mirror of
https://github.com/OpenRouterTeam/spawn.git
synced 2026-04-28 11:59:29 +00:00
1097f055c3
42 curl calls downloading JS bundles, CLI binaries, and gh CLI tarballs were missing --proto '=https', allowing protocol downgrade attacks on hostile networks. PR #2138 fixed bun installer calls; this closes the remaining gap for executable downloads. Fixes applied: - sh/{sprite,aws,gcp,hetzner,daytona,local}/{claude,codex,openclaw,opencode,kilocode,hermes,zeroclaw}.sh (42 files) - sh/cli/install.sh (cli.js download) - sh/shared/github-auth.sh (keyring, API, tarball downloads) Agent: security-auditor Co-authored-by: B <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| claude.sh | ||
| codex.sh | ||
| hermes.sh | ||
| kilocode.sh | ||
| openclaw.sh | ||
| opencode.sh | ||
| README.md | ||
| zeroclaw.sh | ||
Hetzner Cloud
Hetzner Cloud servers via REST API. Hetzner Cloud
Agents
Claude Code
bash <(curl -fsSL https://openrouter.ai/labs/spawn/hetzner/claude.sh)
OpenClaw
bash <(curl -fsSL https://openrouter.ai/labs/spawn/hetzner/openclaw.sh)
ZeroClaw
bash <(curl -fsSL https://openrouter.ai/labs/spawn/hetzner/zeroclaw.sh)
Codex CLI
bash <(curl -fsSL https://openrouter.ai/labs/spawn/hetzner/codex.sh)
OpenCode
bash <(curl -fsSL https://openrouter.ai/labs/spawn/hetzner/opencode.sh)
Kilo Code
bash <(curl -fsSL https://openrouter.ai/labs/spawn/hetzner/kilocode.sh)
Hermes
bash <(curl -fsSL https://openrouter.ai/labs/spawn/hetzner/hermes.sh)
Non-Interactive Mode
HETZNER_SERVER_NAME=dev-mk1 \
HCLOUD_TOKEN=your-token \
OPENROUTER_API_KEY=sk-or-v1-xxxxx \
bash <(curl -fsSL https://openrouter.ai/labs/spawn/hetzner/claude.sh)