NEW Browse AI tools across categories — updated daily. See what's new →
Testing & Quality

Linux Ops

Agent-native Linux operations skill over SSH. Use when an AI Agent needs to observe, reason about, and operate remote Linux servers using composable primitives. This is an AI-native operations subs...

Authorkakahu2015
Version1.0.0
LicenseMIT
Token count~2,574
UpdatedJun 5, 2026

Agent-native Linux operations skill over SSH. Use when an AI Agent needs to observe, reason about, and operate remote Linux servers using composable primitives. This is an AI-native operations substrate, not a task-script collection: the skill owns safe execution primitives, Python runtime gate enforcement, fail-closed semantic guard, JSON primitive rules, autonomy policy validation, path/risk guardrails, redaction, audit hashes, escalation events, and bounded testable execution; the model ow...

Install

Quick install

via npx skills · works with 57+ agents
npx skills add https://github.com/kakahu2015/linux-ops
Or pick agent:
npx skills add kakahu2015/linux-ops --agent claude-code
npx skills add kakahu2015/linux-ops --agent cursor
npx skills add kakahu2015/linux-ops --agent codex
npx skills add kakahu2015/linux-ops --agent opencode
npx skills add kakahu2015/linux-ops --agent github-copilot
npx skills add kakahu2015/linux-ops --agent windsurf
More install options

Shorthand — useful for multi-skill repos:

npx skills add kakahu2015/linux-ops

Manual — clone the repo and drop the folder into your agent's skills directory:

git clone https://github.com/kakahu2015/linux-ops.git
cp -r linux-ops ~/.claude/skills/
How to use: Once installed, ask your agent to "use the linux-ops skill" or describe what you want (e.g. "Agent-native Linux operations skill over SSH. Use when an AI Agent needs to obse"). Requires Node.js 18+.

linux-ops

Agent-native Linux operations skill over SSH. Use when an AI Agent needs to observe, reason about, and operate remote Linux servers using composable primitives. This is an AI-native operations substrate, not a task-script collection: the skill owns safe execution primitives, Python runtime gate enforcement, fail-closed semantic guard, JSON primitive rules, autonomy policy validation, path/risk guardrails, redaction, audit hashes, escalation events, and bounded testable execution; the model ow...

---
name: linux-ops
version: 2.0.0
description: >
Agent-native Linux operations skill over SSH. Use when an AI Agent needs to observe,
reason about, and operate remote Linux servers using composable primitives. This is an
AI-native operations substrate, not a task-script collection: the skill owns safe
execution primitives, Python runtime gate enforcement, fail-closed semantic guard,
JSON primitive rules, autonomy policy validation, path/risk guardrails, redaction,
audit hashes, escalation events, and bounded testable execution; the model owns
observation, reasoning, diagnosis, decision-making, verification, and escalation.
compatibility:
tools:


  • exec


system_deps:

  • ssh

  • scp

  • bash

  • awk

  • sed

  • grep

  • python3

  • sshpass # optional, only for password auth

  • timeout # optional, used by runner.sh per-host timeout when available

  • curl # optional, only for webhook escalation integrations


---

Linux Ops Skill v2.0

This is an Agent-native Linux operations runtime over SSH.

It is not an Ansible clone, not a hidden playbook runner, and not a pile of app-specific repair scripts. The Agent uses Linux and operations knowledge to reason from live observations; the skill provides bounded primitives, strict contracts, fail-closed runtime gates, policy validation, redaction, audit, and escalation.

Recommended loop:

observe -> classify -> hypothesize -> write decision record -> validate decision/policy -> semantic gate -> execute one primitive -> verify -> rollback/escalate/stop

The model is responsible for diagnosis, sequencing, confidence assessment, and deciding the next action. The runtime is responsible for refusing unsafe or malformed action requests.

