Language / 语言: English | 简体中文
An AI agent skill that turns your coding assistant into a full-featured Linux server management panel — like BaoTa / 1Panel, but driven entirely by AI over SSH.
| Category | Capabilities |
|---|---|
| Deploy | Static sites, Node.js (PM2), Java (systemd), Python (Gunicorn/Uvicorn), Go (systemd), PHP (FPM), Docker Compose |
| Domain & SSL | Nginx vhost generation, Let's Encrypt auto-issue & auto-renew, wildcard certs |
| Databases | MySQL/MariaDB, PostgreSQL, Redis, MongoDB — create, manage, backup |
| Docker | Containers, Compose stacks, registry, image management |
| WAF & Firewall | ModSecurity + OWASP CRS, Nginx rate limiting, IP blocklist, fail2ban, UFW/firewalld |
| Monitoring | System metrics, PM2/systemd health, SSL expiry, uptime watchdog, alerts |
| Logs | Real-time viewing, search by time/level/keyword, logrotate, GoAccess, Loki |
| Files | Browse, edit, permissions, compress/extract, rsync transfer |
| Users | Linux users, sudo rules, SSH keys, SFTP chroot accounts |
| Cron | View, add, debug scheduled tasks + systemd timers |
| Security | SSH hardening, kernel tuning, auditd, intrusion detection, backup |
| Multi-server | Manage any number of servers; local workspace context for instant session resumption |
The skill maintains two layers of context:
- Server-side
/etc/server-index.json— auto-generated bygenerate-index.sh, contains every deployed service, database, Docker container, SSL cert, user, open port, WAF status, and more. - Local workspace
.server/snapshots/<server-id>.json— pulled viasync-context.sh. In any new AI session, the agent reads this file instantly and already knows your entire server environment without asking.
| Distro | Package Manager | Nginx Config | Init System |
|---|---|---|---|
| Ubuntu 20.04 / 22.04 / 24.04 | apt | sites-available | systemd |
| Debian 11 / 12 | apt | sites-available | systemd |
| CentOS Stream 8/9 | dnf | conf.d | systemd |
| RHEL 8/9 | dnf | conf.d | systemd |
| Rocky Linux / AlmaLinux | dnf | conf.d | systemd |
| Fedora | dnf | conf.d | systemd |
| Alpine Linux | apk | http.d | OpenRC |
| Arch / Manjaro | pacman | conf.d | systemd |
- macOS or Linux local machine
sshandscpavailable in your terminaljqinstalled locally:brew install jq(macOS) ·apt-get install -y jq(Linux)
Personal skill (available in all your projects):
# Works for both first install and future updates — run anytime
git clone https://github.com/michael-ltm/linux-server-skill.git ~/.cursor/skills/linux-server-ops 2>/dev/null \
|| git -C ~/.cursor/skills/linux-server-ops pull origin mainProject skill (shared with your team via git):
mkdir -p .cursor/skills
git clone https://github.com/michael-ltm/linux-server-skill.git .cursor/skills/linux-server-ops 2>/dev/null \
|| git -C .cursor/skills/linux-server-ops pull origin mainRestart Cursor. The skill is automatically discovered — no configuration needed.
git clone https://github.com/michael-ltm/linux-server-skill.git ~/.claude/skills/linux-server-ops 2>/dev/null \
|| git -C ~/.claude/skills/linux-server-ops pull origin mainThe agent reads skills from ~/.claude/skills/ automatically when you start a session.
git clone https://github.com/michael-ltm/linux-server-skill.git ~/.openclaw/skills/linux-server-ops 2>/dev/null \
|| git -C ~/.openclaw/skills/linux-server-ops pull origin mainOr configure the skill path in OpenClaw's settings panel to point to the cloned directory.
git clone https://github.com/michael-ltm/linux-server-skill.git /path/to/skills/linux-server-ops 2>/dev/null \
|| git -C /path/to/skills/linux-server-ops pull origin mainThe main entry point is SKILL.md. The agent reads it first, then loads referenced guide files on demand.
How it works:
git clonesucceeds on first install. If the directory already exists it fails silently (2>/dev/null), then||triggersgit pullto update instead. One command, works every time.
Run this in your project workspace (the directory you have open in Cursor/Claude Code):
bash ~/.cursor/skills/linux-server-ops/scripts/sync-context.sh --addYou'll be prompted for:
- Server ID (e.g.
prod-web) - Host IP or hostname
- SSH port (default: 22)
- SSH user (e.g.
ubuntu) - Path to private key (e.g.
~/.ssh/my_key)
This creates .server/servers.json in your workspace.
Security: Add
.server/servers.jsonto.gitignore— it contains your SSH connection info.
echo ".server/servers.json" >> .gitignore
echo ".server/snapshots/" >> .gitignorebash ~/.cursor/skills/linux-server-ops/scripts/sync-context.shThis connects to your server, runs a full scan, and saves the snapshot to .server/snapshots/prod-web.json.
Output example:
→ Syncing: prod-web (ubuntu@1.2.3.4:22)
✓ SSH connection successful
→ Scanning server (this may take ~10 seconds)...
