{
  "skill": {
    "id": "skl_apple_linux_containers",
    "name": "apple-linux-containers",
    "plugin": "cwc-ios-engineering",
    "description": "Linux systems and security engineering on Apple silicon via Apple's `container` runtime (vendors/apple/container) — OCI images run as lightweight per-container VMs on Virtualization.framework. Use when the user asks to run Linux containers or VMs on a Mac, sandbox a coworker/Claude Code session (desktop.md's bypass-permissions best practice: \"only use in sandboxed containers or VMs\"), work with OCI images outside Docker, investigate the desktop-linux Claude Desktop app inside a VM, or do OS-internals/security work in a Linux guest (eBPF, kernel instrumentation, detection-as-code, hardening). Trigger on \"apple container\", \"container system start\", \"Linux VM on Mac\", \"Virtualization.framework\", \"sandbox this session\", \"OCI on macOS\", \"eBPF\", \"kernel instrumentation\", \"seccomp\", \"detection as code\". Do NOT use for Docker Desktop operations (different runtime, different daemon) or for Cloudflare Workers sandboxes (cloud-side, not this Mac).",
    "summary": "Linux systems and security engineering on Apple silicon via Apple's `container` runtime (vendors/apple/container) — OCI images run as lightweight per-container VMs on Virtualization.framework.",
    "gated": 0,
    "source_path": "plugins/cwc-ios-engineering/skills/apple-linux-containers/SKILL.md",
    "created_at": "2026-07-10 18:13:13",
    "cite_as": "https://subagentskills.com/api/skills/skl_apple_linux_containers"
  }
}