---

v2.0 Runtime Model

Agent-owned unattended actions should flow through this chain:

decision-record.json
  -> validate_decision.py
  -> validate_autonomy.py
  -> agent_gate.sh
  -> agent_gate.py
  -> primitive_rules.json
  -> autonomy/risk/env/host-count checks
  -> semantic guard
  -> path guard
  -> raw exec guard
  -> execute exactly one primitive
  -> verification_actions
  -> rollback_actions when requested
  -> redacted audit with decision/policy/rules hashes
  -> escalation event on gate block

agent_gate.sh is a thin compatibility wrapper. The runtime security boundary is agent_gate.py, which executes primitives with argv-style subprocess calls, not shell string evaluation.

---

Core Files

  • scripts/agent_gate.py — Python runtime gate and execution boundary.
  • scripts/agent_gate.sh — thin wrapper around agent_gate.py.
  • scripts/primitive_rules.json — fail-closed semantic rules for primitives, commands, risk, and unattended levels.
  • scripts/validate_decision.py — strict dependency-free decision record validator.
  • scripts/validate_autonomy.py — dependency-free autonomy policy validator.
  • scripts/composite.sh — read-only composite observation primitive; Agent use should route through the gate.
  • scripts/sys.sh, file.sh, proc.sh, net.sh, pkg.sh, service.sh, lock.sh, scp_transfer.sh — generic Linux primitives.
  • schemas/decision-record.schema.json — decision contract.
  • schemas/audit-event.schema.json — audit event contract.
  • schemas/gate-result.schema.json — gate output contract.
  • schemas/run-summary.schema.json — run summary contract.
  • schemas/escalation-event.schema.json — escalation event contract.
  • tests/agent_gate_tests.sh — no-SSH runtime gate regression matrix.

Prefer semantic primitives over raw shell. Do not add business-specific repair scripts.

---

Non-Task-Script Rule

Do not add app-specific repair or deployment scripts such as:

fix_<service>.sh
deploy_<app>.sh
repair_everything.sh
cleanup_all_servers.sh

Reusable behavior should be expressed as one of these:

  • a generic primitive,
  • a JSON primitive rule,
  • an autonomy policy rule,
  • a decision-record contract,
  • a verification/rollback contract,
  • a runtime gate check,
  • a validator,
  • a schema,
  • or an Agent reasoning pattern in docs.

The runtime must stay business-agnostic.

---

Autonomy Levels

Default unattended mode should be L1 observe-only.

| Level | Meaning | Default stance |
|---|---|---|
| L0 | Advisory only; no remote execution | Always safe |
| L1 | Bounded read-only observation | Default unattended mode |
| L2 | Low-risk reversible self-heal | Requires explicit local policy |
| L3 | Bounded non-prod change with verification | Requires policy and strict stop conditions |
| L4 | Privileged or production-impacting action | Requires explicit approval |
| L5 | Forbidden | Never execute unattended |

The Agent may propose an autonomy level in a decision record, but agent_gate.py enforces local policy, environment limits, primitive rules, risk rules, and guardrails. A model cannot grant itself extra authority by writing a higher level into JSON.

---

Runtime Gate Behavior

agent_gate.py enforces:

  1. valid decision record shape and OPSEC constraints,
  2. valid autonomy policy shape,
  3. fail-closed JSON primitive rules,
  4. unknown primitive block unless --test-mode is used,
  5. unknown primitive command block,
  6. declared risk not lower than computed primitive/action risk,
  7. autonomy level and environment max-level checks,
  8. production L1 default unless explicitly confirmed,
  9. host-count limit checks,
  10. raw exec.sh block unless explicitly approved,
  11. sensitive path block,
  12. verification requirements for L2+ or non-low-risk execution,
  13. single primitive execution per decision,
  14. optional rollback after failed verification,
  15. escalation event generation on gate blocks,
  16. redacted audit containing decision, policy, and rules hashes.

--test-mode is for local mock primitive tests only. It must not be used for production operation.

---

Composite Observations

composite.sh is a read-only primitive for common observation bundles. It does not mutate remote state and does not embed business workflows.

Supported actions:

healthcheck, disk, memory, services, network, quick, journal, all

services requires explicit service names. No default business or platform service names are embedded.

primitive_rules.json allows lightweight composite observations at L1 and moves the larger all action to L2 because it may produce more output.

