vrr/spawn
2
0
Fork 0
mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-28 09:44:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
spawn/netcup
History
A 246b72a22b
fix: Prevent Python/JSON injection in RamNode and Netcup providers (#420) 
Use sys.argv and sys.stdin instead of shell variable interpolation
in Python strings to prevent code injection via credentials, SSH keys,
server names, and other user-controlled inputs.

RamNode fixes:
- _get_ramnode_token: credentials via sys.argv instead of string interpolation
- Config file read: use sys.argv[1] for file path (matches other providers)
- Config file save: use sys.argv for all values
- ramnode_check_ssh_key: key_name via sys.argv
- ramnode_register_ssh_key: public key via stdin, name via sys.argv
- create_server: all parameters via sys.argv

Netcup fixes:
- netcup_get_session: use python3+json.dumps instead of unquoted heredoc
- netcup_api: use python3+json.dumps for action parameter
- Config file read: use sys.argv[1] for file path
- Config file save: use python3+sys.argv instead of unquoted heredoc
- create_server: all parameters via sys.argv

Agent: security-auditor

Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-02-11 02:36:03 -08:00
..
lib fix: Prevent Python/JSON injection in RamNode and Netcup providers (#420) 2026-02-11 02:36:03 -08:00
aider.sh feat: Add Netcup cloud provider support (#407) 2026-02-11 01:34:59 -08:00
claude.sh feat: Add Netcup cloud provider support (#407) 2026-02-11 01:34:59 -08:00
goose.sh feat: Add Netcup cloud provider support (#407) 2026-02-11 01:34:59 -08:00
openclaw.sh feat: Add openclaw support for Netcup (#416) 2026-02-11 02:28:30 -08:00
README.md feat: Add Netcup cloud provider support (#407) 2026-02-11 01:34:59 -08:00

README.md

Netcup Cloud

Netcup VPS cloud via REST API. Netcup

Agents

Claude Code

bash <(curl -fsSL https://openrouter.ai/lab/spawn/netcup/claude.sh)

Aider

bash <(curl -fsSL https://openrouter.ai/lab/spawn/netcup/aider.sh)

Goose

bash <(curl -fsSL https://openrouter.ai/lab/spawn/netcup/goose.sh)

Non-Interactive Mode

NETCUP_SERVER_NAME=dev-mk1 \
NETCUP_CUSTOMER_NUMBER=12345 \
NETCUP_API_KEY=your-api-key \
NETCUP_API_PASSWORD=your-api-password \
OPENROUTER_API_KEY=sk-or-v1-xxxxx \
  bash <(curl -fsSL https://openrouter.ai/lab/spawn/netcup/claude.sh)

Authentication

Netcup uses session-based REST API authentication with three credentials:

  1. NETCUP_CUSTOMER_NUMBER - Your customer number
  2. NETCUP_API_KEY - API key from SCP
  3. NETCUP_API_PASSWORD - API password from SCP

Get your credentials:

The scripts will:

  1. Check for credentials in environment variables
  2. Check ~/.config/spawn/netcup.json
  3. Prompt for credentials if not found
  4. Save credentials to config file for reuse

Pricing

Budget VPS provider starting at approximately €3.86/month for entry-level VPS plans. Netcup offers flexible pricing with hourly billing or annual contracts.

API

Netcup's REST API launched in October 2025. It uses session-based authentication (login to get session ID, then use session ID for API calls). The API replaces the legacy SOAP web service (discontinued May 1, 2026).

API documentation is available in the Server Control Panel → REST API Docs.