overthinkos/openclaw-browser-bootc-bootc
ov-vms/skills/openclaw-browser-bootc-bootc/SKILL.md
kind:vm entity pairing with the /ov-openclaw:openclaw-browser-bootc container image. source.kind: bootc. Thin pointer skill — composition + layer stack authority lives in /ov-openclaw:openclaw-browser-bootc. This skill documents only VM overrides. MUST be invoked before editing openclaw-browser-bootc-bootc in vms.yml.
documentation
Updated May 5, 2026
$ install --global
skillsauthnpx skillsauth add overthinkos/overthink-plugins openclaw-browser-bootc-bootcInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 5, 2026, 7:21 AM124.7s1 file scanned
SKILL.md
- name:
- openclaw-browser-bootc-bootc
- description:
- |
- kind:
- vm entity pairing with the /ov-openclaw:openclaw-browser-bootc container image.
- source.kind:
- bootc. Thin pointer skill — composition + layer stack authority
- lives in /ov-openclaw:
- openclaw-browser-bootc. This skill documents only VM overrides.
openclaw-browser-bootc-bootc
kind: vm entity that pairs with the /ov-openclaw:openclaw-browser-bootc container image. The doubled -bootc suffix reflects that the paired image already ends in -bootc — the VM entity is distinguished by the vms: namespace, not by its name.
Composition authority: /ov-openclaw:openclaw-browser-bootc. OpenClaw gateway, Chrome, VNC, PipeWire composition, OCI labels all live there. This skill is a pointer.
VmSpec (from vms.yml)
vms:
openclaw-browser-bootc-bootc:
source:
kind: bootc
image: openclaw-browser-bootc
disk_size: 20 GiB
ram: 4G
cpus: 2
ssh:
user: root
port: 2222
Overrides explained
| Setting | Value | Rationale |
|---|---|---|
| Disk size | 20 GiB | Minimal bootc install + Chrome + VNC; tighter than desktop-class VMs |
| RAM | 4G | Browser + VNC fits in 4 GiB for a kiosk-style workload |
| CPUs | 2 | Conservative; Chrome + compositor don't need more |
| SSH user | root | bootc default; no non-root base user created |
| SSH port | 2222 | Standard — only collision risk is with other VMs on 2222 |
Firmware, machine, network default to VmSpec defaults (see /ov-vms:vms).
Build + run
# Enable openclaw-browser-bootc in image.yml first (disabled by default)
ov image build openclaw-browser-bootc
ov vm build openclaw-browser-bootc-bootc
ov vm create openclaw-browser-bootc-bootc
ov vm start openclaw-browser-bootc-bootc
ssh -p 2222 root@localhost
Cross-References
/ov-openclaw:openclaw-browser-bootc— composition authority: layer stack, OpenClaw gateway, Chrome, VNC, OCI labels/ov-vms:vms— VmSpec authoring reference, bootc branch authoring recipe/ov-advanced:vm— VM lifecycle commands + bootc-specific caveats/ov-build:migrate—ov migrate vm-speclegacy conversion/ov-openclaw:openclaw— OpenClaw gateway layer
Related Skills
overthinkos/charly
tools
VerifiedTrustedCommunity
OpenCharly CLI (charly) binary installed into container/VM images for in-container use. Use when working with charly binary deployment inside containers, native D-Bus support, or the full charly toolchain (charly binary + virtualization + gocryptfs + socat).
SKILL.mdUpdated Jun 10, 2026
overthinkos/charly-cachyos
development
VerifiedTrustedCommunity
Operator CachyOS workstation profile — a kind:local template + target:local deploy that installs the full dev stack (30 candies) onto a CachyOS host via ShellExecutor. Lives in the overthinkos/cachyos submodule. MUST be invoked before editing or applying the charly-cachyos workstation profile.
SKILL.mdUpdated Jun 10, 2026
overthinkos/charly-fedora
tools
VerifiedTrustedCommunity
Fedora box with the full charly toolchain using shared candies. Rootless-first — runs as uid=1000 with passwordless sudo (no root, no cap_add: ALL). Same candy list as charly-arch. Includes NVIDIA GPU runtime. MUST be invoked before building, deploying, configuring, or troubleshooting the charly-fedora box.
SKILL.mdUpdated Jun 10, 2026
overthinkos/charly-arch
tools
VerifiedTrustedCommunity
Arch Linux box with the full charly toolchain. Rootless-first — runs as uid=1000 with passwordless sudo (no root, no cap_add: ALL). Composes /charly-coder:charly-mcp so the box is reachable as an MCP gateway on port 18765. NVIDIA GPU runtime composed in. MUST be invoked before building, deploying, configuring, or troubleshooting the charly-arch box.
SKILL.mdUpdated Jun 10, 2026