---

Setup

The public repository ships safe examples only. Real inventory, autonomy policy, and secrets are local-only.

cp skills/ssh/hosts.example.yaml skills/ssh/hosts.yaml
cp skills/ssh/autonomy.example.yaml skills/ssh/autonomy.yaml
mkdir -p skills/ssh/.secrets
cp skills/ssh/.secrets/host.env.example skills/ssh/.secrets/<host>.env
bash skills/ssh/scripts/validate_hosts.sh skills/ssh/hosts.yaml --allow-real-hosts

Never commit real hosts.yaml, autonomy.yaml, or .secrets/ content.

---

Agent Workflow

Validate inputs:

python3 skills/ssh/scripts/validate_decision.py skills/ssh/examples/decision-record.observe.json --quiet
python3 skills/ssh/scripts/validate_autonomy.py skills/ssh/autonomy.example.yaml --quiet
python3 -m py_compile skills/ssh/scripts/agent_gate.py

Dry-run the runtime gate:

bash skills/ssh/scripts/agent_gate.sh \
  --decision skills/ssh/examples/decision-record.observe.json \
  --policy skills/ssh/autonomy.example.yaml \
  --dry-run

Execute only after the gate allows the action:

bash skills/ssh/scripts/agent_gate.sh --decision <decision.json> --policy <autonomy.yaml> --execute

Use --allow-raw-exec only when a semantic primitive cannot express the requested operation and the user explicitly approves raw shell execution.

---

Security Rules

  1. Never output credentials or infrastructure identifiers: IPs, usernames, passwords, key paths, .secrets paths, private hostnames, or key contents.
  2. Never read private key contents.
  3. Never modify .secrets/ from Agent commands unless explicitly requested.
  4. Observe before changing.
  5. Use primitives first; raw exec.sh is not an unattended default.
  6. Route Agent-owned unattended actions through agent_gate.sh / agent_gate.py.
  7. Treat missing, corrupt, or incomplete runtime rules as a block condition.
  8. Do not task-script the Agent with app-specific repair flows.
  9. Every state-changing unattended action needs verification and stop conditions.
  10. Escalate ambiguity, conflicting evidence, missing rollback, production targets, or high risk.

---

Local Quality Checks

bash -n skills/ssh/scripts/*.sh skills/ssh/tests/*.sh
python3 -m py_compile skills/ssh/scripts/validate_decision.py skills/ssh/scripts/validate_autonomy.py skills/ssh/scripts/agent_gate.py skills/ssh/scripts/redact.py
bash skills/ssh/scripts/validate_hosts.sh skills/ssh/hosts.example.yaml
python3 skills/ssh/scripts/validate_autonomy.py skills/ssh/autonomy.example.yaml --quiet
python3 skills/ssh/scripts/validate_decision.py skills/ssh/examples/decision-record.observe.json --quiet
bash skills/ssh/scripts/agent_gate.sh --decision skills/ssh/examples/decision-record.observe.json --policy skills/ssh/autonomy.example.yaml --dry-run
bash skills/ssh/tests/agent_gate_tests.sh

The gate test matrix covers allow/block paths, raw exec block, production guard, host-count guard, OPSEC validation, unknown field block, invalid policy block, mock execute/verify/rollback, unknown primitive block, unknown command block, risk mismatch, path block, corrupt rules fail-closed behavior, composite L1 restriction, escalation file generation, and audit hash metadata.

---

Source: https://github.com/kakahu2015/linux-ops
Author: kakahu2015
Discovered via: skillsdirectory.com
Genre: testing

SKILL.md source

---
name: linux-ops
description: Agent-native Linux operations skill over SSH. Use when an AI Agent needs to observe, reason about, and operate remote Linux servers using composable primitives. This is an AI-native operations subs...
---

# linux-ops

Agent-native Linux operations skill over SSH. Use when an AI Agent needs to observe, reason about, and operate remote Linux servers using composable primitives. This is an AI-native operations substrate, not a task-script collection: the skill owns safe execution primitives, Python runtime gate enforcement, fail-closed semantic guard, JSON primitive rules, autonomy policy validation, path/risk guardrails, redaction, audit hashes, escalation events, and bounded testable execution; the model ow...

