Docker Mirror
v1.0.1Docker 镜像拉取工具,自动切换镜像源。当官方 registry (docker.io) 拉取超时或失败时,自动尝试备用镜像(docker.1ms.run、docker.m.daocloud.io)。适用于网络受限的 Linux 环境。需要 sg (sgdocker group) 和 docker 已安装。触...
⭐ 0· 44·0 current·0 all-time
MIT-0
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description describe a Docker pull wrapper and the included script implements exactly that: try docker.io, then try listed mirrors, tag back the image, and clean up. The requirement for sg and docker is documented and expected.
Instruction Scope
SKILL.md instructs running the provided script and proxies other docker commands to the host via 'sg docker -c'. The instructions do not read unrelated files or environment variables. Note: because the wrapper forwards arbitrary docker commands it can be used to pull and run arbitrary container images — this is expected for a Docker wrapper but increases operational risk.
Install Mechanism
No install spec — the skill is instruction + a simple shell script. Nothing is downloaded or written to disk by an installer. This is low risk from an install-mechanism perspective.
Credentials
The skill requests no environment variables or external credentials. It does require access to the Docker daemon (via sg into the docker group); access to the docker group is effectively root-equivalent on the host, which is expected for Docker operations but is a privileged capability the operator should be aware of. The script does contact third‑party registries (docker.1ms.run, docker.m.daocloud.io) — those are outside the user's control and carry supply-chain/trust risk.
Persistence & Privilege
always:false and default autonomous invocation is unchanged. The skill does not request permanent installation or modify other skills or global agent settings.
Assessment
Functionally this skill does what it says: it wraps docker pull and falls back to listed mirrors. Before installing or using it, consider: (1) Third‑party mirrors can serve tampered images — prefer official registries or verified digests; verify image digests/signatures (Docker Content Trust / Notary) when possible. (2) The script runs docker via 'sg docker', so the invoking user must be in the docker group; membership in that group grants high privilege on the host. (3) If you must use mirrors, audit the mirror domains and prefer pulls by digest rather than by tag. (4) If you want more control, consider configuring registry mirrors at the Docker daemon level or manually pulling images and verifying them before running. If you want me to, I can list specific checks to verify the mirror domains and how to pull by digest/signature.Like a lobster shell, security has layers — review code before you run it.
chinadockerlatestmirror
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Docker Mirror
自动处理 Docker 镜像拉取失败,切换到国内镜像源。
工作原理
- 先尝试官方 registry (
docker.io) - 失败则按顺序尝试备用镜像
- 成功后 tag 回原名并清理镜像残留
使用方法
# 拉取镜像(核心用法)
bash ./scripts/docker.sh pull <镜像名>[:标签]
# 示例
bash ./scripts/docker.sh pull nginx:latest
bash ./scripts/docker.sh pull redis:alpine
bash ./scripts/docker.sh pull postgres:15
其他 Docker 命令
非 pull 命令直接透传给 docker:
bash ./scripts/docker.sh ps -a
bash ./scripts/docker.sh images
bash ./scripts/docker.sh run -it nginx:latest
bash ./scripts/docker.sh stop nginx
镜像源状态
最新验证结果(2026-03-29):
| 镜像源 | 状态 | 备注 |
|---|---|---|
| docker.io | ❌ 超时 | 国内访问不稳定 |
| docker.1ms.run | ✅ 可用 | 主要备用源 |
| docker.m.daocloud.io | ✅ 可用 | DaoCloud 镜像 |
已验证可正常拉取:hello-world、nginx:latest、nginx:alpine
故障排除
如果 docker.sh pull 失败:
-
检查 Docker daemon 是否运行:
bash ./scripts/docker.sh ps -
查看本地镜像:
bash ./scripts/docker.sh images -
手动指定镜像源:
bash ./scripts/docker.sh pull docker.1ms.run/library/nginx
环境依赖
sg命令(sgdocker 组权限)docker已安装且 daemon 运行中
Files
2 totalSelect a file
Select a file to preview.
Comments
Loading comments…