SUIWARP

v1.2.0

Deploy S-UI + Cloudflare WARP proxy server in one command. 6 protocols (VLESS Reality, TUIC, Hysteria2, gRPC, Trojan, WebSocket), clean Cloudflare IP exit vi...

⭐ 0· 11·0 current·0 all-time

by@ipythoning

MIT-0

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

✓

Purpose & Capability

The name/description (deploy S-UI + Cloudflare WARP multi-protocol proxy) match what the SKILL.md and included scripts actually do: they configure sing-box / S-UI, wireproxy, wgcf/WARP and system services, firewall, swap, and client links. Required system privileges (root, systemd services) are expected for this functionality.

Instruction Scope

The runtime instructions tell the user/agent to run a remote installer via `bash <(curl -sL https://raw.githubusercontent.com/.../setup.sh)` and to optionally perform remote installs via `ssh` and `sshpass` with plaintext passwords. The included setup.sh performs broad system changes (install packages, create swap, write configs under /usr/local, /etc, enable systemd services, modify firewall). While these actions are required for installation, instructing an agent to obtain and use root SSH credentials (especially encouraging sshpass) expands privilege scope and risk. The instructions do not attempt to read unrelated host data, but they do fetch external installers and run them as root.

Install Mechanism

The SKILL.md and setup.sh rely on remote script execution (curl | bash) from GitHub raw URLs and also call the S-UI install script from another repo. Downloading and immediately executing scripts from the network as root is inherently risky: although GitHub raw is a common release host, these operations will pull and run additional third-party code at install time. The skill has no registry install spec; the included setup.sh will conduct the installation dynamically.

ℹ

Credentials

The registry declares no env vars or credentials, which aligns with the files. However, the instructions explicitly require root SSH access and give examples showing sending passwords with sshpass. While root access is necessary for this install, asking or scripting use of plaintext passwords (sshpass) is dangerous if an agent solicits or stores credentials. There are no hidden environment-variable exfiltration requests in the files.

ℹ

Persistence & Privilege

The scripts install and enable systemd services (s-ui, wireproxy-warp, etc.), write persistent config under /etc and /usr/local, and thus create long-lived system presence—this is expected for a server install. The skill does not set always:true and does not modify other skills' configs. Because it gains system-wide persistence, exercising caution before installing is warranted.

What to consider before installing

This skill does what it claims but uses high-privilege, high-risk install patterns. Before running it: 1) Inspect the full setup.sh and any remote installers it calls; do not blindly run curl|bash as root. 2) Avoid sharing passwords in chat or using sshpass; prefer SSH keys and a controlled deployment channel. 3) Test in a disposable VM or isolated VPS first (not your primary/production server). 4) If you proceed, clone the repo and run the installer locally after manual review; backup any data on the target host and change default admin credentials after install. 5) Be aware the installer will install/enable systemd services and can route arbitrary outbound traffic through Cloudflare; consider legal and policy implications for your use case.

Like a lobster shell, security has layers — review code before you run it.

latestvk979xg1rmajwckn7hh6zcc2w99843dqk

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

SUIWARP — S-UI + Cloudflare WARP One-Liner

Deploy a multi-protocol proxy server with clean Cloudflare IP exit on any VPS.

When to Use

Activate when the user wants to:

Deploy a proxy / tunnel / VPN alternative on a VPS
Set up S-UI or sing-box with WARP
Configure VLESS Reality, TUIC, Hysteria2, or other protocols
Get a clean exit IP via Cloudflare WARP
Audit or fix an existing S-UI installation

Architecture

Client → S-UI (sing-box, 6 protocols) → wireproxy (SOCKS5 ~4MB) → Cloudflare WARP → Clean Exit IP

Protocol	Port	Best For
VLESS Reality Vision	443/tcp	Daily use (most covert)
TUIC v5	443/udp	Gaming (low latency)
Hysteria2	8443/udp	Streaming (max speed)
VLESS Reality gRPC	2053/tcp	Multiplexing (stable)
Trojan Reality	8880/tcp	Classic fallback
VLESS Reality WS	2083/tcp	CDN/firewall bypass
VLESS CDN WS	2052/tcp	IP hidden behind Cloudflare CDN
ShadowTLS v3 + SS2022	9443/tcp	Anti-DPI stealth (looks like real TLS)
VLESS HTTPUpgrade	10443/tcp	Stealth HTTP transport with Reality
Hysteria2 Port Hopping	20000-40000/udp	Anti-QoS, port randomization

