@fabioforest/openclaw 3.5.0 → 3.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/README.md +22 -2
  2. package/package.json +1 -1
  3. package/templates/.agent/skills/ai-provider-setup/SKILL.md +244 -0
  4. package/templates/.agent/skills/code-quality/SKILL.md +93 -0
  5. package/templates/.agent/skills/devops-toolkit/SKILL.md +110 -0
  6. package/templates/.agent/skills/legacy-cleanup/SKILL.md +67 -0
  7. package/templates/.agent/skills/mlops-pipeline/SKILL.md +113 -0
  8. package/templates/.agent/skills/security-scanner/SKILL.md +121 -0
  9. package/templates/.agent/skills/smoke-tester/SKILL.md +160 -0
  10. package/templates/.agent/skills/test-engineer/SKILL.md +129 -0
  11. package/templates/.agent/skills/vpn-networking/SKILL.md +200 -0
  12. package/templates/.agent/skills/vps-cloud-infra/SKILL.md +140 -0
package/templates/.agent/skills/vps-cloud-infra/SKILL.md ADDED
@@ -0,0 +1,140 @@
1
+ ---
2
+ name: vps-cloud-infra
3
+ description: Setup, gerenciamento e hardening de VPS e cloud servers. Suporte a Contabo, Hetzner, DigitalOcean, Linode, Oracle Cloud, AWS Lightsail, Vultr e mais.
4
+ triggers:
5
+ - vps
6
+ - servidor
7
+ - server
8
+ - contabo
9
+ - hetzner
10
+ - digitalocean
11
+ - linode
12
+ - oracle cloud
13
+ - aws
14
+ - lightsail
15
+ - vultr
16
+ - cloud
17
+ - ubuntu server
18
+ - debian
19
+ - centos
20
+ - ssh
21
+ - firewall
22
+ - ufw
23
+ - iptables
24
+ - hardening
25
+ - provisionamento
26
+ ---
27
+
28
+ # VPS & Cloud Infrastructure
29
+
30
+ ## Objetivo
31
+ Provisionar, configurar, proteger e gerenciar servidores VPS/Cloud de qualquer provedor, seguindo boas práticas de segurança e automação.
32
+
33
+ ## Provedores suportados — Comparativo
34
+
35
+ | Provedor | Preço mín/mês | vCPU | RAM | Disco | Rede | Free tier | Melhor para |
36
+ |---------|--------------|------|-----|-------|------|---------|------------|
37
+ | **Contabo** | €4.99 | 4 | 6GB | 100GB SSD | 32TB | ❌ | Custo/benefício, storage |
38
+ | **Hetzner** | €3.79 | 2 | 2GB | 20GB | 20TB | ❌ | EU, performance, ARM |
39
+ | **DigitalOcean** | $6 | 1 | 1GB | 25GB | 1TB | $200 (60d) | Simplicidade, Apps |
40
+ | **Linode/Akamai** | $5 | 1 | 1GB | 25GB | 1TB | $100 (60d) | Comunidade, docs |
41
+ | **Vultr** | $2.50 | 1 | 512MB | 10GB | 500GB | $250 (30d) | Ultra-barato |
42
+ | **Oracle Cloud** | Free | 4 ARM | 24GB | 200GB | 10TB | ✅ Always Free | GPU grátis (ARM Ampere) |
43
+ | **AWS Lightsail** | $3.50 | 1 | 512MB | 20GB | 1TB | $0 (3mo) | Ecossistema AWS |
44
+ | **GCP Compute** | $6.11 | 1 | 0.6GB | 10GB | Egress $ | ✅ e2-micro | Integração Google |
45
+ | **Azure B1s** | Free | 1 | 1GB | 64GB | 15GB | ✅ 12 meses | Enterprise, .NET |
46
+
47
+ ## Setup inicial de VPS — Checklist universal
48
+
49
+ ### Passo 1: Acesso inicial
50
+ ```bash
51
