[ci skip] Pass skill secrets to moltbot container and fix Python env

- Add skill_secrets variable to moltbot module with HA tokens and
  Uptime Kuma password as container env vars
- Install Python packages (requests, caldav, icalendar, uptime-kuma-api)
  in init container with PYTHONPATH for main container access
- Update all skills to use python3 directly instead of ~/.venvs/claude
  venv path that doesn't exist in the container
- Remove hardcoded Uptime Kuma password from skill, use env var

.claude/skills/home-assistant/SKILL.md

@@ -40,8 +40,8 @@ There are **two** Home Assistant instances:
 - **Aliases**: "ha" or "HA" = ha-london. "ha sofia" or "ha-sofia" = ha-sofia.
 
 ## Prerequisites
-- The `~/.venvs/claude` virtualenv must have `requests` package installed
+- Python 3 with `requests` package available (installed via PYTHONPATH or system packages)
-- Environment variables for each instance must be set in the venv activation script:
+- Environment variables for each instance:
   - **ha-london**: `HOME_ASSISTANT_URL` and `HOME_ASSISTANT_TOKEN`
   - **ha-sofia**: `HOME_ASSISTANT_SOFIA_URL` and `HOME_ASSISTANT_SOFIA_TOKEN`
 
@@ -55,14 +55,14 @@ There are **two** Home Assistant instances:
 | ha-sofia | `.claude/home-assistant-sofia.py` |
 
 ### Execution Pattern (CRITICAL)
-Always activate the venv to get environment variables:
+Run the scripts directly with python3 (env vars are set in the environment):
 
 ```bash
 # ha-london (default)
-source ~/.venvs/claude/bin/activate && cd ~/code/infra && python .claude/home-assistant.py [command] [options]
+python3 .claude/home-assistant.py [command] [options]
 
 # ha-sofia
-source ~/.venvs/claude/bin/activate && cd ~/code/infra && python .claude/home-assistant-sofia.py [command] [options]
+python3 .claude/home-assistant-sofia.py [command] [options]
 ```
 
 ### Available Commands
@@ -194,7 +194,7 @@ ssh vbarzin@192.168.1.8 "cat /config/secrets.yaml"
 
 To turn on the living room light on ha-london:
 ```bash
-source ~/.venvs/claude/bin/activate && cd ~/code/infra && python .claude/home-assistant.py on light.living_room
+python3 .claude/home-assistant.py on light.living_room
 ```
 
 To check ha-sofia configuration:
@@ -230,7 +230,7 @@ ssh vbarzin@ha-sofia.viktorbarzin.lan "cat /config/configuration.yaml"
 
 | Error | Cause | Fix |
 |-------|-------|-----|
-| `HOME_ASSISTANT_URL and HOME_ASSISTANT_TOKEN must be set` | Didn't source venv activation | Use `source ~/.venvs/claude/bin/activate && python ...` |
+| `HOME_ASSISTANT_URL and HOME_ASSISTANT_TOKEN must be set` | Env vars not set | Ensure `HOME_ASSISTANT_URL` and `HOME_ASSISTANT_TOKEN` are in the environment |
 | `404 Not Found` | Entity doesn't exist | Use `search` command to find correct entity ID |
 | `401 Unauthorized` | Token invalid/expired | Generate new long-lived token in HA |
 | `Connection refused` | HA not reachable | Check URL and network connectivity |

.claude/skills/nextcloud-calendar/SKILL.md

@@ -23,21 +23,21 @@ Need to create, query, or manage calendar events in the user's Nextcloud calenda
 - Default calendar is always Nextcloud unless otherwise specified
 
 ## Prerequisites
-- The `~/.venvs/claude` virtualenv must have `caldav` and `icalendar` packages installed
+- Python 3 with `caldav` and `icalendar` packages available (installed via PYTHONPATH or system packages)
-- Environment variables `NEXTCLOUD_USER` and `NEXTCLOUD_APP_PASSWORD` must be set in the venv activation script
+- Environment variables `NEXTCLOUD_USER` and `NEXTCLOUD_APP_PASSWORD` must be set
 
 ## Solution
 
 ### Script Location
 ```
-/home/wizard/code/infra/.claude/calendar-query.py
+.claude/calendar-query.py
 ```
 
 ### Execution Pattern (CRITICAL)
-Always activate the venv to get environment variables:
+Run the script directly with python3 (env vars are set in the environment):
 
 ```bash
-source ~/.venvs/claude/bin/activate && cd ~/code/infra && python .claude/calendar-query.py [command] [options]
+python3 .claude/calendar-query.py [command] [options]
 ```
 
 ### Available Commands
@@ -103,16 +103,14 @@ python .claude/calendar-query.py week
 To create an event "Team offsite" from March 20-22, 2026:
 
 ```bash
-source ~/.venvs/claude/bin/activate && cd ~/code/infra && python .claude/calendar-query.py create --title "Team offsite" --start "2026-03-20" --end "2026-03-23" --all-day
+python3 .claude/calendar-query.py create --title "Team offsite" --start "2026-03-20" --end "2026-03-23" --all-day
 ```
 
 ## Important Notes
 
 1. **End dates are exclusive** for all-day events (CalDAV standard). To create an event spanning April 10-13, set end to April 14.
 
