ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Hyperv Create Vm

Create Ubuntu 24.04 VMs on Windows Hyper-V from cloud images with cloud-init. Handles all the gotchas: sparse VHDX fix, hv_netvsc network config, permissions...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 72 · 0 current installs · 0 all-time installs
bySolomon Neas@solomonneas
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (create Ubuntu 24.04 VMs on Hyper-V with cloud-init) aligns with the declared requirements: SSH access to the Hyper-V host, Hyper-V admin privileges, genisoimage on the build host, and qemu-img on the Windows host. Requiring elevated rights on the Hyper-V host is expected for VM creation operations. The registry metadata has a small glitch ('Required env vars: [object Object]') but the SKILL.md clarifies the single optional VM_PASSWORD env var.
!
Instruction Scope
The runtime instructions ask the agent/operator to copy files to and execute elevated PowerShell remotely on the Windows host via SSH—this is expected for the task but is high-privilege and requires careful review. There is an important functional inconsistency: the skill promises a password for the 'deploy' user (and documents returning SSH password to caller), but the included cloud-init user-data sets 'ssh_pwauth: false' (disabling password auth). If callers expect password login this mismatch will cause failures or unexpected behavior. The build script also reads ~/.ssh/id_ed25519.pub by default (accesses the operator's public key file), which is reasonable but should be noted.
Install Mechanism
This is an instruction-only skill with no installer; it uses standard, traceable network resources (Ubuntu cloud images and a GitHub release for the Compose binary). The only required local tools are genisoimage (on the Linux build host) and qemu-img on the Windows host (suggested via choco). No arbitrary downloads from unknown personal servers are present in the provided files.
!
Credentials
The requested credentials (SSH access and Hyper-V admin rights) are high privilege but appropriate for creating VMs. The optional VM_PASSWORD env var is reasonable. However, the SKILL.md claims the skill will return and rely on an SSH password for the VM while the cloud-init snippet disables password auth—this mismatch undermines the stated credential usage. Also the registry metadata formatting bug (Required env vars: [object Object]) is an implementation inconsistency you should correct or validate.
Persistence & Privilege
The skill does not request always:true and has no install spec to persist code on the agent. It requires elevated actions on the remote Hyper-V host during execution but does not itself request permanent platform-level privileges.
What to consider before installing
This skill appears to do what it says (create Hyper-V VMs) but has a few red flags you should address before running it against production hosts: - Review the PowerShell scripts (create-vm.ps1, destroy-vm.ps1, find-vm-ip.ps1) before use. They will be copied to and executed with elevated privileges on your Hyper-V host; their contents determine safety. The repository listing shows these scripts exist but their contents were not provided for review. - Fix/confirm the SSH-password behavior: SKILL.md and return values state a VM password will be returned, but the included cloud-init sets ssh_pwauth: false (disabling password login). Decide whether you want key-only access or password access and adjust the cloud-init template accordingly. - Use key-based SSH for the Hyper-V host where possible, and ensure the SSH user has only the required privileges. Be aware the automation requires Hyper-V admin privileges and will change VHDX files, permissions, and VM firmware settings. - Test in an isolated environment first (non-production Hyper-V host) to validate the full flow (image download, qemu-img conversion, fsutil sparse flag operations, Resize-VHD, permissions, VM boot and networking). - Correct the registry metadata glitch (shows [object Object]) so automated systems and operators see the required env vars accurately. If you provide the contents of the PowerShell scripts, I can re-evaluate with higher confidence.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.1.1
Download zip
latestvk971mymb9nh4ak53rhx69ytsz583aqk6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Env[object Object]

SKILL.md

Hyper-V VM Creator

Create Ubuntu 24.04 VMs on Windows Hyper-V from cloud images with cloud-init. Returns a Docker-ready VM with SSH access.

When to Use

  • "create hyper-v vm"
  • "spin up vm on hyper-v"
  • "new hyper-v ubuntu vm"
  • Any time you need a fresh Linux VM on a Windows Hyper-V host

This is a base skill. It creates the VM. Other skills (soc-deploy-thehive, soc-deploy-misp) deploy applications onto it.

