← Back to Skills Marketplace
813
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install sys-guard-linux-remediator
Description
Provides forensically-safe Linux threat detection, network and process analysis, integrity verification, controlled firewall and service remediation preservi...
Usage Guidance
This skill is coherent for a sysadmin/incident responder, but it performs privileged operations. Before using: (1) only run commands if you understand their impact and have physical/forensic custody policies in place, (2) work on a forensic copy or isolated host when possible to avoid contaminating evidence, (3) inspect and verify any scripts you download (check authorship, hashes, and review code) before making them executable, (4) prefer package-manager installs for trusted tooling when practical, and (5) document and backup current firewall and system state before persisting changes so remediation is reversible. If you lack deep Linux incident-response experience, consult a professional — these commands can disrupt production systems or destroy forensic value if misused.
Capability Analysis
Type: OpenClaw Skill
Name: sys-guard-linux-remediator
Version: 1.0.0
The skill is designed for Linux incident response and remediation, requiring high privileges and access to critical system functions. While the `SKILL.md` documentation is extensive and includes robust 'Safety Guardrails' explicitly designed to prevent harmful actions (e.g., `rm -rf /`, `iptables -F` without checks, broad `pkill`), it instructs the agent to download and execute Python forensic tools from an external GitHub repository (`DidierStevens/DidierStevensSuite`) using `sudo wget`. This introduces a significant supply chain vulnerability (Remote Code Execution risk) if the external source were ever compromised, despite the current benign intent and the legitimacy of the tools. There is no evidence of intentional malicious behavior or prompt injection designed to exfiltrate data or establish persistence, but the `wget` command represents a critical vulnerability.
Capability Assessment
Purpose & Capability
Name/description match the SKILL.md: the instructions are a coherent set of forensic collection, analysis, integrity checks, and controlled remediation steps appropriate to a Linux incident response tool.
Instruction Scope
Instructions instruct running many privileged system utilities (ss, journalctl, tcpdump, lsof, strace, rpm/apt verification, iptables/nft/firewalld changes) and to download forensic Python tools into /opt. This is consistent with incident response, but these operations require root and can alter evidence or system state if run incorrectly; the guide notes some cautions but gives broad operational discretion.
Install Mechanism
No install spec (instruction-only) which reduces install-time risk. The SKILL.md does instruct using wget to fetch scripts from raw.githubusercontent.com (Didier Stevens Suite) into /opt and make them executable; raw.githubusercontent.com is a known host and Didier Stevens' tools are common forensic helpers, but any remote-script download should be validated before execution.
Credentials
The skill requests no environment variables or external credentials. It does require root/sudo to perform many steps — appropriate and expected for system remediation. There are no unexplained credential or config-path requests.
Persistence & Privilege
The skill does not request always:true and provides no self-install. It does contain instructions to persist firewall rules and to write files under /opt and /etc (e.g., persisting iptables rules), which are legitimate for remediation but are significant system changes; use with caution.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install sys-guard-linux-remediator - After installation, invoke the skill by name or use
/sys-guard-linux-remediator - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of sys-guard-linux-remediator: a Linux incident response and remediation skill.
- Forensic-safe threat detection and evidence collection with minimal system disruption
- Comprehensive firewall detection and handling (iptables, nftables, firewalld)
- Toolkit for live analysis: network, process, integrity, malware/risk, and user activity inspection
- Structured, reversible remediation steps with operational safety guardrails
- Clear guidance for distribution variations, forensic hygiene, and persistent threat checks
Metadata
Frequently Asked Questions
What is Linux Incident Remediator?
Provides forensically-safe Linux threat detection, network and process analysis, integrity verification, controlled firewall and service remediation preservi... It is an AI Agent Skill for Claude Code / OpenClaw, with 813 downloads so far.
How do I install Linux Incident Remediator?
Run "/install sys-guard-linux-remediator" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Linux Incident Remediator free?
Yes, Linux Incident Remediator is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Linux Incident Remediator support?
Linux Incident Remediator is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Linux Incident Remediator?
It is built and maintained by kiaraho (@kiaraho); the current version is v1.0.0.
More Skills