npx claudepluginhub nyldn/claude-octopus --plugin octoThis skill uses the workspace's default tool permissions.
**Your first output line MUST be:** `๐ **CLAUDE OCTOPUS ACTIVATED** - OpenClaw Administration`
Creates isolated Git worktrees for feature branches with prioritized directory selection, gitignore safety checks, auto project setup for Node/Python/Rust/Go, and baseline verification.
Executes implementation plans in current session by dispatching fresh subagents per independent task, with two-stage reviews: spec compliance then code quality.
Dispatches parallel agents to independently tackle 2+ tasks like separate test failures or subsystems without shared state or dependencies.
Your first output line MUST be: ๐ **CLAUDE OCTOPUS ACTIVATED** - OpenClaw Administration
DETECT PLATFORM FIRST. DIAGNOSE BEFORE CHANGING. VERIFY AFTER EVERY ACTION.
Never assume the OS or hosting environment. Never make changes without checking current state. Never claim success without verification.
Use this skill for:
Do NOT use for:
/octo:debug)You MUST detect the platform before running any administrative commands.
# Detect OS
uname -s # Darwin = macOS, Linux = Ubuntu/Debian/Proxmox host
# If Linux, detect distro
cat /etc/os-release 2>/dev/null | head -5
# Check if inside Docker
[ -f /.dockerenv ] && echo "Docker container" || echo "Not Docker"
# Check if on Proxmox host
command -v pveversion &>/dev/null && pveversion 2>/dev/null
# Check if inside Proxmox LXC
[ -f /proc/1/environ ] && grep -q container=lxc /proc/1/environ 2>/dev/null && echo "Proxmox LXC"
# Check for OCI metadata
curl -s -m 2 http://169.254.169.254/opc/v2/instance/ -H "Authorization: Bearer Oracle" 2>/dev/null | head -5
Set the platform context before proceeding:
Run diagnostics appropriate to the platform:
# Check OpenClaw installation
command -v openclaw &>/dev/null && openclaw --version
# Gateway status
openclaw status --all
# Health check
openclaw health
# Doctor (auto-detect and report issues)
openclaw doctor
# Security audit
openclaw security audit
# Service status
launchctl list | grep openclaw
# System resources
vm_stat | head -10
df -h /
# Homebrew health
brew doctor 2>&1 | head -20
# Firewall status
/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate
# Service status
systemctl --user status openclaw-gateway 2>/dev/null || systemctl status openclaw-gateway
# System resources
free -h
df -h /
# Failed services
systemctl --failed
# Firewall status
ufw status verbose
# Pending updates
apt list --upgradable 2>/dev/null | head -20
# Container status
docker compose ps
# Container health
docker inspect --format='{{.State.Health.Status}}' openclaw-gateway 2>/dev/null
# Resource usage
docker stats --no-stream
# Disk usage
docker system df
# Proxmox version
pveversion -v
# VM/LXC list
qm list 2>/dev/null
pct list 2>/dev/null
# Storage status
pvesm status
# ZFS health
zpool status 2>/dev/null
# Cluster status
pvecm status 2>/dev/null
Route to the appropriate workflow based on user intent:
| Platform | Method |
|---|---|
| macOS | curl -fsSL https://openclaw.ai/install.sh | bash && openclaw onboard --install-daemon |
| Ubuntu/Debian | curl -fsSL https://openclaw.ai/install.sh | bash && openclaw onboard --install-daemon |
| Docker | git clone https://github.com/openclaw/openclaw.git && cd openclaw && ./docker-setup.sh |
| OCI ARM | Install Node.js 22 + build-essential, then curl installer, enable systemd lingering, configure Tailscale |
| Proxmox LXC | Create Ubuntu/Debian LXC, install Node.js 22, curl installer, configure bind mounts for persistence |
| Action | macOS | Linux | Docker |
|---|---|---|---|
| Start | launchctl start gui/$UID/com.openclaw.gateway | systemctl --user start openclaw-gateway | docker compose up -d |
| Stop | launchctl stop gui/$UID/com.openclaw.gateway | systemctl --user stop openclaw-gateway | docker compose down |
| Restart | openclaw gateway restart | openclaw gateway restart | docker compose restart |
| Status | launchctl list | grep openclaw | systemctl --user status openclaw-gateway | docker compose ps |
| Logs | openclaw logs --follow | journalctl --user -u openclaw-gateway -f | docker compose logs -f |
cp ~/.openclaw/openclaw.json ~/.openclaw/openclaw.json.bak
cp -r ~/.openclaw/credentials/ ~/.openclaw/credentials.bak/
# Installer (recommended)
curl -fsSL https://openclaw.ai/install.sh | bash
# npm
npm i -g openclaw@latest
# Docker
docker compose pull && docker compose up -d
openclaw --version
openclaw doctor
openclaw health
127.0.0.1 / ::1)tools.exec.applyPatch.workspaceOnly: true, tools.fs.workspaceOnly: trueopenclaw security audit --deep --fix passes cleanchmod 700 ~/.openclaw/credentials/After every action, verify it took effect:
# Check gateway is running
openclaw status
# Check health
openclaw health
# Run doctor to catch issues
openclaw doctor
# If security changes were made
openclaw security audit
Report the before/after state and any remaining issues.