+ # Conectar via SSH (primeiro acesso, geralmente root)
52
+ ssh root@<IP_DO_SERVIDOR>
53
+
54
+ # Se exigir senha, trocar por chave imediatamente
55
+ ssh-copy-id -i ~/.ssh/id_ed25519.pub root@<IP>
56
+ ```
57
+
58
+ ### Passo 2: Criar usuário admin (nunca usar root no dia a dia)
59
+ ```bash
60
+ adduser fabio
61
+ usermod -aG sudo fabio
62
+ mkdir -p /home/fabio/.ssh
63
+ cp /root/.ssh/authorized_keys /home/fabio/.ssh/
64
+ chown -R fabio:fabio /home/fabio/.ssh
65
+ chmod 700 /home/fabio/.ssh
66
+ chmod 600 /home/fabio/.ssh/authorized_keys
67
+ ```
68
+
69
+ ### Passo 3: Hardening SSH
70
+ ```bash
71
+ # /etc/ssh/sshd_config
72
+ PermitRootLogin no
73
+ PasswordAuthentication no
74
+ PubkeyAuthentication yes
75
+ MaxAuthTries 3
76
+ ClientAliveInterval 300
77
+ ClientAliveCountMax 2
78
+
79
+ # Reiniciar SSH
80
+ systemctl restart sshd
81
+ ```
82
+
83
+ ### Passo 4: Firewall
84
+ ```bash
85
+ # UFW (Ubuntu/Debian)
86
+ ufw default deny incoming
87
+ ufw default allow outgoing
88
+ ufw allow ssh
89
+ ufw allow 80/tcp
90
+ ufw allow 443/tcp
91
+ ufw enable
92
+
93
+ # Para VPN: adicionar porta WireGuard
94
+ ufw allow 51820/udp
95
+ ```
96
+
97
+ ### Passo 5: Atualizações automáticas
98
+ ```bash
99
+ apt install unattended-upgrades
100
+ dpkg-reconfigure -plow unattended-upgrades
101
+ ```
102
+
103
+ ### Passo 6: Docker (se necessário)
104
+ ```bash
105
+ curl -fsSL https://get.docker.com | sh
106
+ usermod -aG docker fabio
107
+ # Relogar para aplicar grupo
108
+ ```
109
+
110
+ ### Passo 7: Monitoramento básico
111
+ ```bash
112
+ # Instalar ferramentas essenciais
113
+ apt install htop iotop ncdu fail2ban
114
+
115
+ # Fail2ban (proteção contra brute force)
116
+ systemctl enable fail2ban
117
+ systemctl start fail2ban
118
+ ```
119
+
120
+ ## Hardening avançado
121
+
122
+ | Item | Comando/Config | Prioridade |
123
+ |------|---------------|-----------|
124
+ | SSH key-only | `PasswordAuthentication no` | 🔴 Crítico |
125
+ | Disable root login | `PermitRootLogin no` | 🔴 Crítico |
126
+ | Fail2ban | `apt install fail2ban` | 🟠 Alta |
127
+ | UFW firewall | `ufw enable` | 🟠 Alta |
128
+ | Unattended upgrades | `dpkg-reconfigure unattended-upgrades` | 🟡 Média |
129
+ | SSH port diferente | `Port 2222` em sshd_config | 🟡 Média |
130
+ | 2FA SSH | `libpam-google-authenticator` | 🟢 Opcional |
131
+ | Audit logging | `auditd` + regras | 🟢 Opcional |
132
+ | CrowdSec | Alternativa moderna ao fail2ban | 🟢 Opcional |
133
+
134
+ ## Regras de segurança
135
+ - ✅ Nunca usar root para tarefas do dia a dia
136
+ - ✅ SSH somente por chave (nunca senha)
137
+ - ✅ Firewall ativo com regras mínimas
138
+ - ✅ Backups regulares (ponto de restauração antes de mudanças)
139
+ - ❌ Nunca expor portas desnecessárias sem firewall
140
+ - ❌ Nunca armazenar chaves SSH privadas no servidor