category	Capabilities
Inventory	List VMs, ESXi hosts, datastores, clusters
Health

Active alarms, recent events (filter by severity/time) | | VM Details | CPU, memory, disks, NICs, snapshots, guest OS, IP | | Scanning | Scheduled alarm/log scanning with Slack/Discord webhooks |

Quick Install

CODEBLOCK0

When to Use This Skill

• - List or search VMs, hosts, datastores, clusters
• Check active alarms or recent events
• Get detailed info about a specific VM
• Set up scheduled monitoring with webhook alerts
• Any read-only VMware query where safety is paramount

Alarm/Event Output: suggested_actions Field

INLINECODE1 and get_events results include a suggested_actions list.
Each item is a ready-to-use hint pointing to the correct companion skill and tool:

CODEBLOCK1

AI agents (especially smaller local models) can read these hints directly to determine which skill and tool to call next, without needing to reason about skill routing themselves.

Use companion skills for:

• - Power on/off, deploy, clone, migrate --> INLINECODE4
• iSCSI, vSAN, datastore management --> INLINECODE5
• Tanzu Kubernetes clusters --> INLINECODE6
• Load balancing, AVI/ALB, AKO, Ingress --> INLINECODE7

Related Skills — Skill Routing

User Intent	Recommended Skill
Read-only vSphere monitoring, zero risk	vmware-monitor ← this skill
Storage: iSCSI, vSAN, datastores

vmware-storage | | VM lifecycle, deployment, guest ops | vmware-aiops | | Tanzu Kubernetes (vSphere 8.x+) | vmware-vks | | NSX networking: segments, gateways, NAT | vmware-nsx | | NSX security: DFW rules, security groups | vmware-nsx-security | | Aria Ops: metrics, alerts, capacity planning | vmware-aria | | Multi-step workflows with approval | vmware-pilot | | Load balancer, AVI, ALB, AKO, Ingress | vmware-avi (uv tool install vmware-avi) | | Audit log query | vmware-policy (vmware-audit CLI) |

Common Workflows

Daily Health Check

1. 1. Check alarms --> INLINECODE10
2. Review recent events --> INLINECODE11
3. List hosts --> vmware-monitor inventory hosts --> check connection state and memory usage
4. If connection fails --> run vmware-monitor doctor to diagnose config/network issues

Investigate a Specific VM

1. 1. Find the VM --> INLINECODE14
2. Get details --> INLINECODE15
3. Check related events --> INLINECODE16
4. If VM not found --> verify VM name with vmware-monitor inventory vms --limit 100 or check target with INLINECODE18

Set Up Continuous Monitoring

1. 1. Configure webhook in INLINECODE19
2. Start daemon --> INLINECODE20
3. Daemon scans every 15 min, sends alerts to Slack/Discord

Usage Mode

Scenario	Recommended	Why
Local/small models (Ollama, Qwen)	CLI	~2K tokens vs ~8K for MCP
Cloud models (Claude, GPT-4o)

Either | MCP gives structured JSON I/O | | Automated pipelines | MCP | Type-safe parameters, structured output |

MCP Tools (8 — all read-only)

Tool	Description
INLINECODE21	List VMs with filtering (power state, sort, limit)
INLINECODE22

ESXi hosts with CPU, memory, version, uptime | | list_all_datastores | Datastores with capacity, free space, type | | list_all_clusters | Clusters with host count, DRS/HA status | | get_alarms | All active/triggered alarms — includes suggested_actions remediation hints | | get_events | Recent events filtered by severity and time — includes suggested_actions hints | | vm_info | Detailed VM info (CPU, memory, disks, NICs, snapshots) |

All tools are read-only. No tool can modify, create, or delete any resource.

CLI Quick Reference

CODEBLOCK2

Full CLI reference: see INLINECODE30

Troubleshooting

Alarms returns empty but vCenter shows alarms

The get_alarms tool queries triggered alarms at the root folder level. Some alarms are entity-specific — try checking events instead: get_events --hours 1 --severity info.

"Connection refused" error

1. 1. Run vmware-monitor doctor to diagnose
2. Verify target hostname/IP and port (443) in config.yaml
3. For self-signed certs: set INLINECODE34

Events returns too many results

Use severity filter: --severity warning (default) filters out info-level events. Use --hours 4 to narrow time range.

VM info shows "guest_os: unknown"

VMware Tools not installed or not running in the guest. Install/start VMware Tools for guest OS detection, IP address, and guest family info.

Doctor passes but commands fail with timeout

vCenter may be under heavy load. Try targeting a specific ESXi host directly instead of vCenter, or increase connection timeout in config.yaml.

Setup

CODEBLOCK3

All tools are automatically audited via vmware-policy. Audit logs: INLINECODE37

Full setup guide, security details, and AI platform compatibility: see INLINECODE38

Audit & Safety

All operations are automatically audited via vmware-policy (@vmware_tool decorator):

• - Every tool call logged to ~/.vmware/audit.db (SQLite, framework-agnostic)
• Policy rules enforced via ~/.vmware/rules.yaml (deny rules, maintenance windows, risk levels)
• Risk classification: each tool tagged as low/medium/high/critical
• View recent operations: INLINECODE42
• View denied operations: INLINECODE43

vmware-policy is automatically installed as a dependency — no manual setup needed.

License

MIT — github.com/zw008/VMware-Monitor