overthinkos/ubuntu
vm/skills/ubuntu/SKILL.md
Ubuntu bootstrap VM (kind:vm ubuntu-debootstrap) — source.kind: bootstrap via ubuntu-debootstrap-builder + debootstrap, ext4 rootfs, uefi-insecure. Plus the disposable eval-ubuntu-debootstrap-vm kind:eval bed. Lives in the overthinkos/ubuntu submodule. MUST be invoked before editing ubuntu-debootstrap or its eval bed.
development
Updated May 31, 2026
$ install --global
skillsauthnpx skillsauth add overthinkos/overthink-plugins ubuntuInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 31, 2026, 5:38 AM152.1s1 file scanned
SKILL.md
- name:
- ubuntu
- description:
- |
- Ubuntu bootstrap VM (kind:
- vm ubuntu-debootstrap) — source.kind: bootstrap via
- disposable eval-ubuntu-debootstrap-vm kind:
- eval bed. Lives in the overthinkos/ubuntu submodule.
ubuntu (VM)
source.kind: bootstrap VM that builds an Ubuntu 24.04 rootfs from scratch via
debootstrap (using /ov-distros:ubuntu-debootstrap-builder), then boots it
under libvirt/QEMU.
The ubuntu-debootstrap VM entity and its eval-ubuntu-debootstrap-vm disposable
test bed live in the overthinkos/ubuntu repo (git submodule at
image/ubuntu), inlined in that repo's single overthink.yml. The bed is a
kind: eval entity (the 2026-05 deploy→eval unification moved repo-shipped
disposable beds out of deploy.yml), driven by ov eval run eval-ubuntu-debootstrap-vm. Drive the VM lifecycle from the submodule:
ov -C image/ubuntu vm build ubuntu-debootstrap +
ov -C image/ubuntu vm create ubuntu-debootstrap (or
ov --repo overthinkos/ubuntu …).
VM Configuration (from image/ubuntu/vm.yml)
| Setting | Value |
|---|---|
| Source | kind: bootstrap, builder: debootstrap, builder_image: ubuntu-debootstrap-builder |
| Distro | ubuntu |
| rootfs | ext4 |
| Disk / RAM / CPU | 20G / 4G / 2 |
| Machine / firmware | q35 / uefi-insecure |
| Network | user mode |
| SSH | user ubuntu, port 12229, key_source generate |
The ubuntu distro config (inherits: debian; debootstrap suite noble,
mirror, base packages) comes from the main repo's build.yml, flat-imported
by the submodule (a bare-string import: item). The single imported build.yml
carries BOTH distro configs, so inherits: debian resolves without referencing
overthinkos/debian.
Eval bed
eval-ubuntu-debootstrap-vm is a kind: eval bed (target: vm,
vm: ubuntu-debootstrap) that carries disposable: true, so
ov -C image/ubuntu eval run eval-ubuntu-debootstrap-vm runs the full R10 sequence
unattended (the equivalent ov update eval-ubuntu-debootstrap-vm rebuild also works,
since the eval bed is folded into the Deploy map).
debootstrap path
ov vm build ubuntu-debootstrap runs debootstrap inside the privileged
ubuntu-debootstrap-builder to build the rootfs, then writes a bootable disk +
cloud-init seed ISO. The bootstrap path is privileged + network-heavy
(debootstrap downloads the base packages from the Ubuntu mirror). The
Docker-Hub /ov-distros:ubuntu container base remains the faster path when you
don't need a VM disk.
Cross-References
/ov-distros:ubuntu-debootstrap-builder— the builder image this VM uses/ov-distros:ubuntu-debootstrap— the container equivalent of this bootstrap path/ov-vm:debian— the Debian sibling bootstrap VM/ov-vm:arch— the canonical cloud_image VM (BIOS/virtio-gpu/sizing rationale)/ov-vm:vm— VM lifecycle commands + BIOS/UEFI matrix/ov-vm:vms-catalog— VmSpec authoring reference
When to Use This Skill
MUST be invoked when editing ubuntu-debootstrap or its eval bed, or
authoring an Ubuntu VM. Invoke BEFORE reading source code or launching Explore agents.
Related Skills
overthinkos/agents
development
VerifiedTrustedCommunity
Claude Code multi-agent support in Overthink — sub-agents, dynamic workflows, and agent teams, and how each drives the existing `ov eval` disposable beds to test and verify. MUST be invoked before authoring or invoking an ov sub-agent / dynamic workflow / agent team, wiring agent-lifecycle hooks, or asking "which primitive should drive the R10 beds?".
SKILL.mdUpdated May 31, 2026
overthinkos/workspace-mount
tools
VerifiedTrustedCommunity
Mounts a virtiofs share tagged `workspace` at /workspace inside a VM guest via a systemd .mount unit. Use when a kind:vm entity shares a host directory into the guest and you need it auto-mounted (and re-mounted at every boot).
SKILL.mdUpdated May 30, 2026
overthinkos/android
development
VerifiedTrustedCommunity
MUST be invoked before any work involving: the `kind: android` schema kind, a `target: android` deploy, the `apk:` layer package format (installing Android apps declaratively), AndroidDeployTarget, an in-pod emulator OR a remote/physical adb-endpoint device, or nested `pod → android` deployment. The first-class Android device + app surface that sits above `ov eval adb`/`appium`.
SKILL.mdUpdated May 26, 2026
overthinkos/git-workflow
tools
VerifiedTrustedCommunity
Use when committing, branching, pushing, merging, tagging, creating PRs, or approving/merging PRs with gh — the feat/-branch, R10-gated, never-force-push landing workflow across the main repo + the plugins submodule + image/<distro> submodules. Covers sync-to-upstream, branch/worktree pruning, the fork+PR path for contributors without write access, and cross-repo @github landing order.
SKILL.mdUpdated May 25, 2026