Claude Code skill for NemoClaw host management

[Koneisto]

What is this?

A Claude Code skill that teaches LLMs the OpenShell security boundary so they stop giving advice that breaks against it.

12 critical rules covering the non-obvious operational gotchas:

• Workspace is on overlay, not PVC — wiped on every restart (Sandbox Not Available Anymore After Machine Restart #486). Includes automated watchdog restore pattern with sentinel-based detection.
• SSH handshake secret regenerates on container restart (Gateway restart regenerates TLS certificates, breaking existing sandbox connections #888). Documents the hardcode-in-helm-template fix.
• openclaw.json is Landlock-protected and unwritable (Sandbox config file (openclaw.json) is root-owned and unwritable — no supported path to change primary model #759). Documents rebuild requirement.
• Preset enforcement is the real network policy mechanism, not raw openshell policy set
• openshell sandbox upload/download creates wrapper directories — SSH file transfer required
• Session reset needed after workspace restore (systemSent:true caches stale prompts)
• Signal bridge production hardening: watchdog auto-start, orphan cleanup, cron PATH for nvm
• Multi-sandbox operational guidance

Why?

Without this context, AI assistants confidently suggest things like curl http://... (blocked by proxy), export API_KEY=... inside sandbox (credentials never enter), or editing openclaw.json (read-only Landlock). These aren't edge cases — they're the first things you hit.

Install

git clone https://github.com/Koneisto/nemoclaw-skill.git
ln -s /path/to/nemoclaw-skill ~/.claude/skills/nemoclaw

Also works as plain Markdown context for any LLM tool.

Built from

• Official NemoClaw + OpenShell docs
• Real operational experience on DGX Spark with local vLLM
• Every gotcha discovered the hard way

Feedback and contributions welcome: https://github.com/Koneisto/nemoclaw-skill