ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Proxmox Create Vm

Create Ubuntu 24.04 LXC containers or full VMs on Proxmox VE. Docker-ready with Compose v2. Handles nesting for Docker-in-LXC, auto-picks next available CTID...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 56 · 0 current installs · 0 all-time installs
bySolomon Neas@solomonneas
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (create LXC/VM on Proxmox) match the included scripts and SKILL.md. All declared resources (no env vars, no install) align with a tool that shells out over SSH to a Proxmox host. The scripts use pveam/pct/qm commands that are appropriate for Proxmox management.
Instruction Scope
Runtime instructions and scripts only perform Proxmox management actions (template download, pct/qm create/destroy, post-boot apt/curl steps, IP discovery). They require SSH access to the Proxmox host and do not attempt to read unrelated local files or exfiltrate data. They do execute downloads on the Proxmox host (Ubuntu cloud image, Docker Compose binary) which is expected for provisioning.
Install Mechanism
No install spec; this is instruction + script based. External downloads invoked by the scripts are from well-known hosts (github.com Docker Compose release, cloud-images.ubuntu.com). No obscure URLs, pastebins, IP-only hosts, or archive extraction from untrusted endpoints in install steps.
Credentials
The skill requests no environment variables or registry credentials. It assumes SSH access (typically root) to the Proxmox host and accepts parameters (host, name, password for cloud-init). Those are proportional to the task. Note: the cloud-init password is passed as an argument to create-vm.sh and will appear in command history unless handled carefully by the operator.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges. It performs remote privileged operations on a Proxmox host via SSH (expected for provisioning). Autonomous invocation is allowed by default on the platform but is not excessive given the skill's purpose.
Assessment
This skill appears to do what it claims: create LXC containers and VMs on a Proxmox host via SSH. Before installing/using it, ensure you: 1) trust the Proxmox host and run the scripts from a machine with appropriate SSH keys (the scripts assume root SSH access); 2) avoid passing sensitive passwords on the command line (create-vm.sh requires a cloud-init password which can appear in shell history—prefer a safer secret injection method); 3) verify network access and that downloads (GitHub release, Ubuntu cloud image) are acceptable in your environment; 4) review and, if necessary, run the scripts manually once to confirm behavior; and 5) limit who/what can invoke the skill in automated scenarios since it performs privileged provisioning actions on your infrastructure.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97cq43xhtvs0jz1v4fz6t16q183axxs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Proxmox VM/Container Creator

Create Ubuntu 24.04 LXC containers or full VMs on Proxmox VE. Returns a Docker-ready host with SSH access.

When to Use

  • "create proxmox vm"
  • "create proxmox container"
  • "spin up lxc"
  • "new container on proxmox-host"
  • Any time you need a fresh Linux host on Proxmox

This is a base skill. It creates the infrastructure. Other skills deploy applications onto it.

LXC vs VM Decision Guide

Use LXC whenUse VM when
Running Docker containers (TheHive, MISP, etc.)Security Onion, Zeek with AF_PACKET
Lightweight servicesNeed custom kernel modules
Want fast startup (~5 seconds)Need full OS isolation
Most SOC toolsNetwork monitoring with raw sockets

Default: LXC. Only use VM when the application explicitly needs kernel access.

User Inputs

ParameterDefaultRequired
Name-Yes
Proxmox hostproxmox-host (YOUR_PROXMOX_IP)No
TypelxcNo (lxc or vm)
CPU cores2No
RAM (MB)4096No
Disk (GB)8No
Extra packages-No

Prerequisites Check

# SSH to Proxmox
ssh proxmox-host "pveversion" || echo "FAIL: Cannot SSH to Proxmox host"

# Check template (LXC)
ssh proxmox-host "pveam list local | grep ubuntu-24.04" || echo "Template not cached, will download"