Deployment

One-Liner (Recommended)

SSH into the target server as root, then run:

bash <(curl -sL https://raw.githubusercontent.com/iPythoning/SUIWARP/main/setup.sh)

This handles everything automatically:

System dependencies + swap (for low-RAM VPS)
S-UI installation with 6 protocol inbounds
Reality keypair generation
Free Cloudflare WARP registration via wgcf
wireproxy setup (WireGuard → SOCKS5, ~4MB RAM)
S-UI outbound routing through WARP
UFW firewall configuration
Client link generation

Remote Deployment via SSH

If the user provides server credentials, deploy remotely:

ssh root@SERVER_IP 'bash <(curl -sL https://raw.githubusercontent.com/iPythoning/SUIWARP/main/setup.sh)'

For password-only servers:

sshpass -p 'PASSWORD' ssh -o StrictHostKeyChecking=no root@SERVER_IP \
  'bash <(curl -sL https://raw.githubusercontent.com/iPythoning/SUIWARP/main/setup.sh)'

Requirements

OS: Ubuntu 20.04+ / Debian 11+ (x86_64 or ARM64)
RAM: 1GB minimum (512MB usable after OS)
Access: Root SSH

Post-Deploy

After setup completes:

Client links are at /root/suiwarp-client-links.txt
S-UI panel is at http://SERVER_IP:2095/app/ (default: admin/admin — remind user to change!)
Subscription URL is at http://SERVER_IP:2096/sub/

Verify WARP

# Direct IP
curl ifconfig.me

# WARP exit IP (should be Cloudflare)
curl -x socks5h://127.0.0.1:40000 ifconfig.me

Troubleshooting

sing-box won't start

Check logs: journalctl -u s-ui -n 20

Common causes:

out_json type mismatch: If DB was manually edited, out_json column must be blob (bytes), not string. Fix with Python:
```
cur.execute("UPDATE inbounds SET out_json=? WHERE id=?", (json.dumps(data).encode("utf-8"), rid))
```
outbound type not found: wireguard: S-UI 1.4.0 sing-box doesn't include WireGuard. Use the wireproxy SOCKS5 approach instead.

WARP not connecting

systemctl status wireproxy-warp
journalctl -u wireproxy-warp -n 20

If endpoint is unreachable, try alternative WARP endpoints:

engage.cloudflareclient.com:2408
162.159.193.1:2408
162.159.195.1:2408

Firewall blocking ports

ufw status numbered
# Ensure 443/tcp, 443/udp, 8443/udp, 2053/tcp, 8880/tcp, 2083/tcp are ALLOW

OOM kills (low RAM servers)

# Check swap
free -h
# If no swap, create one
fallocate -l 2G /swapfile && chmod 600 /swapfile && mkswap /swapfile && swapon /swapfile

Uninstall

bash <(curl -sL https://raw.githubusercontent.com/iPythoning/SUIWARP/main/uninstall.sh)

Service Management

systemctl status s-ui              # S-UI status
systemctl status wireproxy-warp    # WARP status
systemctl restart s-ui             # Restart proxy
systemctl restart wireproxy-warp   # Restart WARP tunnel
journalctl -u s-ui -f              # Live S-UI logs
journalctl -u wireproxy-warp -f    # Live WARP logs

Key Paths

Path	Description
`/usr/local/s-ui/db/s-ui.db`	S-UI SQLite database
`/usr/local/s-ui/sui`	S-UI binary
`/etc/wireproxy.conf`	wireproxy WireGuard config
`/etc/suiwarp/wgcf-account.toml`	WARP account credentials
`/root/suiwarp-client-links.txt`	Generated client links

Credits

S-UI | sing-box | wireproxy | wgcf

Files

4 total

Select a file

Select a file to preview.

Comments

Loading comments…