-2. **Must source venv activation** - Using `~/.venvs/claude/bin/python` directly won't work because environment variables (`NEXTCLOUD_USER`, `NEXTCLOUD_APP_PASSWORD`) are set in the activation script.
+2. **No delete/update commands** - The script currently only supports create and query. To modify events, user must do it manually in Nextcloud.
-
-3. **No delete/update commands** - The script currently only supports create and query. To modify events, user must do it manually in Nextcloud.
 
 4. **Default calendar** is "Personal" - use `--calendar` flag for others.
 
@@ -125,6 +123,6 @@ source ~/.venvs/claude/bin/activate && cd ~/code/infra && python .claude/calenda
 
 | Error | Cause | Fix |
 |-------|-------|-----|
-| `NEXTCLOUD_USER and NEXTCLOUD_APP_PASSWORD must be set` | Didn't source venv activation | Use `source ~/.venvs/claude/bin/activate && python ...` |
+| `NEXTCLOUD_USER and NEXTCLOUD_APP_PASSWORD must be set` | Env vars not set | Ensure `NEXTCLOUD_USER` and `NEXTCLOUD_APP_PASSWORD` are in the environment |
-| `Required packages not installed` | caldav/icalendar missing | Run `~/.venvs/claude/bin/pip install caldav icalendar` |
+| `Required packages not installed` | caldav/icalendar missing | Ensure PYTHONPATH includes the installed packages |
 | `Calendar 'X' not found` | Wrong calendar name | Run `list` command to see available calendars |

.claude/skills/uptime-kuma/SKILL.md

@@ -20,17 +20,18 @@ date: 2026-02-14
 - **Internal**: `uptime-kuma.uptime-kuma.svc.cluster.local:80`
 - **Image**: `louislam/uptime-kuma:2`
 - **Storage**: NFS at `/mnt/main/uptime-kuma` -> `/app/data`
-- **API Library**: `uptime-kuma-api` (pip, installed in `~/.venvs/claude/`)
+- **API Library**: `uptime-kuma-api` (pip, available via PYTHONPATH)
-- **Credentials**: admin / EUxhLr4w4NFsGehy
+- **Credentials**: admin / (from `UPTIME_KUMA_PASSWORD` env var)
 
 ## Python API Access
 
 ### Connection Pattern
 ```python
+import os
 from uptime_kuma_api import UptimeKumaApi, MonitorType
 
 api = UptimeKumaApi('https://uptime.viktorbarzin.me')
-api.login('admin', 'EUxhLr4w4NFsGehy')
+api.login('admin', os.environ.get('UPTIME_KUMA_PASSWORD', ''))
 
 # ... operations ...
 
@@ -39,10 +40,11 @@ api.disconnect()
 
 ### Execution
 ```bash
-~/.venvs/claude/bin/python3 -c "
+python3 -c "
+import os
 from uptime_kuma_api import UptimeKumaApi, MonitorType
 api = UptimeKumaApi('https://uptime.viktorbarzin.me')
-api.login('admin', 'EUxhLr4w4NFsGehy')
+api.login('admin', os.environ.get('UPTIME_KUMA_PASSWORD', ''))
 # ... your code ...
 api.disconnect()
 "

modules/kubernetes/moltbot/main.tf

@@ -4,6 +4,7 @@ variable "ssh_key" {}
 variable "gemini_api_key" { type = string }
 variable "llama_api_key" { type = string }
 variable "brave_api_key" { type = string }
+variable "skill_secrets" { type = map(string) }
 
 resource "kubernetes_namespace" "moltbot" {
   metadata {
@@ -188,6 +189,10 @@ resource "kubernetes_deployment" "moltbot" {
             set -e
             apk add --no-cache curl unzip git-crypt openssh-client git bash
 
+            # Install pip and Python packages for skills
+            python3 -m ensurepip 2>/dev/null || apk add --no-cache py3-pip
+            pip3 install --break-system-packages --target=/tools/python-libs requests caldav icalendar uptime-kuma-api
+
             # Copy OpenClaw config to writable home dir
             cp /openclaw-config-src/openclaw.json /openclaw-home/openclaw.json
 
@@ -326,6 +331,33 @@ resource "kubernetes_deployment" "moltbot" {
             name  = "GEMINI_API_KEY"
             value = var.gemini_api_key
           }
+          # Skill secrets - Home Assistant
+          env {
+            name  = "HOME_ASSISTANT_URL"
+            value = "https://ha-london.viktorbarzin.me"
+          }
+          env {
+            name  = "HOME_ASSISTANT_TOKEN"
+            value = var.skill_secrets["home_assistant_token"]
+          }
+          env {
+            name  = "HOME_ASSISTANT_SOFIA_URL"
+            value = "https://ha-sofia.viktorbarzin.me"
+          }
+          env {
+            name  = "HOME_ASSISTANT_SOFIA_TOKEN"
+            value = var.skill_secrets["home_assistant_sofia_token"]
+          }
+          # Skill secrets - Uptime Kuma
+          env {
+            name  = "UPTIME_KUMA_PASSWORD"
+            value = var.skill_secrets["uptime_kuma_password"]
+          }
+          # Python packages path for skills
+          env {
+            name  = "PYTHONPATH"
+            value = "/tools/python-libs"
+          }
           volume_mount {
             name       = "tools"
             mount_path = "/tools"