✓ Snapshot saved: .server/snapshots/prod-web.json
Snapshot Summary: prod-web
Host: web-01 (1.2.3.4)
OS: Ubuntu 22.04
RAM: 8.0Gi Disk: 12G/100G (12%)
Websites: 2
Services: 3
Databases: 2 engines
SSL Certs: 2
Docker: 4 containers
Upload and run the init script on your server. This installs Nginx, Certbot, fail2ban, firewall, and all other dependencies:
# Upload scripts
scp -i ~/.ssh/my_key ~/.cursor/skills/linux-server-ops/scripts/check-system.sh ubuntu@1.2.3.4:/tmp/
scp -i ~/.ssh/my_key ~/.cursor/skills/linux-server-ops/scripts/generate-index.sh ubuntu@1.2.3.4:/tmp/
scp -i ~/.ssh/my_key ~/.cursor/skills/linux-server-ops/scripts/service-registry.sh ubuntu@1.2.3.4:/tmp/
# Run bootstrap
ssh -i ~/.ssh/my_key ubuntu@1.2.3.4 'sudo bash /tmp/check-system.sh'
# Install management scripts on server
ssh -i ~/.ssh/my_key ubuntu@1.2.3.4 'sudo mkdir -p /opt/server-tools && sudo mv /tmp/generate-index.sh /tmp/service-registry.sh /opt/server-tools/ && sudo chmod +x /opt/server-tools/*.sh'Open a new Cursor/Claude Code session in your workspace. The AI agent will automatically read .server/snapshots/prod-web.json and instantly know your server environment.
Just ask naturally:
"Deploy my React app from ./dist to my server at blog.example.com with SSL"
"Set up a Node.js service on port 3000 with PM2"
"Show me all running services and their status"
"The API is returning 502 — what's wrong?"
"Create an SFTP user for my client to upload files to /var/www/mysite"
"Set up ModSecurity WAF with OWASP rules"
"Block this IP: 1.2.3.4"
"Show me the Nginx error logs from the last hour"
"Add a daily backup cron job"
"Create a MySQL database and user for my app"
After setup, your workspace will contain:
your-project/
├── .server/
│ ├── servers.json ← SSH configs (add to .gitignore)
│ └── snapshots/
│ ├── prod-web.json ← Production server state
│ └── staging.json ← Staging server state
└── .gitignore ← Must include .server/servers.json
{
"default": "prod-web",
"servers": {
"prod-web": {
"label": "Production Web Server",
"host": "1.2.3.4",
"port": 22,
"user": "ubuntu",
"key_path": "~/.ssh/prod_key",
"tags": ["production", "web"],
"snapshot": ".server/snapshots/prod-web.json"
}
}
}# Add another server
bash ~/.cursor/skills/linux-server-ops/scripts/sync-context.sh --add
# List all configured servers
bash ~/.cursor/skills/linux-server-ops/scripts/sync-context.sh --list
# Sync all servers at once
bash ~/.cursor/skills/linux-server-ops/scripts/sync-context.sh --all
# Sync specific server
bash ~/.cursor/skills/linux-server-ops/scripts/sync-context.sh staging| Script | Purpose |
|---|---|
scripts/sync-context.sh --add |
Interactively add a server to workspace context |
scripts/sync-context.sh [id] |
Pull server state to local snapshot |
scripts/sync-context.sh --all |
Sync all configured servers |
scripts/sync-context.sh --list |
List all configured servers |
scripts/sync-context.sh --show [id] |
Print snapshot details |
| Script | Purpose |
|---|---|
check-system.sh |
Bootstrap: install all dependencies on a fresh server |
generate-index.sh |
Scan server state and write /etc/server-index.json |
generate-index.sh --print |
Scan and print JSON only (used by sync-context.sh) |
service-registry.sh list |
List all registered services |
service-registry.sh health |
Health check all services + DB + Docker |
service-registry.sh db |
Database status (MySQL / PostgreSQL / Redis / MongoDB) |
service-registry.sh docker |
Docker containers + Compose projects |
service-registry.sh cron |
All scheduled jobs |
service-registry.sh summary |
Full server summary |
service-registry.sh set <name> '{...}' |
Add/update a service entry |
service-control.sh status [name] |
Show status of all services or one specific service |
service-control.sh restart <name> |
Hard restart any service (auto-detects type) |
service-control.sh reload <name> |
Graceful zero-downtime reload |
service-control.sh start/stop <name> |
Start or stop a service |
service-control.sh enable <name> |
Enable auto-start on boot |
service-control.sh boot-check |
Verify ALL services have auto-start configured |
service-control.sh boot-fix |
Enable auto-start for all detected services |
service-control.sh logs <name> [n] |
View last N log lines |
| File | Topic |
|---|---|
SKILL.md |
Main entry point — all capabilities and quick-reference commands |
distro-guide.md |
Ubuntu / Debian / CentOS / RHEL / Alpine / Arch differences |
deploy-guide.md |
Full deployment workflows: Static, Node.js, Java, Python, PHP, Docker, DB |
waf-guide.md |
ModSecurity, OWASP CRS, rate limiting, IP management, DDoS mitigation |
monitoring-guide.md |
System metrics, alerting, Netdata, Uptime Kuma, watchdog |
log-guide.md |
Log viewing, search, rotation, GoAccess, Loki/Promtail |
file-ops-guide.md |
File manager: browse, edit, permissions, compress, transfer |
security-guide.md |
SSH hardening, auditd, kernel tuning, intrusion detection, backups |
user-management-guide.md |
Users, groups, sudo, SSH keys, SFTP chroot, session auditing |
- Never commit
servers.json— it contains SSH connection details - The server-side index
/etc/server-index.jsonis stored aschmod 600(root-only) - All
.envfiles deployed by this skill are set tochmod 600 - SSH password auth is disabled during server hardening; key-only auth is enforced
- SFTP users are chroot-jailed to their web directories
MIT — free to use, modify, and distribute.