skillmake
← marketplace
engineersconceptsha:3bd947af46640c6fmanual

openclaw-secure-linux-cloud

Use when an agent needs to run shell commands on a remote Linux host or ephemeral cloud sandbox with least-privilege defaults, audit logging, and an explicit destructive-action gate.

source: https://github.com/xixu-me/skills/tree/main/openclaw-secure-linux-cloudxixu-me/skills· ★ 54
Install confidence
curl --create-dirs -fsSL https://skillmake.xyz/i/openclaw-secure-linux-cloud -o ~/.claude/skills/openclaw-secure-linux-cloud/SKILL.md
Pinned content
sha:3bd947af46640c6f
Generated with
manual
Source
github.com

The file served at /api/marketplace/openclaw-secure-linux-cloud-3bd947af/raw matches this hash. Inspect before install, then copy the command.

2,760 chars · ~690 tokens
---
name: openclaw-secure-linux-cloud
description: Use when an agent needs to run shell commands on a remote Linux host or ephemeral cloud sandbox with least-privilege defaults, audit logging, and an explicit destructive-action gate.
source: https://github.com/xixu-me/skills/tree/main/openclaw-secure-linux-cloud
generated: 2026-05-25T02:44:03.116Z
category: concept
audience: engineers
---

## When to use

- Bootstrapping a fresh Linux VM and you want safe defaults: non-root user, SSH keys only, firewall, fail2ban, unattended upgrades
- Letting an agent execute commands on a remote host without giving it long-lived root access
- Running an untrusted code-execution step inside a disposable sandbox the agent can tear down on failure
- Producing an audit log of every command the agent ran on a server so a human can review later

## Key concepts

### Least-privilege session

The agent connects as a non-root user with a scoped sudoers rule and an idle timeout, so a compromised session cannot escalate or linger.

### Destructive-action gate

rm -rf, dd, chmod -R, systemctl stop, and database drops require explicit confirmation in the prompt; the skill refuses to run them silently.

### Append-only audit log

Every command, exit code, and stdout/stderr is recorded to a tamper-evident log that survives session end so post-mortems are trivial.

### Ephemeral cloud sandbox

When isolation matters more than persistence, the skill provisions a short-lived VM, runs the work there, and destroys it afterward.

### Secrets handling

Tokens are read from a host secret store at run time and never echoed back to the agent's transcript, even on error.

## API reference

```
npx skills add xixu-me/skills --skill openclaw-secure-linux-cloud
```

Install the secure-Linux-cloud skill.

```
npx skills add xixu-me/skills --skill openclaw-secure-linux-cloud
```

```
secure-shell <host> <command> / sandbox run <command>
```

Run a single command on a remote host under the safety gate, or run inside a disposable sandbox.

```
secure-shell prod-1 "systemctl status nginx"
sandbox run "./untrusted-script.sh"
```

## Gotchas

- Destructive gates can break automation expecting a non-interactive shell, so pre-approve specific commands in policy rather than disabling the gate
- The audit log is local; ship it to a SIEM or remote bucket if the host itself might be compromised
- Ephemeral sandboxes lose state on destroy, so persist artifacts to object storage before exit
- SSH agent forwarding is disabled by default; use deploy keys or signed certificates for git access

---
Generated by SkillMake from https://github.com/xixu-me/skills/tree/main/openclaw-secure-linux-cloud on 2026-05-25T02:44:03.116Z.
Verify against source before relying on details.

File: ~/.claude/skills/openclaw-secure-linux-cloud/SKILL.md