---
name: linux-ops
version: 2.0.0
description: >
  Agent-native Linux operations skill over SSH. Use when an AI Agent needs to observe,
  reason about, and operate remote Linux servers using composable primitives. This is an
  AI-native operations substrate, not a task-script collection: the skill owns safe
  execution primitives, Python runtime gate enforcement, fail-closed semantic guard,
  JSON primitive rules, autonomy policy validation, path/risk guardrails, redaction,
  audit hashes, escalation events, and bounded testable execution; the model owns
  observation, reasoning, diagnosis, decision-making, verification, and escalation.
compatibility:
  tools:
    - exec
  system_deps:
    - ssh
    - scp
    - bash
    - awk
    - sed
    - grep
    - python3
    - sshpass       # optional, only for password auth
    - timeout       # optional, used by runner.sh per-host timeout when available
    - curl          # optional, only for webhook escalation integrations
---

# Linux Ops Skill v2.0

This is an **Agent-native Linux operations runtime over SSH**.

It is not an Ansible clone, not a hidden playbook runner, and not a pile of app-specific repair scripts. The Agent uses Linux and operations knowledge to reason from live observations; the skill provides bounded primitives, strict contracts, fail-closed runtime gates, policy validation, redaction, audit, and escalation.

Recommended loop:

```text
observe -> classify -> hypothesize -> write decision record -> validate decision/policy -> semantic gate -> execute one primitive -> verify -> rollback/escalate/stop
```

The model is responsible for diagnosis, sequencing, confidence assessment, and deciding the next action. The runtime is responsible for refusing unsafe or malformed action requests.

---

## v2.0 Runtime Model

Agent-owned unattended actions should flow through this chain:

```text
decision-record.json
  -> validate_decision.py
  -> validate_autonomy.py
  -> agent_gate.sh
  -> agent_gate.py
  -> primitive_rules.json
  -> autonomy/risk/env/host-count checks
  -> semantic guard
  -> path guard
  -> raw exec guard
  -> execute exactly one primitive
  -> verification_actions
  -> rollback_actions when requested
  -> redacted audit with decision/policy/rules hashes
  -> escalation event on gate block
```

`agent_gate.sh` is a thin compatibility wrapper. The runtime security boundary is `agent_gate.py`, which executes primitives with argv-style subprocess calls, not shell string evaluation.

---

## Core Files

- `scripts/agent_gate.py` — Python runtime gate and execution boundary.
- `scripts/agent_gate.sh` — thin wrapper around `agent_gate.py`.
- `scripts/primitive_rules.json` — fail-closed semantic rules for primitives, commands, risk, and unattended levels.
- `scripts/validate_decision.py` — strict dependency-free decision record validator.
- `scripts/validate_autonomy.py` — dependency-free autonomy policy validator.
- `scripts/composite.sh` — read-only composite observation primitive; Agent use should route through the gate.
- `scripts/sys.sh`, `file.sh`, `proc.sh`, `net.sh`, `pkg.sh`, `service.sh`, `lock.sh`, `scp_transfer.sh` — generic Linux primitives.
- `schemas/decision-record.schema.json` — decision contract.
- `schemas/audit-event.schema.json` — audit event contract.
- `schemas/gate-result.schema.json` — gate output contract.
- `schemas/run-summary.schema.json` — run summary contract.
- `schemas/escalation-event.schema.json` — escalation event contract.
- `tests/agent_gate_tests.sh` — no-SSH runtime gate regression matrix.

Prefer semantic primitives over raw shell. Do not add business-specific repair scripts.

