From admin-devops
Local machine administration for Windows, WSL, macOS, Linux. Install tools, check if software is installed, manage packages, configure dev environments. Works with winget, scoop, brew, apt, npm, pip, uv. Profile-aware: adapts to your preferences. Use when: install 7zip, is git installed, clone repo, check if node installed, add to PATH, configure MCP servers, manage dev tools, set up environment. NOT for: VPS, cloud servers, remote infrastructure → use devops skill.
npx claudepluginhub joshuarweaver/cascade-code-devops-misc-1 --plugin evolv3-ai-vibe-skillsThis skill uses the workspace's default tool permissions.
**Script path resolution**: When Claude Code loads this file, it provides the full
assets/AGENTS.mdassets/admin-rules.mdassets/env-spec.txtassets/env-templateassets/issue-template.mdassets/mcp-claude-desktop-config.jsonassets/mcp-env.templateassets/mcp-registry.jsonassets/mcp-win-cli-config.jsonassets/profile-graph.mdassets/profile-schema.jsonassets/profile.jsonassets/satellite-env.templateassets/skills-registry.jsonassets/windows-env.templateassets/windows-profile-template.ps1assets/wsl.confreferences/agent-teams.mdreferences/cross-platform.mdreferences/device-profiles.mdGenerates design tokens/docs from CSS/Tailwind/styled-components codebases, audits visual consistency across 10 dimensions, detects AI slop in UI.
Records polished WebM UI demo videos of web apps using Playwright with cursor overlay, natural pacing, and three-phase scripting. Activates for demo, walkthrough, screen recording, or tutorial requests.
Delivers idiomatic Kotlin patterns for null safety, immutability, sealed classes, coroutines, Flows, extensions, DSL builders, and Gradle DSL. Use when writing, reviewing, refactoring, or designing Kotlin code.
Script path resolution: When Claude Code loads this file, it provides the full
path. All scripts/ references below are relative to this file's directory.
Derive SKILL_DIR from this file's path and prepend it when running scripts
(e.g., if loaded from /path/to/skills/admin/SKILL.md, run /path/to/skills/admin/scripts/test-admin-profile.sh).
Check for a profile before any operation. No profile means no preferences, no logging path, no state.
Bash (WSL/Linux/macOS):
scripts/test-admin-profile.sh
PowerShell (Windows):
pwsh -NoProfile -File "scripts/Test-AdminProfile.ps1"
Returns JSON: {"exists":true|false,"path":"...","device":"...","platform":"..."}
If exists: false — stop and run the TUI setup interview before proceeding.
Full details: references/profile-gate.md (discovery, TUI interview, create commands, troubleshooting).
If both bash and PowerShell test scripts fail (e.g., shell not available, permission denied, script missing from plugin cache), use native Claude tools to check directly:
~/.admin/.env to get ADMIN_ROOT and ADMIN_DEVICE$ADMIN_ROOT/profiles/$ADMIN_DEVICE.jsonreferences/profile-gate.md).env files or credentials inside any skill folder..env.template files belong only in assets/ within a skill.~/.admin/.env and reference from there.Secrets are organized across 3 Infisical projects by trust boundary, with folder hierarchies:
| Project | Trust Boundary | Contents |
|---|---|---|
admin-operator | Operator | Provider keys, LLM tokens, Cloudflare, Google creds |
admin-runtime | Runtime (scoped) | Agent bot tokens, deployment passwords |
customer-* | Customer (isolated) | Per-customer OpenClaw config |
4-layer model: age key → vault (bootstrap) → Infisical Cloud (3 projects) → generated runtime files
URI-based access (new in v4.0):
resolve-secret-ref.sh "infisical://admin-operator/prod/providers/hetzner/HCLOUD_TOKEN"
secrets --project admin-operator --path /providers/hetzner HCLOUD_TOKEN
Legacy CLI (still works via fallback):
secrets HCLOUD_TOKEN # Falls back through: generated/.env → Infisical → vault → .env
Runtime rendering: render-runtime.sh resolves all secretRefs/fileRefs from the profile and writes $ADMIN_ROOT/generated/.env for scripts that don't need live Infisical access.
