overthinkos/openclaw-browser-bootc
openclaw/skills/openclaw-browser-bootc/SKILL.md
Bootc VM image with OpenClaw gateway, Chrome, VNC, and PipeWire. Currently disabled. Enable in image.yml to build. MUST be invoked before building, deploying, or troubleshooting the openclaw-browser-bootc image.
development
Updated May 11, 2026
$ install --global
skillsauthnpx skillsauth add overthinkos/overthink-plugins openclaw-browser-bootcInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 11, 2026, 5:41 AM207.2s1 file scanned
SKILL.md
- name:
- openclaw-browser-bootc
- description:
- |
openclaw-browser-bootc
Bootable container (bootc) VM image with OpenClaw AI gateway, Chrome browser, VNC access, and PipeWire audio.
Image Properties
| Property | Value |
|----------|-------|
| Base | quay.io/fedora/fedora-bootc:43 |
| Bootc | true |
| Layers | agent-forwarding, bootc-base, openclaw, pipewire, wayvnc, chrome-sway |
| Platforms | linux/amd64 |
| Ports | 18789 (gateway), 5900 (VNC), 9222 (CDP) |
| Status | disabled (set enabled: true in image.yml) |
| Registry | ghcr.io/overthinkos |
Known latent bug — missing distro: declaration
This image's image.yml entry does not declare distro:. Because base: "quay.io/fedora/fedora-bootc:43" is an external URL (not the name of another image.yml entry), the generator resolves Distro to null, which short-circuits the install_template's Phase-2 branch — no layer rpm: install RUNs are emitted. The image will build cleanly but every layer's declarative rpm: packages are missing; only cmd: dnf install … tasks survive.
This hasn't tripped because the image is enabled: false. Before enabling, add:
openclaw-browser-bootc:
base: "quay.io/fedora/fedora-bootc:43"
bootc: true
distro: ["fedora:43", fedora] # ← add this
...
The same latent bug affects /ov-distros:bazzite-ai and /ov-distros:aurora (both external ublue bases). See /ov-image:image "External Bases Require Explicit distro:" for the full mechanism; /ov-selkies:selkies-desktop-bootc is the canonical working reference.
VM Configuration
| Setting | Value | |---------|-------| | SSH port | 2222 | | Disk size | 20 GiB | | RAM | 4G | | CPUs | 2 |
Full Layer Stack
fedora-bootc:43(external bootc base)bootc-base— sshd + guest agent + bootc configopenclaw— AI gatewaypipewire— audio serverwayvnc— VNC serverchrome-sway— Chrome in Sway compositor
Ports
| Port | Service | Protocol | |------|---------|----------| | 18789 | OpenClaw gateway | HTTP | | 5900 | VNC | TCP | | 9222 | Chrome DevTools | HTTP |
Quick Start
# Enable in image.yml first (remove enabled: false)
ov image build openclaw-browser-bootc
ov vm build openclaw-browser-bootc --type qcow2
ov vm create openclaw-browser-bootc --ram 4G --cpus 2
ov vm start openclaw-browser-bootc
ov vm ssh openclaw-browser-bootc -p 2222
Key Layers
/ov-distros:bootc-base— SSH + guest agent/ov-openclaw:openclaw— AI gateway/ov-selkies:chrome-sway— Chrome in Sway
Related Images
/ov-openclaw:openclaw-sway-browser— container variant (enabled)/ov-openclaw:openclaw-ollama-sway-browser— with Ollama LLM (enabled)/ov-selkies:selkies-desktop-bootc— sibling bootc image withdistro:correctly declared; follow its pattern when enabling this one/ov-distros:bazzite-ai,/ov-distros:aurora— share the same latentdistro:bug
Related Skills
/ov-image:image— external-basedistro:requirement explanation/ov-vm:vm— VM lifecycle,/dev:/devmount,vm.ssh_portplumbing, bootc-VM caveats/ov-distros:bootc-base— the bootc composition layer pulled in first/ov-distros:bootc-config— bootc boot wiring (tty1 autologin, graphical target, systemd-user supervisord)
When to Use This Skill
MUST be invoked when the task involves the openclaw-browser-bootc VM image or bootc-based OpenClaw deployment.
Related
/ov-build:build—build.ymlvocabulary (distros, builders, init-systems)
Related Skills
overthinkos/charly
tools
VerifiedTrustedCommunity
OpenCharly CLI (charly) binary installed into container/VM images for in-container use. Use when working with charly binary deployment inside containers, native D-Bus support, or the full charly toolchain (charly binary + virtualization + gocryptfs + socat).
SKILL.mdUpdated Jun 10, 2026
overthinkos/charly-cachyos
development
VerifiedTrustedCommunity
Operator CachyOS workstation profile — a kind:local template + target:local deploy that installs the full dev stack (30 candies) onto a CachyOS host via ShellExecutor. Lives in the overthinkos/cachyos submodule. MUST be invoked before editing or applying the charly-cachyos workstation profile.
SKILL.mdUpdated Jun 10, 2026
overthinkos/charly-fedora
tools
VerifiedTrustedCommunity
Fedora box with the full charly toolchain using shared candies. Rootless-first — runs as uid=1000 with passwordless sudo (no root, no cap_add: ALL). Same candy list as charly-arch. Includes NVIDIA GPU runtime. MUST be invoked before building, deploying, configuring, or troubleshooting the charly-fedora box.
SKILL.mdUpdated Jun 10, 2026
overthinkos/charly-arch
tools
VerifiedTrustedCommunity
Arch Linux box with the full charly toolchain. Rootless-first — runs as uid=1000 with passwordless sudo (no root, no cap_add: ALL). Composes /charly-coder:charly-mcp so the box is reachable as an MCP gateway on port 18765. NVIDIA GPU runtime composed in. MUST be invoked before building, deploying, configuring, or troubleshooting the charly-arch box.
SKILL.mdUpdated Jun 10, 2026