---

## Non-Task-Script Rule

Do **not** add app-specific repair or deployment scripts such as:

```text
fix_<service>.sh
deploy_<app>.sh
repair_everything.sh
cleanup_all_servers.sh
```

Reusable behavior should be expressed as one of these:

- a generic primitive,
- a JSON primitive rule,
- an autonomy policy rule,
- a decision-record contract,
- a verification/rollback contract,
- a runtime gate check,
- a validator,
- a schema,
- or an Agent reasoning pattern in docs.

The runtime must stay business-agnostic.

---

## Autonomy Levels

Default unattended mode should be **L1 observe-only**.

| Level | Meaning | Default stance |
|---|---|---|
| L0 | Advisory only; no remote execution | Always safe |
| L1 | Bounded read-only observation | Default unattended mode |
| L2 | Low-risk reversible self-heal | Requires explicit local policy |
| L3 | Bounded non-prod change with verification | Requires policy and strict stop conditions |
| L4 | Privileged or production-impacting action | Requires explicit approval |
| L5 | Forbidden | Never execute unattended |

The Agent may propose an autonomy level in a decision record, but `agent_gate.py` enforces local policy, environment limits, primitive rules, risk rules, and guardrails. A model cannot grant itself extra authority by writing a higher level into JSON.

---

## Runtime Gate Behavior

`agent_gate.py` enforces:

1. valid decision record shape and OPSEC constraints,
2. valid autonomy policy shape,
3. fail-closed JSON primitive rules,
4. unknown primitive block unless `--test-mode` is used,
5. unknown primitive command block,
6. declared risk not lower than computed primitive/action risk,
7. autonomy level and environment max-level checks,
8. production L1 default unless explicitly confirmed,
9. host-count limit checks,
10. raw `exec.sh` block unless explicitly approved,
11. sensitive path block,
12. verification requirements for L2+ or non-low-risk execution,
13. single primitive execution per decision,
14. optional rollback after failed verification,
15. escalation event generation on gate blocks,
16. redacted audit containing decision, policy, and rules hashes.

`--test-mode` is for local mock primitive tests only. It must not be used for production operation.

---

## Composite Observations

`composite.sh` is a read-only primitive for common observation bundles. It does not mutate remote state and does not embed business workflows.

Supported actions:

```text
healthcheck, disk, memory, services, network, quick, journal, all
```

`services` requires explicit service names. No default business or platform service names are embedded.

`primitive_rules.json` allows lightweight composite observations at L1 and moves the larger `all` action to L2 because it may produce more output.

---

## Setup

The public repository ships safe examples only. Real inventory, autonomy policy, and secrets are local-only.

```bash
cp skills/ssh/hosts.example.yaml skills/ssh/hosts.yaml
cp skills/ssh/autonomy.example.yaml skills/ssh/autonomy.yaml
mkdir -p skills/ssh/.secrets
cp skills/ssh/.secrets/host.env.example skills/ssh/.secrets/<host>.env
bash skills/ssh/scripts/validate_hosts.sh skills/ssh/hosts.yaml --allow-real-hosts
```

Never commit real `hosts.yaml`, `autonomy.yaml`, or `.secrets/` content.

---

## Agent Workflow

Validate inputs:

```bash
python3 skills/ssh/scripts/validate_decision.py skills/ssh/examples/decision-record.observe.json --quiet
python3 skills/ssh/scripts/validate_autonomy.py skills/ssh/autonomy.example.yaml --quiet
python3 -m py_compile skills/ssh/scripts/agent_gate.py
```

Dry-run the runtime gate:

```bash
bash skills/ssh/scripts/agent_gate.sh \
  --decision skills/ssh/examples/decision-record.observe.json \
  --policy skills/ssh/autonomy.example.yaml \
  --dry-run
```

Execute only after the gate allows the action:

```bash
bash skills/ssh/scripts/agent_gate.sh --decision <decision.json> --policy <autonomy.yaml> --execute
```

Use `--allow-raw-exec` only when a semantic primitive cannot express the requested operation and the user explicitly approves raw shell execution.