User Inputs

ParameterDefaultRequired
VM name-Yes
Hyper-V hosthyperv-host (YOUR_HYPERV_IP)No
CPU cores2No
RAM4GBNo
Disk40GBNo
VM user password(generated)No
Extra cloud-init packages-No
Network switchDNS-NIC-SwitchNo

Prerequisites Check

# SSH to Hyper-V host
ssh hyperv-host "echo OK" 2>/dev/null || echo "FAIL: Cannot SSH to Hyper-V host"

# qemu-img on Windows
ssh hyperv-host 'where "C:\Program Files\qemu\qemu-img.exe"' 2>/dev/null || echo "FAIL: qemu-img not installed (choco install qemu -y)"

# genisoimage on Linux (for building cloud-init ISO)
which genisoimage || echo "FAIL: genisoimage not installed (apt install genisoimage)"

Execution Flow

Step 1: Build cloud-init ISO (on Linux)

# Password via env var (recommended, avoids shell history/process list exposure)
VM_PASSWORD="<password>" bash scripts/build-cidata-iso.sh <vm-name> [ssh-public-key]

# Or via stdin
echo "<password>" | bash scripts/build-cidata-iso.sh <vm-name> [ssh-public-key]

# Creates /tmp/<vm-name>-cidata.iso

The ISO contains three files:

  • user-data: deploy user, Docker, Compose v2, SSH password auth
  • meta-data: instance-id and hostname
  • network-config: hv_netvsc DHCP match (CRITICAL for Hyper-V networking)

Step 2: Transfer files to Hyper-V host

# Cloud image (if not already cached)
wget -q https://cloud-images.ubuntu.com/releases/24.04/release/ubuntu-24.04-server-cloudimg-amd64.img -O /tmp/ubuntu-24.04-cloud.img
scp /tmp/ubuntu-24.04-cloud.img hyperv-host:C:/Users/youruser/Downloads/

# Cloud-init ISO
scp /tmp/<vm-name>-cidata.iso hyperv-host:C:/Users/youruser/Downloads/

Step 3: Create VM (elevated PowerShell on Hyper-V host)

# Copy script to host
scp scripts/create-vm.ps1 hyperv-host:C:/Users/youruser/Downloads/

# Execute (needs elevation)
ssh hyperv-host "powershell -ExecutionPolicy Bypass -File C:\\Users\\youruser\\Downloads\\create-vm.ps1 \
  -VMName <vm-name> \
  -CloudInitISO C:\\Users\\youruser\\Downloads\\<vm-name>-cidata.iso \
  -DiskSizeGB <disk> -MemoryGB <ram> -CPUCount <cores>"

Step 4: Wait for boot and find IP

sleep 90  # Cloud-init needs ~90 seconds

# Hyper-V VMs have MACs starting with 00-15-5d
arp -a | grep "00-15-5d"

# Get VM MAC to match
ssh hyperv-host "powershell (Get-VMNetworkAdapter -VMName '<vm-name>').MacAddress"
# PowerShell shows: 00155D38010A
# ARP shows:        00-15-5d-38-01-0a

Step 5: Verify SSH and Docker

ssh deploy@<ip> "docker --version && docker compose version && echo 'VM READY'"

Return Values

Report to caller:

VM Created: <vm-name>
IP: <ip>
SSH: deploy@<ip> (password: <password>)
Docker: installed
Docker Compose v2: installed

Teardown

To destroy a VM completely:

ssh hyperv-host "powershell -Command \"Stop-VM -Name '<vm-name>' -Force -TurnOff; Remove-VM -Name '<vm-name>' -Force; Remove-Item 'C:\\ProgramData\\Microsoft\\Windows\\Virtual Hard Disks\\<vm-name>.vhdx' -Force\""

Or use scripts/destroy-vm.ps1:

scp scripts/destroy-vm.ps1 hyperv-host:C:/Users/youruser/Downloads/
ssh hyperv-host "powershell -ExecutionPolicy Bypass -File C:\\Users\\youruser\\Downloads\\destroy-vm.ps1 -VMName <vm-name>"

Critical Gotchas

See references/gotchas.md for full details. Top blockers:

  1. Sparse VHDX: fsutil sparse setflag <path> 0 BEFORE Resize-VHD or error 0xC03A001A
  2. Network config: Must include match: driver: hv_netvsc or VM gets no IP
  3. Permissions: icacls /grant "NT VIRTUAL MACHINE\Virtual Machines:(F)" or Start-VM fails
  4. Secure Boot Off: Ubuntu cloud images aren't signed for Hyper-V
  5. Cloud-init runs once: No redo. Delete VM + VHDX and start over
  6. Don't batch PowerShell: Run Hyper-V commands one at a time
  7. All commands need elevated PowerShell
  8. Docker Compose v2: Install via curl in runcmd, NOT apt
  9. IP discovery: Use ARP scan, not Get-VMNetworkAdapter (needs linux-tools-virtual)

Files

8 total
Select a file
Select a file to preview.

Comments

Loading comments…