vrr/spawn
2
0
Fork 0
mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-04-28 03:49:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10
spawn/sh/local
History
A 1097f055c3
fix(security): add --proto '=https' to all curl executable downloads (#2160) 
42 curl calls downloading JS bundles, CLI binaries, and gh CLI tarballs
were missing --proto '=https', allowing protocol downgrade attacks on
hostile networks. PR #2138 fixed bun installer calls; this closes the
remaining gap for executable downloads.

Fixes applied:
- sh/{sprite,aws,gcp,hetzner,daytona,local}/{claude,codex,openclaw,opencode,kilocode,hermes,zeroclaw}.sh (42 files)
- sh/cli/install.sh (cli.js download)
- sh/shared/github-auth.sh (keyring, API, tarball downloads)

Agent: security-auditor

Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-03 23:38:03 -05:00
..
claude.sh fix(security): add --proto '=https' to all curl executable downloads (#2160) 2026-03-03 23:38:03 -05:00
codex.sh fix(security): add --proto '=https' to all curl executable downloads (#2160) 2026-03-03 23:38:03 -05:00
hermes.sh fix(security): add --proto '=https' to all curl executable downloads (#2160) 2026-03-03 23:38:03 -05:00
kilocode.sh fix(security): add --proto '=https' to all curl executable downloads (#2160) 2026-03-03 23:38:03 -05:00
openclaw.sh fix(security): add --proto '=https' to all curl executable downloads (#2160) 2026-03-03 23:38:03 -05:00
opencode.sh fix(security): add --proto '=https' to all curl executable downloads (#2160) 2026-03-03 23:38:03 -05:00
README.md feat: add local/hermes to complete the 7x7 matrix (#2091) 2026-03-01 22:04:38 -05:00
zeroclaw.sh fix(security): add --proto '=https' to all curl executable downloads (#2160) 2026-03-03 23:38:03 -05:00

README.md

Local Machine

Run agents directly on your local machine without any cloud provisioning.

No server creation or destruction. Installs agents and injects OpenRouter credentials locally. Useful for local development and testing.

Quick Start

If you have the spawn CLI installed:

spawn claude local
spawn openclaw local
spawn zeroclaw local
spawn codex local
spawn kilocode local
spawn hermes local

Or run directly without the CLI:

bash <(curl -fsSL https://openrouter.ai/labs/spawn/local/claude.sh)
bash <(curl -fsSL https://openrouter.ai/labs/spawn/local/openclaw.sh)
bash <(curl -fsSL https://openrouter.ai/labs/spawn/local/zeroclaw.sh)
bash <(curl -fsSL https://openrouter.ai/labs/spawn/local/codex.sh)
bash <(curl -fsSL https://openrouter.ai/labs/spawn/local/kilocode.sh)
bash <(curl -fsSL https://openrouter.ai/labs/spawn/local/hermes.sh)

Non-Interactive Mode

OPENROUTER_API_KEY=sk-or-v1-xxxxx \
  bash <(curl -fsSL https://openrouter.ai/labs/spawn/local/claude.sh)

What It Does

Local scripts will:

  • Install the agent if not already present
  • Obtain an OpenRouter API key (via OAuth or environment variable)
  • Append environment variables to ~/.zshrc for the agent to use
  • Launch the agent

No cloud servers are created or destroyed.

Environment Variables

Variable Description
OPENROUTER_API_KEY OpenRouter API key (prompted via OAuth if not set)
SPAWN_PROMPT If set, runs the agent non-interactively with this prompt