Guides: references/secrets-architecture.md (full model), references/infisical.md (setup), references/vault-guide.md (fallback)
admin (core)
├── 9 satellite skills: devops, oci, hetzner, contabo, digital-ocean, vultr, linode, coolify, kasm
├── 6 agents: profile-validator, docs-agent, verify-agent, tool-installer, mcp-bot, ops-bot
├── Profile system: ~/.admin/.env (satellite) → $ADMIN_ROOT/profiles/*.json (+ GitHub sync)
├── Secrets: 3 Infisical projects (operator/runtime/customer) → vault (fallback) → .env (legacy)
└── SimpleMem: Long-term memory across sessions (graceful degradation)
Satellite .env (bootstrap) → profile.json (device config) → Agent decisions
↓ ↓ ↓
ADMIN_ROOT, DEVICE, tools, servers, prefs, SimpleMem storage
PLATFORM, SECRETS_BACKEND secretRefs, fileRefs (speaker convention)
↓ ↓
generated/.env (pre-rendered) → Infisical (3 projects) → vault.age → .env
.env (~/.admin/.env): Per-device bootstrap. Points to ADMIN_ROOT, configures secrets backend..env ($ADMIN_ROOT/.env): Bootstrap only (ADMIN_ROOT, ADMIN_DEVICE, ADMIN_PLATFORM, ADMIN_SECRETS_BACKEND).$ADMIN_ROOT/profiles/{DEVICE}.json): Full device config with secretRefs (URI pointers) and fileRefs.$ADMIN_ROOT/config/infisical-projects.json): Project slug → ID mapping.$ADMIN_ROOT/generated/.env, compat.env): Pre-resolved secrets for scripts that don't need live Infisical access.| Agent | Model | Role | Tools |
|---|---|---|---|
| profile-validator | haiku | JSON validation, read-only health check | Read, Bash, Glob |
| docs-agent | haiku | File I/O documentation updates | Read, Write, Glob, Grep |
| verify-agent | sonnet | System health checks, no Write | Read, Bash, Glob, Grep |
| tool-installer | sonnet | Install software per profile prefs | Read, Write, Bash, AskUserQuestion |
| mcp-bot | sonnet | MCP server diagnostics and config | Read, Write, Bash, Glob, Grep |
| ops-bot | sonnet | Multi-step operations (migration, import, bulk config) | Read, Write, Edit, Bash, Glob, Grep, AskUserQuestion |
All agents use SimpleMem graceful degradation and profile gate as first step.
Details: references/agent-teams.md, references/memory-integration.md
admin (core) ─── required by all satellites
│
├── devops ─── required by provider + app skills
│ │
│ ├── oci, hetzner, contabo, digital-ocean, vultr, linode
│ │ (provision servers)
│ │ │
│ └── coolify, kasm
│ (deploy apps TO provisioned servers)
│
└── Profile system provides: server inventory, SSH keys, credentials (via vault)
| Task | Reference |
|---|---|
| Install tool/package | references/{platform}.md |
| Windows administration | references/windows.md |
| WSL administration | references/wsl.md |
| macOS/Linux admin | references/unix.md |
| MCP server management | references/mcp.md |
| Skill registry | references/skills-registry.md |
| Memory integration | references/memory-integration.md |
| Secrets / Infisical setup | references/infisical.md |
| Vault (age encryption) | references/vault-guide.md |
| Profile sync (GitHub) | references/remote-profile.md |
| Remote servers/cloud | → Use devops skill |
preferences.python.manager (uv/pip/conda/poetry)preferences.node.manager (npm/pnpm/yarn/bun)preferences.packages.manager (scoop/winget/choco/brew/apt)Never suggest install commands without checking preferences first.
profile.tools)Log every operation with the shared helpers.
Bash — params: MESSAGE LEVEL (INFO|WARN|ERROR|OK):
source scripts/log-admin-event.sh
log_admin_event "Installed ripgrep" "OK"
PowerShell — params: -Message -Level (INFO|WARN|ERROR|OK):
pwsh -NoProfile -File "scripts/Log-AdminEvent.ps1" -Message "Installed ripgrep" -Level OK
Note: There are no -Tool, -Action, -Status, or -Details parameters. Use -Message with a descriptive string.
scripts/ (profile, logging, issues, AGENTS.md)scripts/mcp-*scripts/skills-*references/*.mdreferences/cross-platform.mdreferences/shell-detection.mdreferences/device-profiles.mdreferences/powershell-commands.mdreferences/infisical.mdreferences/remote-profile.md