| Path | Purpose |
|---|---|
~/.openclaw/openclaw.json | Main configuration (JSON5) |
~/.openclaw/credentials/ | API keys and auth tokens |
~/.openclaw/workspace/ | Agent workspace data |
~/.openclaw/sandboxes/ | Sandbox isolation directories |
~/Library/LaunchAgents/com.openclaw.gateway.plist | macOS launchd service |
~/.config/systemd/user/openclaw-gateway.service | Linux systemd user service |
openclaw status [--all|--deep] # Health overview
openclaw health # Gateway health check
openclaw doctor [--fix] # Diagnostics + auto-fix
openclaw logs [--follow] # Gateway logs
openclaw security audit [--deep] [--fix] # Security scan
openclaw gateway start|stop|restart # Service lifecycle
openclaw gateway install|uninstall # Daemon management
openclaw configure # Interactive config wizard
openclaw update [--channel ...] # Self-update
openclaw channels list|status|add|remove # Messaging channels
openclaw models list|status [--probe] # AI model config
openclaw agents list|add|delete # Agent management
openclaw sessions list|history # Session management
openclaw skills list|info|check # Skills
openclaw plugins list|install|doctor # Plugins
openclaw cron status|list|add|edit|rm # Scheduled jobs
tailscale up [--ssh] # Connect to tailnet
tailscale serve https / http://127.0.0.1:18789 # Expose OpenClaw to tailnet
tailscale serve status # Check serve config
tailscale status # List connected devices
tailscale ping <hostname> # Test connectivity
tailscale netcheck # Network diagnostics
Rules:
tailscale serve for OpenClaw access (tailnet only)tailscale funnel (exposes to public internet)network_mode: "service:tailscale"| Channel | Library | Admin Setup |
|---|---|---|
| Baileys | openclaw channels login whatsapp โ scan QR | |
| Telegram | Grammy | Token from @BotFather โ set in config |
| Discord | discord.js | Bot token from Developer Portal |
| Slack | Bolt | App manifest + bot/app tokens (Socket Mode) |
| Signal | signal-cli | openclaw channels login signal โ linked device |
openclaw channels list|status|add|remove|login|logout
openclaw channels dm-allow <channel> user:@username
openclaw channels info <channel> [--dm-list|--detailed]
| Scenario | Route |
|---|---|
| Infrastructure architecture needed | Hand off to cloud-architect persona |
| Application-level bug found | Hand off to /octo:debug |
| Security vulnerability in code | Hand off to /octo:security |
| Need CI/CD pipeline for deployment | Hand off to deployment-engineer persona |
| OpenClaw extension development | Hand off to plugin-dev skills |
| Action | Why It's Wrong |
|---|---|
| Assume the OS without checking | macOS and Linux commands differ significantly |
| Expose port 18789 to the internet | Gateway should only bind to loopback; use Tailscale |
Run openclaw security audit --fix without --deep first | Understand the findings before auto-remediating |
| Skip backup before updating | Updates can break config; always back up first |
Use docker compose down -v without warning | Destroys volumes and all data |
Grant manage all-resources in OCI IAM | Violates least-privilege; use scoped policies |
| Run privileged LXC containers on Proxmox | Unprivileged LXC is safer; only privilege if absolutely needed |