Install
openclaw skills install @eddygk/proxmox-wazuh-enrollInstall and enroll the Wazuh agent inside Windows VMs hosted on Proxmox VE using QEMU guest agent execution (qm guest exec or Proxmox REST API), with no WinRM, SSH, RDP, GPO, or AD credentials required. Use this skill whenever the user asks to get a Windows Proxmox guest, domain controller, file server, or group of Windows VMs reporting to Wazuh; install, push, roll out, onboard, or enroll the Wazuh agent; fix a just-enrolled Windows Proxmox VM stuck at never_connected; or keep registration secrets off command lines while deploying via guest agent. This skill performs active in-guest deployment and verification against the Wazuh manager. Do not use for read-only Wazuh dashboard, CVE, alert, or coverage checks; Linux, LXC, appliance, or syslog enrollment; generic Proxmox VM creation; generic PowerShell guest exec; or non-Wazuh endpoint agents.
openclaw skills install @eddygk/proxmox-wazuh-enrollInstall the Wazuh agent inside a Windows VM hosted on Proxmox VE, driven through the QEMU guest agent (QGA) as NT AUTHORITY\SYSTEM. No AD credentials, no GPO, no domain-controller pivot — scoped to exactly the target VM. This is a state-changing install on a live server; confirm the target VM, manager address, agent group, and registration-secret handling before running it.
references/qga-exec.md is how every step runs in the guest: qm guest exec on the Proxmox host (preferred — blocks and returns output) or the Proxmox REST API off-host, with the registration password passed over stdin and never on a command line. Skim it before the recipe.
Full detail — including the env block to fill and the authd.pass alternative — is in references/wazuh-agent-enroll.md. The shape:
ERROR: Invalid group) and the agent never enrolls: /var/ossec/bin/agent_groups -a -g <group> -q.curl.exe download → msiexec /qn with WAZUH_MANAGER (the manager's address on the VM's VLAN), WAZUH_AGENT_NAME, WAZUH_AGENT_GROUP, and the registration password over stdin. Success = msiexec exit 0 or 3010.net stop WazuhSvc & net start WazuhSvc — enrolls on first start (may show never_connected); one more restart makes it active.active; diagnose failures in /var/ossec/logs/ossec.log on the manager, not in the guest.The registration password comes from the operator's vault and is fed to the guest over QGA stdin (--pass-stdin / REST input-data). Keep it off command lines, out of logs, and out of chat — see references/qga-exec.md.
wazuh monitoring skill. This skill installs; it doesn't report.references/qga-exec.md — the QGA execution layer: on-host qm guest exec vs off-host REST, secrets over stdin, cmd vs PowerShell + 8.3 paths, silent-installer exit codes, the unescaped-control-char parsing gotcha.references/wazuh-agent-enroll.md — the full enrollment recipe: create the group, install via MSI over QGA, connect, verify manager-side; the authd.pass alternative; out-of-scope host guidance.