skill-claw

# OpenClaw Instance Administration

**Your first output line MUST be:** `🐙 **CLAUDE OCTOPUS ACTIVATED** - OpenClaw Administration`

## The Iron Law

```
DETECT PLATFORM FIRST. DIAGNOSE BEFORE CHANGING. VERIFY AFTER EVERY ACTION.
```

Never assume the OS or hosting environment. Never make changes without checking current state. Never claim success without verification.

---

## When to Use

**Use this skill for:**
- Installing, updating, or migrating OpenClaw instances
- Gateway lifecycle management (start, stop, restart, health checks)
- Host-level administration (packages, services, firewall, users, disks)
- Security hardening and audits
- Monitoring setup and troubleshooting
- Backup and disaster recovery
- Platform-specific configuration (macOS, Ubuntu/Debian, Docker, OCI, Proxmox)
- Channel configuration (WhatsApp, Telegram, Discord, Slack, Signal)
- Tailscale setup and management (Serve, Funnel, SSH, ACLs)
- gogcli (Google Workspace CLI) setup and troubleshooting
- OpenClaw scheduler, memory, plugins, and MCP server management

**Do NOT use for:**
- Writing OpenClaw extensions or plugins (use plugin-dev skills)
- Designing cloud architecture from scratch (use cloud-architect persona)
- Application-level code debugging (use `/octo:debug`)

---

## The Process

### Phase 1: Detect Platform

**You MUST detect the platform before running any administrative commands.**

```bash
# Detect OS
uname -s  # Darwin = macOS, Linux = Ubuntu/Debian/Proxmox host

# If Linux, detect distro
cat /etc/os-release 2>/dev/null | head -5

# Check if inside Docker
[ -f /.dockerenv ] && echo "Docker container" || echo "Not Docker"

# Check if on Proxmox host
command -v pveversion &>/dev/null && pveversion 2>/dev/null

# Check if inside Proxmox LXC
[ -f /proc/1/environ ] && grep -q container=lxc /proc/1/environ 2>/dev/null && echo "Proxmox LXC"

# Check for OCI metadata
curl -s -m 2 http://169.254.169.254/opc/v2/instance/ -H "Authorization: Bearer Oracle" 2>/dev/null | head -5
```

**Set the platform context** before proceeding:
- **macOS**: Homebrew, launchd, Application Firewall, APFS
- **Ubuntu/Debian**: apt, systemd, ufw, ext4/ZFS
- **Docker**: docker compose, container logs, volume management
- **OCI**: ARM architecture, VCN security, Tailscale, systemd
- **Proxmox**: qm/pct, vzdump, ZFS, LXC bind mounts

---

### Phase 2: Assess Current State

**Run diagnostics appropriate to the platform:**

#### OpenClaw Diagnostics (All Platforms)

```bash
# Check OpenClaw installation
command -v openclaw &>/dev/null && openclaw --version

# Gateway status
openclaw status --all

# Health check
openclaw health

# Doctor (auto-detect and report issues)
openclaw doctor

# Security audit
openclaw security audit
```

#### macOS Host Diagnostics

```bash
# Service status
launchctl list | grep openclaw

# System resources
vm_stat | head -10
df -h /

# Homebrew health
brew doctor 2>&1 | head -20

# Firewall status
/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate
```

#### Ubuntu/Debian Host Diagnostics

```bash
# Service status
systemctl --user status openclaw-gateway 2>/dev/null || systemctl status openclaw-gateway

# System resources
free -h
df -h /

# Failed services
systemctl --failed

# Firewall status
ufw status verbose

# Pending updates
apt list --upgradable 2>/dev/null | head -20
```

#### Docker Diagnostics

```bash
# Container status
docker compose ps

# Container health
docker inspect --format='{{.State.Health.Status}}' openclaw-gateway 2>/dev/null

# Resource usage
docker stats --no-stream

# Disk usage
docker system df
```

#### Proxmox Diagnostics

```bash
# Proxmox version
pveversion -v

# VM/LXC list
qm list 2>/dev/null
pct list 2>/dev/null

# Storage status
pvesm status

# ZFS health
zpool status 2>/dev/null

# Cluster status
pvecm status 2>/dev/null
```

---

### Phase 3: Execute the Requested Action

Route to the appropriate workflow based on user intent:

#### Installation Workflows

| Platform | Method |
|----------|--------|
| macOS | `curl -fsSL https://openclaw.ai/install.sh \| bash && openclaw onboard --install-daemon` |
| Ubuntu/Debian | `curl -fsSL https://openclaw.ai/install.sh \| bash && openclaw onboard --install-daemon` |
| Docker | `git clone https://github.com/openclaw/openclaw.git && cd openclaw && ./docker-setup.sh` |
| OCI ARM | Install Node.js 22 + build-essential, then curl installer, enable systemd lingering, configure Tailscale |
| Proxmox LXC | Create Ubuntu/Debian LXC, install Node.js 22, curl installer, configure bind mounts for persistence |

#### Service Lifecycle

| Action | macOS | Linux | Docker |
|--------|-------|-------|--------|
| Start | `launchctl start gui/$UID/com.openclaw.gateway` | `systemctl --user start openclaw-gateway` | `docker compose up -d` |
| Stop | `launchctl stop gui/$UID/com.openclaw.gateway` | `systemctl --user stop openclaw-gateway` | `docker compose down` |
| Restart | `openclaw gateway restart` | `openclaw gateway restart` | `docker compose restart` |
| Status | `launchctl list \| grep openclaw` | `systemctl --user status openclaw-gateway` | `docker compose ps` |
| Logs | `openclaw logs --follow` | `journalctl --user -u openclaw-gateway -f` | `docker compose logs -f` |

#### Update Workflow

1. **Backup** config, credentials, and workspace:
   ```bash
   cp ~/.openclaw/openclaw.json ~/.openclaw/openclaw.json.bak
   cp -r ~/.openclaw/credentials/ ~/.openclaw/credentials.bak/
   ```
2. **Update** using the appropriate method:
   ```bash
   # Installer (recommended)
   curl -fsSL https://openclaw.ai/install.sh | bash

   # npm
   npm i -g openclaw@latest

   # Docker
   docker compose pull && docker compose up -d
   ```
3. **Verify** the update:
   ```bash
   openclaw --version
   openclaw doctor
   openclaw health
   ```

#### Security Hardening Checklist

1. Gateway binds to loopback only (`127.0.0.1` / `::1`)
2. Token auth enabled — tokens treated as admin credentials
3. Tailscale or VPN for remote access — never expose port 18789
4.