← Back to Skills Marketplace
110
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install docker-mirror
Description
Docker 镜像拉取工具,自动切换镜像源。当官方 registry (docker.io) 拉取超时或失败时,自动尝试备用镜像(docker.1ms.run、docker.m.daocloud.io)。适用于网络受限的 Linux 环境。需要 sg (sgdocker group) 和 docker 已安装。触...
README (SKILL.md)
Docker Mirror
自动处理 Docker 镜像拉取失败,切换到国内镜像源。
工作原理
- 先尝试官方 registry (
docker.io) - 失败则按顺序尝试备用镜像
- 成功后 tag 回原名并清理镜像残留
使用方法
# 拉取镜像(核心用法)
bash ./scripts/docker.sh pull \x3C镜像名>[:标签]
# 示例
bash ./scripts/docker.sh pull nginx:latest
bash ./scripts/docker.sh pull redis:alpine
bash ./scripts/docker.sh pull postgres:15
其他 Docker 命令
非 pull 命令直接透传给 docker:
bash ./scripts/docker.sh ps -a
bash ./scripts/docker.sh images
bash ./scripts/docker.sh run -it nginx:latest
bash ./scripts/docker.sh stop nginx
镜像源状态
最新验证结果(2026-03-29):
| 镜像源 | 状态 | 备注 |
|---|---|---|
| docker.io | ❌ 超时 | 国内访问不稳定 |
| docker.1ms.run | ✅ 可用 | 主要备用源 |
| docker.m.daocloud.io | ✅ 可用 | DaoCloud 镜像 |
已验证可正常拉取:hello-world、nginx:latest、nginx:alpine
故障排除
如果 docker.sh pull 失败:
-
检查 Docker daemon 是否运行:
bash ./scripts/docker.sh ps -
查看本地镜像:
bash ./scripts/docker.sh images -
手动指定镜像源:
bash ./scripts/docker.sh pull docker.1ms.run/library/nginx
环境依赖
sg命令(sgdocker 组权限)docker已安装且 daemon 运行中
Usage Guidance
Functionally this skill does what it says: it wraps docker pull and falls back to listed mirrors. Before installing or using it, consider: (1) Third‑party mirrors can serve tampered images — prefer official registries or verified digests; verify image digests/signatures (Docker Content Trust / Notary) when possible. (2) The script runs docker via 'sg docker', so the invoking user must be in the docker group; membership in that group grants high privilege on the host. (3) If you must use mirrors, audit the mirror domains and prefer pulls by digest rather than by tag. (4) If you want more control, consider configuring registry mirrors at the Docker daemon level or manually pulling images and verifying them before running. If you want me to, I can list specific checks to verify the mirror domains and how to pull by digest/signature.
Capability Analysis
Type: OpenClaw Skill
Name: docker-mirror
Version: 1.0.1
The skill provides a Docker wrapper script (`scripts/docker.sh`) intended to automatically switch to mirror registries when official pulls fail. However, the script contains a critical shell injection vulnerability because it passes unvalidated command-line arguments directly into a shell string executed via `sg docker -c`. An attacker or a malicious prompt could exploit this to execute arbitrary commands with docker group privileges (e.g., by providing an image name like `nginx; touch /tmp/pwned`). While the mirrors listed (docker.1ms.run, docker.m.daocloud.io) are known public services, the lack of input sanitization makes the skill unsafe for use.
Capability Assessment
Purpose & Capability
The name/description describe a Docker pull wrapper and the included script implements exactly that: try docker.io, then try listed mirrors, tag back the image, and clean up. The requirement for sg and docker is documented and expected.
Instruction Scope
SKILL.md instructs running the provided script and proxies other docker commands to the host via 'sg docker -c'. The instructions do not read unrelated files or environment variables. Note: because the wrapper forwards arbitrary docker commands it can be used to pull and run arbitrary container images — this is expected for a Docker wrapper but increases operational risk.
Install Mechanism
No install spec — the skill is instruction + a simple shell script. Nothing is downloaded or written to disk by an installer. This is low risk from an install-mechanism perspective.
Credentials
The skill requests no environment variables or external credentials. It does require access to the Docker daemon (via sg into the docker group); access to the docker group is effectively root-equivalent on the host, which is expected for Docker operations but is a privileged capability the operator should be aware of. The script does contact third‑party registries (docker.1ms.run, docker.m.daocloud.io) — those are outside the user's control and carry supply-chain/trust risk.
Persistence & Privilege
always:false and default autonomous invocation is unchanged. The skill does not request permanent installation or modify other skills or global agent settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install docker-mirror - After installation, invoke the skill by name or use
/docker-mirror - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- Updated scripts/docker.sh.
- Internal script improvements or fixes; user-facing documentation unchanged.
v1.0.0
Initial release of docker-mirror — a Docker image pull tool with automatic mirror switching.
- Automatically retries Docker image pulls from backup mirrors if pulling from docker.io fails.
- Supports both automatic and manual selection of mirrors (docker.1ms.run, docker.m.daocloud.io).
- Transparently proxies non-pull docker commands.
- Designed for Linux environments with restricted network access.
- Requires sg (sgdocker group) and Docker installed.
Metadata
Frequently Asked Questions
What is Docker Mirror?
Docker 镜像拉取工具,自动切换镜像源。当官方 registry (docker.io) 拉取超时或失败时,自动尝试备用镜像(docker.1ms.run、docker.m.daocloud.io)。适用于网络受限的 Linux 环境。需要 sg (sgdocker group) 和 docker 已安装。触... It is an AI Agent Skill for Claude Code / OpenClaw, with 110 downloads so far.
How do I install Docker Mirror?
Run "/install docker-mirror" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Docker Mirror free?
Yes, Docker Mirror is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Docker Mirror support?
Docker Mirror is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Docker Mirror?
It is built and maintained by kitsudog (@kitsudog); the current version is v1.0.1.
More Skills