overthinkos/debian
vm/skills/debian/SKILL.md
Debian bootstrap VM (kind:vm debian-debootstrap) — source.kind: bootstrap via debian-debootstrap-builder + debootstrap, ext4 rootfs, uefi-insecure. Plus the disposable eval-debian-debootstrap-vm kind:eval bed. Lives in the overthinkos/debian submodule. MUST be invoked before editing debian-debootstrap or its eval bed.
development
Updated Jun 12, 2026
$ install --global
skillsauthnpx skillsauth add overthinkos/overthink-plugins debianInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 12, 2026, 6:55 AM120.7s1 file scanned
SKILL.md
- name:
- debian
- description:
- |
- Debian bootstrap VM (kind:
- vm debian-debootstrap) — source.kind: bootstrap via
- disposable eval-debian-debootstrap-vm kind:
- eval bed. Lives in the overthinkos/debian submodule.
debian (VM)
source.kind: bootstrap VM that builds a Debian rootfs from scratch via
debootstrap (using /charly-distros:debian-debootstrap-builder), then boots it
under libvirt/QEMU.
The debian-debootstrap VM entity and its eval-debian-debootstrap-vm disposable
test bed live in the overthinkos/debian repo (git submodule at
box/debian), in that repo's config (its charly.yml + per-kind sibling files). The bed is a
kind: eval entity (the 2026-05 deploy→eval unification moved repo-shipped
disposable beds out of charly.yml), driven by charly eval run eval-debian-debootstrap-vm. Drive the VM lifecycle from the submodule:
charly -C box/debian vm build debian-debootstrap +
charly -C box/debian vm create debian-debootstrap (or
charly --repo overthinkos/debian …).
VM Configuration (from box/debian/vm.yml)
| Setting | Value |
|---|---|
| Source | kind: bootstrap, builder: debootstrap, builder_image: debian-debootstrap-builder |
| Distro | debian |
| rootfs | ext4 |
| Disk / RAM / CPU | 20G / 4G / 2 |
| Machine / firmware | q35 / uefi-insecure |
| Network | user mode |
| SSH | user debian, port 12227, key_source generate |
The debian distro config (debootstrap suite/mirror, base packages, bootloader
template) comes from the main repo's build.yml, flat-imported by the
submodule (a bare-string import: item).
Eval bed
eval-debian-debootstrap-vm is a kind: eval bed (target: vm,
vm: debian-debootstrap) that carries disposable: true, so
charly -C box/debian eval run eval-debian-debootstrap-vm runs the full R10 sequence
unattended (the equivalent charly update eval-debian-debootstrap-vm rebuild also works,
since the eval bed is folded into the Deploy map).
debootstrap path
charly vm build debian-debootstrap runs debootstrap inside the privileged
debian-debootstrap-builder to build the rootfs, then writes a bootable disk +
cloud-init seed ISO. The bootstrap path is privileged + network-heavy
(debootstrap downloads the base packages from the Debian mirror). The
Docker-Hub /charly-distros:debian container base remains the faster path when you
don't need a VM disk.
Cross-References
/charly-distros:debian-debootstrap-builder— the builder image this VM uses/charly-distros:debian-debootstrap— the container equivalent of this bootstrap path/charly-vm:ubuntu— the Ubuntu sibling bootstrap VM/charly-vm:arch— the canonical cloud_image VM (BIOS/virtio-gpu/sizing rationale)/charly-vm:vm— VM lifecycle commands + BIOS/UEFI matrix/charly-vm:vms-catalog— VmSpec authoring reference
When to Use This Skill
MUST be invoked when editing debian-debootstrap or its eval bed, or
authoring a Debian VM. Invoke BEFORE reading source code or launching Explore agents.
Related Skills
overthinkos/charly
tools
VerifiedTrustedCommunity
OpenCharly CLI (charly) binary installed into container/VM images for in-container use. Use when working with charly binary deployment inside containers, native D-Bus support, or the full charly toolchain (charly binary + virtualization + gocryptfs + socat).
SKILL.mdUpdated Jun 10, 2026
overthinkos/charly-cachyos
development
VerifiedTrustedCommunity
Operator CachyOS workstation profile — a kind:local template + target:local deploy that installs the full dev stack (30 candies) onto a CachyOS host via ShellExecutor. Lives in the overthinkos/cachyos submodule. MUST be invoked before editing or applying the charly-cachyos workstation profile.
SKILL.mdUpdated Jun 10, 2026
overthinkos/charly-fedora
tools
VerifiedTrustedCommunity
Fedora box with the full charly toolchain using shared candies. Rootless-first — runs as uid=1000 with passwordless sudo (no root, no cap_add: ALL). Same candy list as charly-arch. Includes NVIDIA GPU runtime. MUST be invoked before building, deploying, configuring, or troubleshooting the charly-fedora box.
SKILL.mdUpdated Jun 10, 2026
overthinkos/charly-arch
tools
VerifiedTrustedCommunity
Arch Linux box with the full charly toolchain. Rootless-first — runs as uid=1000 with passwordless sudo (no root, no cap_add: ALL). Composes /charly-coder:charly-mcp so the box is reachable as an MCP gateway on port 18765. NVIDIA GPU runtime composed in. MUST be invoked before building, deploying, configuring, or troubleshooting the charly-arch box.
SKILL.mdUpdated Jun 10, 2026