# Find next CTID
ssh proxmox-host "pct list" | tail -n +2 | awk '{print $1}' | sort -n | tail -1
# Use max + 1

Execution Flow: LXC Container

Step 1: Ensure template is cached

ssh proxmox-host "pveam list local | grep ubuntu-24.04 || pveam download local ubuntu-24.04-standard_24.04-2_amd64.tar.zst"

Step 2: Find next available CTID

NEXT_CTID=$(ssh proxmox-host "cat <(pct list | tail -n +2 | awk '{print \$1}') <(qm list | tail -n +2 | awk '{print \$1}') 2>/dev/null | sort -n | tail -1")
NEXT_CTID=$((NEXT_CTID + 1))

Step 3: Create container

ssh proxmox-host "pct create $CTID local:vztmpl/ubuntu-24.04-standard_24.04-2_amd64.tar.zst \
  --hostname <name> \
  --memory <ram> \
  --cores <cores> \
  --rootfs local-lvm:<disk> \
  --net0 name=eth0,bridge=vmbr0,ip=dhcp \
  --unprivileged 1 \
  --features nesting=1 \
  --start 1"

Key flags:

  • --unprivileged 1: Security best practice
  • --features nesting=1: Required for Docker inside LXC
  • --start 1: Start immediately after creation

Step 4: Wait for boot and get IP

sleep 10  # LXC boots in ~5 seconds

# Get IP from Proxmox
ssh proxmox-host "pct exec $CTID -- hostname -I"

# Or from DHCP
ssh proxmox-host "pct exec $CTID -- ip -4 addr show eth0 | grep inet | awk '{print \$2}' | cut -d/ -f1"

Step 5: Post-boot Docker setup

bash scripts/post-boot-setup.sh proxmox-host $CTID

Or manually:

ssh proxmox-host "pct exec $CTID -- bash -c '
  apt-get update -qq
  apt-get install -y -qq docker.io curl git htop
  systemctl enable docker && systemctl start docker
  mkdir -p /usr/local/lib/docker/cli-plugins
  curl -SL https://github.com/docker/compose/releases/latest/download/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose
  chmod +x /usr/local/lib/docker/cli-plugins/docker-compose
'"

Step 6: Verify

ssh proxmox-host "pct exec $CTID -- docker --version && pct exec $CTID -- docker compose version"

Execution Flow: Full VM

Use scripts/create-vm.sh for full VMs when LXC won't work:

ssh proxmox-host "qm create $VMID --name <name> --memory <ram> --cores <cores> \
  --net0 virtio,bridge=vmbr0 --scsihw virtio-scsi-pci \
  --scsi0 local-lvm:<disk>,format=raw --ide2 local-lvm:cloudinit \
  --boot c --bootdisk scsi0 --serial0 socket --vga serial0 \
  --ciuser deploy --cipassword <password> --ipconfig0 ip=dhcp \
  --start 1"

Return Values

Report to caller:

Container/VM Created: <name>
CTID/VMID: <id>
Type: lxc | vm
IP: <ip>
SSH: root@<ip> (LXC) or deploy@<ip> (VM)
Docker: installed
Docker Compose v2: installed

Teardown

# LXC
ssh proxmox-host "pct stop $CTID && pct destroy $CTID --purge"

# VM
ssh proxmox-host "qm stop $VMID && qm destroy $VMID --purge"

Critical Gotchas

See references/gotchas.md for full details:

  1. Docker in LXC needs nesting=1: Without --features nesting=1, Docker fails to create networks
  2. LXC limitations: No custom kernel modules, no raw sockets (AF_PACKET). Use VM for Security Onion, Zeek
  3. Template caching: pveam download is slow first time. Check pveam list local first
  4. CTID conflicts: Always check pct list before picking a CTID
  5. Disk is thin-provisioned: 770GB free in pool but containers can fill up fast
  6. Wazuh (CTID 105): 99.3% full at 25GB. Don't colocate storage-heavy services

Files

9 total
Select a file
Select a file to preview.

Comments

Loading comments…