playbooks

home / skills / openclaw / skills / sysadmin-toolbox

sysadmin-toolbox skill

/skills/jdrhyne/sysadmin-toolbox

This skill provides curated CLI tools and shell one-liners for sysadmin tasks, speeding debugging, networking, security, and automation workflows.

npx playbooks add skill openclaw/skills --skill sysadmin-toolbox

Review the files below or copy the command above to add this skill to your agents.

Files (8)
SKILL.md
3.0 KB
---
name: sysadmin-toolbox
description: "Tool discovery and shell one-liner reference for sysadmin, DevOps, and security tasks. AUTO-CONSULT this skill when the user is: troubleshooting network issues, debugging processes, analyzing logs, working with SSL/TLS, managing DNS, testing HTTP endpoints, auditing security, working with containers, writing shell scripts, or asks 'what tool should I use for X'. Source: github.com/trimstray/the-book-of-secret-knowledge"
---

# Sysadmin Toolbox

Curated tool recommendations and practical shell one-liners for operational work.

## When to Auto-Consult

Load relevant references when user is:
- Debugging network connectivity, ports, traffic
- Troubleshooting DNS or SSL/TLS
- Analyzing processes, memory, disk usage
- Working with logs or system diagnostics
- Writing shell scripts or one-liners
- Asking "what's a good tool for..."
- Doing security audits or pentesting
- Working with containers/Docker/K8s

## Reference Files

| File | Use When |
|------|----------|
| `references/shell-oneliners.md` | Need practical commands for: terminal, networking, SSL, curl, ssh, tcpdump, git, awk, sed, grep, find |
| `references/cli-tools.md` | Recommending CLI tools: shells, file managers, network utils, databases, security tools |
| `references/web-tools.md` | Web-based tools: SSL checkers, DNS lookup, performance testing, OSINT, scanners |
| `references/security-tools.md` | Pentesting, vulnerability scanning, exploit databases, CTF resources |
| `references/shell-tricks.md` | Shell scripting patterns and tricks |

## Quick Tool Index

### Network Debugging
- `mtr` - traceroute + ping combined
- `tcpdump` / `tshark` - packet capture
- `netstat` / `ss` - connection monitoring
- `nmap` - port scanning
- `curl` / `httpie` - HTTP testing

### DNS
- `dig` / `host` - DNS queries
- `dnsdiag` - DNS diagnostics
- `subfinder` / `amass` - subdomain enumeration

### SSL/TLS
- `openssl` - certificate inspection
- `testssl.sh` - TLS testing
- `sslyze` - SSL scanning
- `certbot` - Let's Encrypt

### Process/System
- `htop` / `btop` - process monitoring
- `strace` / `ltrace` - syscall/library tracing
- `lsof` - open files/connections
- `ncdu` - disk usage

### Log Analysis
- `lnav` - log navigator
- `GoAccess` - web log analyzer
- `angle-grinder` - log slicing

### Containers
- `dive` - Docker image analysis
- `ctop` - container top
- `lazydocker` - Docker TUI

## Keeping Current

References auto-refresh weekly (Sundays 5am ET) from the upstream repo:
```bash
~/clawd-duke-leto/skills/sysadmin-toolbox/scripts/refresh.sh
```

Manual refresh anytime:
```bash
./scripts/refresh.sh [skill-dir]
```

## Example Queries → Actions

**"Why is this port not responding?"**
→ Load shell-oneliners.md, search for netstat/ss/lsof commands

**"What's a good tool for testing SSL?"**
→ Load cli-tools.md SSL section, recommend testssl.sh or sslyze

**"Show me how to find large files"**
→ Load shell-oneliners.md, search for find/ncdu/du commands

**"I need to debug DNS resolution"**
→ Load shell-oneliners.md dig section + recommend dnsdiag from cli-tools.md

Overview

This skill is a curated sysadmin toolbox that recommends the right CLI/web tools and provides practical shell one-liners for common operational tasks. It helps you quickly discover tools and copy tested commands for networking, DNS, SSL/TLS, process debugging, log analysis, containers, and security audits. Auto-consult triggers for troubleshooting and tool-lookup scenarios.

How this skill works

The skill maps common problems to a compact index of recommended tools and vetted one-liner commands. When consulted, it pulls relevant reference sections (networking, DNS, SSL, logs, containers, etc.) and returns concise tool choices plus ready-to-run shell snippets. References refresh weekly and can be manually refreshed to keep recommendations current.

When to use it

  • Troubleshooting network connectivity, ports, or packet captures
  • Debugging processes, memory, disk usage, or tracing syscalls
  • Testing or inspecting SSL/TLS certificates and HTTPS endpoints
  • Troubleshooting DNS resolution or enumerating subdomains
  • Analyzing logs, extracting slices, or building one-line reports
  • Managing and inspecting containers and Docker images

Best practices

  • Start with low-impact, read-only commands (ss, netstat, tcpdump -c) before modifying system state
  • Use targeted filtering in one-liners (grep/awk/sed) to avoid noisy outputs
  • Run packet captures and traces with timeboxed captures to limit disk and privacy exposure
  • Verify tool versions and TLS/crypto libraries when auditing SSL to avoid false positives
  • Prefer reproducible commands for automation and capture outputs for postmortem

Example use cases

  • Investigate a hanging service: check connections with ss, list open files with lsof, trace syscalls with strace
  • Validate TLS on a web endpoint: inspect certs with openssl, run testssl.sh or sslyze for protocol checks
  • Find disk hogs: use du/ncdu and a find one-liner to locate large files by mtime and size
  • Debug DNS failures: run dig for record checks and dnsdiag for resolution path analysis
  • Capture network issues: start a short tcpdump, analyze with tshark, and correlate with application logs
  • Audit container images: analyze layers with dive, monitor containers with ctop or lazydocker

FAQ

How do I pick between multiple tools for the same task?

Choose the tool that fits the scope: lightweight inspectors (ss, dig) for quick checks, full scanners (nmap, sslyze, testssl.sh) for deeper audits. Consider speed, output format, and required privileges.

Are the one-liners safe to run in production?

Most provided one-liners are read-only or resource-light, but always review commands and run on a maintenance window or staging environment if impact is uncertain.