ClawHub

Systemd Unit Generator

v1.0.0

Generate, validate, and lint systemd unit files (.service, .timer, .socket, .mount) with hardening and best practices.

0· 85·0 current·0 all-time
by@charlie-morrison

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for charlie-morrison/systemd-unit-generator.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Systemd Unit Generator" (charlie-morrison/systemd-unit-generator) from ClawHub.
Skill page: https://clawhub.ai/charlie-morrison/systemd-unit-generator
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install systemd-unit-generator

ClawHub CLI

Package manager switcher

npx clawhub@latest install systemd-unit-generator
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the provided script and SKILL.md: the Python tool generates .service/.timer/.socket/.mount units, provides presets, validation, linting, and hardening flags. There are no unrelated environment variables, binaries, or install steps requested.
Instruction Scope
SKILL.md instructs running the included local script and shows examples that read from or write to system paths (/etc/systemd/system/*). This is appropriate for a unit-generator/validator, but it means the tool will read unit files you point it at and can write unit files that run arbitrary ExecStart commands—review generated content before enabling or placing it under /etc/systemd/system as root.
Install Mechanism
No install spec; the skill is instruction-only with a bundled Python script (pure stdlib). Nothing is downloaded or extracted from external URLs.
Credentials
No credentials, environment variables, or config paths are required by the skill. The script accepts --env options to embed environment variables in generated units, which is expected and proportional.
Persistence & Privilege
always is false and the skill does not request persistent or elevated platform-level privileges. It does not attempt to modify other skills or agent configuration.
Assessment
This skill appears coherent for generating and validating systemd units. Before using it: (1) inspect generated unit text (especially ExecStart/ExecStop) before writing to /etc/systemd/system or enabling units; (2) avoid running the script as root unless necessary and understand that enabling a unit may run arbitrary commands; (3) be cautious with presets (e.g., docker preset calls docker-compose); (4) when validating files, remember the tool will read any file path you pass it—do not point it at secrets you don't want exposed in outputs. If you need higher assurance, inspect the full scripts/systemd-unit-generator.py source locally and run systemd-analyze verify on units before enabling.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a9199dgt65e15nj1a8hagqx84spvj
85downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
@charlie-morrison
latest
Download

Systemd Unit Generator

Generate systemd service, timer, socket, and mount unit files with security hardening.

Commands

Generate a service unit

python3 scripts/systemd-unit-generator.py service --name myapp --exec "/usr/bin/node /app/server.js" --user www-data

Generate a timer unit

python3 scripts/systemd-unit-generator.py timer --name backup --oncalendar "daily" --service backup.service

Generate a socket unit

python3 scripts/systemd-unit-generator.py socket --name myapp --listen-stream 8080

Validate an existing unit file

python3 scripts/systemd-unit-generator.py validate /etc/systemd/system/myapp.service

Lint a unit for best practices

python3 scripts/systemd-unit-generator.py lint /etc/systemd/system/myapp.service

Use a preset template

python3 scripts/systemd-unit-generator.py preset nodejs --name myapp --exec "/usr/bin/node /app/server.js"
python3 scripts/systemd-unit-generator.py preset python --name myapi --exec "/app/venv/bin/gunicorn app:app"
python3 scripts/systemd-unit-generator.py preset docker --name webapp --exec "docker-compose up"

Options

  • --name NAME — Service name (required for generate)
  • --exec CMD — ExecStart command
  • --user USER — Run as user
  • --group GROUP — Run as group
  • --workdir DIR — Working directory
  • --env KEY=VAL — Environment variable (repeatable)
  • --restart POLICY — Restart policy (on-failure, always, no)
  • --type TYPE — Service type (simple, forking, oneshot, notify)
  • --harden — Apply security hardening (sandbox, resource limits)
  • --description DESC — Unit description
  • --after UNIT — After dependency
  • --wants UNIT — Wants dependency
  • --oncalendar EXPR — Timer calendar expression
  • --listen-stream ADDR — Socket listen address/port
  • --format text|json — Output format (default: text)
  • --output FILE — Write to file instead of stdout

Presets

  • nodejs — Node.js app with auto-restart, logging, hardening
  • python — Python/Gunicorn app with venv support
  • docker — Docker Compose service
  • golang — Go binary with minimal dependencies
  • cron — Oneshot + timer for cron-like scheduling

Security Hardening (--harden)

Adds: ProtectSystem, ProtectHome, PrivateTmp, NoNewPrivileges, CapabilityBoundingSet, SystemCallFilter, RestrictNamespaces, RestrictRealtime, MemoryDenyWriteExecute, ReadWritePaths

Exit Codes

  • 0: Success
  • 1: Validation errors found
  • 2: Invalid arguments

Comments

Loading comments...