bolivian-peru/drift-detection
skills/drift-detection/SKILL.md
Detect configuration drift — manual changes that exist outside NixOS management. Offer to bring imperative changes into declarative config.
$ install --global
skillsauthnpx skillsauth add bolivian-peru/os-moda drift-detectionInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 20, 2026, 3:00 AM4.5s1 file scanned
SKILL.md
- name:
- drift-detection
- description:
- >
- activation:
- auto
Configuration Drift Detection
NixOS is declarative — the config should be the single source of truth. But reality drifts: manual edits, imperative installs, ad-hoc cron jobs. Detect and reconcile.
Checks
1. Imperatively installed packages
shell_exec({ command: "nix-env -q 2>/dev/null || echo 'none'" })
If packages found: offer to add them to environment.systemPackages in NixOS config.
2. Manual files outside NixOS
shell_exec({ command: "find /etc -newer /etc/NIXOS -not -path '/etc/nixos/*' -not -path '/etc/resolv.conf' -type f 2>/dev/null | head -20" })
Files modified after last NixOS rebuild may be manual edits.
3. Manual cron jobs
shell_exec({ command: "ls /etc/cron.d/ /var/spool/cron/crontabs/ 2>/dev/null" })
Offer to convert to systemd timers in NixOS config.
4. Stale NixOS generations
shell_exec({ command: "nixos-rebuild list-generations 2>/dev/null | wc -l" })
More than 20 generations → suggest cleanup.
5. Orphaned systemd units
shell_exec({ command: "systemctl list-units --state=failed --no-pager" })
Remediation
For each drift finding, offer to bring it into NixOS:
Drift Report:
⚠️ 3 packages installed via nix-env: htop, ncdu, tree
→ Add to environment.systemPackages? [Y/n]
⚠️ /etc/cron.d/backup exists outside NixOS
→ Convert to systemd timer in NixOS config? [Y/n]
⚠️ 47 old NixOS generations (using 18GB)
→ Keep current + last 5, remove rest? [Y/n]
✅ No unauthorized file changes in /etc/nixos/
✅ All systemd services match NixOS config
Why This Matters
On Ubuntu, configuration drift is invisible and irreversible. On NixOS with osModa, you can:
- Detect that something was changed manually
- Reconcile by adding it to the declarative config
- Prove with the audit ledger that nothing unauthorized happened
- Reproduce the exact system state on new hardware
This is useful supporting evidence for compliance programs (SOC 2, etc.) — though not by itself proof of regulatory readiness.
Related Skills
bolivian-peru/swarm-predict
devops
VerifiedTrustedCommunity
Multi-perspective risk analysis using structured persona debate before deploying changes
96SKILL.mdUpdated Apr 20, 2026
bolivian-peru/spec-driven-development
development
VerifiedTrustedCommunity
Build software via spec-driven development (github/spec-kit). Whenever the user asks for a feature larger than a one-line tweak, scaffold a spec-kit project, capture WHAT + WHY, declare tech stack, break into tasks, then iterate the implementation until tests pass.
88SKILL.mdUpdated May 4, 2026
bolivian-peru/system-packages
development
VerifiedTrustedCommunity
Manage NixOS packages declaratively. Search, install (via configuration.nix rebuild), remove, rollback, and list generations. Understands the NixOS declarative model.
80SKILL.mdUpdated Apr 20, 2026
bolivian-peru/system-monitor
data-ai
VerifiedTrustedCommunity
Monitor system health: CPU, memory, disk, network, processes, services, and logs. Present data naturally. Correlate issues across subsystems. Alert on thresholds. Diagnose root causes.
80SKILL.mdUpdated Apr 20, 2026