---

## Security Rules

1. Never output credentials or infrastructure identifiers: IPs, usernames, passwords, key paths, `.secrets` paths, private hostnames, or key contents.
2. Never read private key contents.
3. Never modify `.secrets/` from Agent commands unless explicitly requested.
4. Observe before changing.
5. Use primitives first; raw `exec.sh` is not an unattended default.
6. Route Agent-owned unattended actions through `agent_gate.sh` / `agent_gate.py`.
7. Treat missing, corrupt, or incomplete runtime rules as a block condition.
8. Do not task-script the Agent with app-specific repair flows.
9. Every state-changing unattended action needs verification and stop conditions.
10. Escalate ambiguity, conflicting evidence, missing rollback, production targets, or high risk.

---

## Local Quality Checks

```bash
bash -n skills/ssh/scripts/*.sh skills/ssh/tests/*.sh
python3 -m py_compile skills/ssh/scripts/validate_decision.py skills/ssh/scripts/validate_autonomy.py skills/ssh/scripts/agent_gate.py skills/ssh/scripts/redact.py
bash skills/ssh/scripts/validate_hosts.sh skills/ssh/hosts.example.yaml
python3 skills/ssh/scripts/validate_autonomy.py skills/ssh/autonomy.example.yaml --quiet
python3 skills/ssh/scripts/validate_decision.py skills/ssh/examples/decision-record.observe.json --quiet
bash skills/ssh/scripts/agent_gate.sh --decision skills/ssh/examples/decision-record.observe.json --policy skills/ssh/autonomy.example.yaml --dry-run
bash skills/ssh/tests/agent_gate_tests.sh
```

The gate test matrix covers allow/block paths, raw exec block, production guard, host-count guard, OPSEC validation, unknown field block, invalid policy block, mock execute/verify/rollback, unknown primitive block, unknown command block, risk mismatch, path block, corrupt rules fail-closed behavior, composite L1 restriction, escalation file generation, and audit hash metadata.


---

**Source**: https://github.com/kakahu2015/linux-ops
**Author**: kakahu2015
**Discovered via**: skillsdirectory.com
**Genre**: testing

Related skills 6

agent-browser

★ Featured Official

Browser automation CLI for AI agents. Use when the user needs to interact with websites, including navigating pages, filling forms, clicking buttons, taking screenshots, extracting data, testing web apps, or automating any browser task. Triggers include requests to "open a website", "fill out a form", "click a button", "take a screenshot", "scrape data from a page", "test this web app", "login to a site", "automate browser actions", or any task requiring programmatic web interaction. Also use...

vercel-labs 297k
Testing & Quality

grill-me

★ Featured

Interview the user relentlessly about a plan or design until reaching shared understanding, resolving each branch of the decision tree. Use when user wants to stress-test a plan, get grilled on their design, or mentions "grill me".

mattpocock 192k
Testing & Quality

grill-with-docs

★ Featured

Grilling session that challenges your plan against the existing domain model, sharpens terminology, and updates documentation (CONTEXT.md, ADRs) inline as decisions crystallise. Use when user wants to stress-test a plan against their project's language and documented decisions.

mattpocock 138k
Testing & Quality

minimal-run-and-audit

★ Featured

RigorPilot trusted execution and reporting skill for README-first deep learning repo reproduction. Use when the task is specifically to capture or normalize evidence from the selected smoke test or documented inference or evaluation command and write standardized `repro_outputs/` files, including patch notes when repository files changed. Do not use for training execution, initial repo intake, generic environment setup, paper lookup, target selection, hidden scientific-meaning changes, or end...

lllllllama 127k
Testing & Quality

polish

★ Featured

Performs a final quality pass fixing alignment, spacing, consistency, and micro-detail issues before shipping. Use when the user mentions polish, finishing touches, pre-launch review, something looks off, or wants to go from good to great.

pbakaus 86k
Testing & Quality

critique

★ Featured

Evaluate design from a UX perspective, assessing visual hierarchy, information architecture, emotional resonance, cognitive load, and overall quality with quantitative scoring, persona-based testing, automated anti-pattern detection, and actionable feedback. Use when the user asks to review, critique, evaluate, or give feedback on a design or component.

pbakaus 83k
Testing & Quality