원클릭으로
linux-ops
Bounded Linux operations skill for observing, diagnosing, and executing narrow remote changes over SSH with hard safety guardrails.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Bounded Linux operations skill for observing, diagnosing, and executing narrow remote changes over SSH with hard safety guardrails.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
| name | linux-ops |
| version | 3.0.0 |
| description | Bounded Linux operations skill for observing, diagnosing, and executing narrow remote changes over SSH with hard safety guardrails. |
| compatibility | {"tools":["exec"],"system_deps":["ssh","scp","bash","awk","sed","grep","python3","sshpass","timeout","curl"]} |
This skill provides bounded Linux operations over SSH.
Use it when you need to:
Do not use it when you need to:
Priority order:
Hard boundaries:
Sensitive areas require extra caution:
/root/claw//root/.openclaw/.env/root/.openclaw/credentials//root/.openclaw/workspace/skills/ssh/.secrets//root/.openclaw/workspace/skills/ssh/.secrets/.bak-*/root/.config/systemd/user/openclaw-gateway.service.d/override.conf/root/.config/notion/api_keyIf the action could leak credentials, lock out access, or touch auth, persistence, or firewall state, treat it as L4 unless proven otherwise.
| Level | Meaning | Default stance |
|---|---|---|
| L0 | Advisory only; no remote execution | Always safe |
| L1 | Read-only patrol and observation | Run unattended by default |
| L2 | Low-risk, narrow, reversible, immediately verifiable action | May run unattended through policy and gate |
| L3 | Narrow emergency containment or obvious security fix | May run unattended only with tight blast radius |
| L4 | Major change or lockout-risk action | Requires explicit approval |
| L5 | Forbidden behavior | Never execute |
When evidence is ambiguous, rollback is unclear, or blast radius is broad, escalate to L4.
Default flow:
Rules:
Primary entry points:
scripts/agent_gate.pyscripts/agent_gate.shscripts/primitive_rules.jsonscripts/validate_decision.pyscripts/validate_autonomy.pyObservation and action primitives:
scripts/composite.shscripts/sys.shscripts/file.shscripts/proc.shscripts/net.shscripts/pkg.shscripts/service.shscripts/lock.shscripts/scp_transfer.shSupport files:
schemas/decision-record.schema.jsonschemas/audit-event.schema.jsonschemas/gate-result.schema.jsonschemas/run-summary.schema.jsonschemas/escalation-event.schema.jsontests/agent_gate_tests.shBefore execution:
Execution:
After execution:
This repo ships safe examples only. Keep real inventory, autonomy policy, and secrets local.
hosts.yaml may use aliases and sample host / key_path values such as /keys/<name>. The runtime does not require a /keys mount. Use the alias directly; common.sh resolves the real HOST and KEY_PATH from the matching .secrets entry.
When runtime logic changes:
Keep business-specific repair logic outside this skill.