← 返回 Skills 市场
110
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install docker-mirror
功能描述
Docker 镜像拉取工具,自动切换镜像源。当官方 registry (docker.io) 拉取超时或失败时,自动尝试备用镜像(docker.1ms.run、docker.m.daocloud.io)。适用于网络受限的 Linux 环境。需要 sg (sgdocker group) 和 docker 已安装。触...
使用说明 (SKILL.md)
Docker Mirror
自动处理 Docker 镜像拉取失败,切换到国内镜像源。
工作原理
- 先尝试官方 registry (
docker.io) - 失败则按顺序尝试备用镜像
- 成功后 tag 回原名并清理镜像残留
使用方法
# 拉取镜像(核心用法)
bash ./scripts/docker.sh pull \x3C镜像名>[:标签]
# 示例
bash ./scripts/docker.sh pull nginx:latest
bash ./scripts/docker.sh pull redis:alpine
bash ./scripts/docker.sh pull postgres:15
其他 Docker 命令
非 pull 命令直接透传给 docker:
bash ./scripts/docker.sh ps -a
bash ./scripts/docker.sh images
bash ./scripts/docker.sh run -it nginx:latest
bash ./scripts/docker.sh stop nginx
镜像源状态
最新验证结果(2026-03-29):
| 镜像源 | 状态 | 备注 |
|---|---|---|
| docker.io | ❌ 超时 | 国内访问不稳定 |
| docker.1ms.run | ✅ 可用 | 主要备用源 |
| docker.m.daocloud.io | ✅ 可用 | DaoCloud 镜像 |
已验证可正常拉取:hello-world、nginx:latest、nginx:alpine
故障排除
如果 docker.sh pull 失败:
-
检查 Docker daemon 是否运行:
bash ./scripts/docker.sh ps -
查看本地镜像:
bash ./scripts/docker.sh images -
手动指定镜像源:
bash ./scripts/docker.sh pull docker.1ms.run/library/nginx
环境依赖
sg命令(sgdocker 组权限)docker已安装且 daemon 运行中
安全使用建议
Functionally this skill does what it says: it wraps docker pull and falls back to listed mirrors. Before installing or using it, consider: (1) Third‑party mirrors can serve tampered images — prefer official registries or verified digests; verify image digests/signatures (Docker Content Trust / Notary) when possible. (2) The script runs docker via 'sg docker', so the invoking user must be in the docker group; membership in that group grants high privilege on the host. (3) If you must use mirrors, audit the mirror domains and prefer pulls by digest rather than by tag. (4) If you want more control, consider configuring registry mirrors at the Docker daemon level or manually pulling images and verifying them before running. If you want me to, I can list specific checks to verify the mirror domains and how to pull by digest/signature.
功能分析
Type: OpenClaw Skill
Name: docker-mirror
Version: 1.0.1
The skill provides a Docker wrapper script (`scripts/docker.sh`) intended to automatically switch to mirror registries when official pulls fail. However, the script contains a critical shell injection vulnerability because it passes unvalidated command-line arguments directly into a shell string executed via `sg docker -c`. An attacker or a malicious prompt could exploit this to execute arbitrary commands with docker group privileges (e.g., by providing an image name like `nginx; touch /tmp/pwned`). While the mirrors listed (docker.1ms.run, docker.m.daocloud.io) are known public services, the lack of input sanitization makes the skill unsafe for use.
能力评估
Purpose & Capability
The name/description describe a Docker pull wrapper and the included script implements exactly that: try docker.io, then try listed mirrors, tag back the image, and clean up. The requirement for sg and docker is documented and expected.
Instruction Scope
SKILL.md instructs running the provided script and proxies other docker commands to the host via 'sg docker -c'. The instructions do not read unrelated files or environment variables. Note: because the wrapper forwards arbitrary docker commands it can be used to pull and run arbitrary container images — this is expected for a Docker wrapper but increases operational risk.
Install Mechanism
No install spec — the skill is instruction + a simple shell script. Nothing is downloaded or written to disk by an installer. This is low risk from an install-mechanism perspective.
Credentials
The skill requests no environment variables or external credentials. It does require access to the Docker daemon (via sg into the docker group); access to the docker group is effectively root-equivalent on the host, which is expected for Docker operations but is a privileged capability the operator should be aware of. The script does contact third‑party registries (docker.1ms.run, docker.m.daocloud.io) — those are outside the user's control and carry supply-chain/trust risk.
Persistence & Privilege
always:false and default autonomous invocation is unchanged. The skill does not request permanent installation or modify other skills or global agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install docker-mirror - 安装完成后,直接呼叫该 Skill 的名称或使用
/docker-mirror触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- Updated scripts/docker.sh.
- Internal script improvements or fixes; user-facing documentation unchanged.
v1.0.0
Initial release of docker-mirror — a Docker image pull tool with automatic mirror switching.
- Automatically retries Docker image pulls from backup mirrors if pulling from docker.io fails.
- Supports both automatic and manual selection of mirrors (docker.1ms.run, docker.m.daocloud.io).
- Transparently proxies non-pull docker commands.
- Designed for Linux environments with restricted network access.
- Requires sg (sgdocker group) and Docker installed.
元数据
常见问题
Docker Mirror 是什么?
Docker 镜像拉取工具,自动切换镜像源。当官方 registry (docker.io) 拉取超时或失败时,自动尝试备用镜像(docker.1ms.run、docker.m.daocloud.io)。适用于网络受限的 Linux 环境。需要 sg (sgdocker group) 和 docker 已安装。触... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 110 次。
如何安装 Docker Mirror?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install docker-mirror」即可一键安装,无需额外配置。
Docker Mirror 是免费的吗?
是的,Docker Mirror 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Docker Mirror 支持哪些平台?
Docker Mirror 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Docker Mirror?
由 kitsudog(@kitsudog)开发并维护,当前版本 v1.0.1。
推荐 Skills