Skip to main content

aliyun-sub2api-ops

Facilitates operations on Aliyun ECS servers and Sub2API deployments, ensuring efficient management and troubleshooting.

Install this skill

or
0/100

Security score

The aliyun-sub2api-ops skill was audited on Jun 10, 2026 and we found 31 security issues across 3 threat categories, including 5 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

medium line 31

Curl to non-GitHub URL

SourceSKILL.md
31ssh [email protected] 'curl -I --max-time 20 http://127.0.0.1:8080/login'
medium line 32

Curl to non-GitHub URL

SourceSKILL.md
32ssh [email protected] 'curl -s --max-time 20 http://127.0.0.1:8080/api/v1/settings/public'
medium line 58

Curl to non-GitHub URL

SourceSKILL.md
58ssh [email protected] 'curl -s --max-time 20 http://127.0.0.1:8080/api/v1/settings/public; echo'
medium line 59

Curl to non-GitHub URL

SourceSKILL.md
59ssh [email protected] 'curl -I --max-time 20 http://127.0.0.1:8080/login'
medium line 111

Curl to non-GitHub URL

SourceSKILL.md
111ssh [email protected] 'curl -I --max-time 20 --proxy http://127.0.0.1:10809 https://registry-1.docker.io/v2/'
medium line 112

Curl to non-GitHub URL

SourceSKILL.md
112ssh [email protected] 'docker exec sub2api_core sh -lc "curl -I --max-time 20 --proxy http://172.19.0.1:10809 https://www.google.com | sed -n '\''1,12p'\''"'
high line 148

Curl to non-GitHub URL

SourceSKILL.md
148- Docker pull timeout: verify `xray.service`, Docker proxy environment, and `curl --proxy http://127.0.0.1:10809`.
high line 11

Access to root home directory

SourceSKILL.md
11- Project directory: `/root/ResearchWang13`
high line 12

Access to root home directory

SourceSKILL.md
12- Compose file: `/root/ResearchWang13/docker-compose.yml`
high line 13

Access to root home directory

SourceSKILL.md
13- Env file: `/root/ResearchWang13/.env`
high line 23

Access to root home directory

SourceSKILL.md
23Never put database passwords, Redis passwords, VLESS links, or API keys into public files or Git commits. Read secrets from `/root/ResearchWang13/.env` on the server.
medium line 30

Access to root home directory

SourceSKILL.md
30ssh [email protected] 'cd /root/ResearchWang13 && docker ps --format "table {{.Names}}\t{{.Image}}\t{{.Status}}\t{{.Ports}}"'
medium line 50

Access to root home directory

SourceSKILL.md
50ssh [email protected] 'cd /root/ResearchWang13 && cp docker-compose.yml docker-compose.yml.bak_$(date +%Y%m%d_%H%M%S) && sed -i "s#^[[:space:]]*image: weishaw/sub2api:.*# image: weishaw/sub2api:0
medium line 51

Access to root home directory

SourceSKILL.md
51ssh [email protected] 'docker rm -f sub2api_core >/dev/null 2>&1 || true; cd /root/ResearchWang13 && docker-compose up -d'
medium line 133

Access to root home directory

SourceSKILL.md
133ssh [email protected] 'cd /root/ResearchWang13; DBH=$(awk -F= "/^DATABASE_HOST=/{print \$2}" .env | tr -d "\r"); DBP=$(awk -F= "/^DATABASE_PORT=/{print \$2}" .env | tr -d "\r"); DBU=$(awk -F= "/^DAT
medium line 139

Access to root home directory

SourceSKILL.md
139ssh [email protected] 'cd /root/ResearchWang13; DBH=$(awk -F= "/^DATABASE_HOST=/{print \$2}" .env | tr -d "\r"); DBP=$(awk -F= "/^DATABASE_PORT=/{print \$2}" .env | tr -d "\r"); DBU=$(awk -F= "/^DAT
medium line 13

Access to .env file

SourceSKILL.md
13- Env file: `/root/ResearchWang13/.env`
medium line 23

Access to .env file

SourceSKILL.md
23Never put database passwords, Redis passwords, VLESS links, or API keys into public files or Git commits. Read secrets from `/root/ResearchWang13/.env` on the server.
low line 87

Access to .env file

SourceSKILL.md
87- .env
medium line 93

Access to .env file

SourceSKILL.md
93The Redis entries in `.env` should be:
medium line 130

Access to .env file

SourceSKILL.md
130Build connection values from `.env` without sourcing the file, because it may have Windows CRLF:
low line 133

Access to .env file

SourceSKILL.md
133ssh [email protected] 'cd /root/ResearchWang13; DBH=$(awk -F= "/^DATABASE_HOST=/{print \$2}" .env | tr -d "\r"); DBP=$(awk -F= "/^DATABASE_PORT=/{print \$2}" .env | tr -d "\r"); DBU=$(awk -F= "/^DAT
low line 139

Access to .env file

SourceSKILL.md
139ssh [email protected] 'cd /root/ResearchWang13; DBH=$(awk -F= "/^DATABASE_HOST=/{print \$2}" .env | tr -d "\r"); DBP=$(awk -F= "/^DATABASE_PORT=/{print \$2}" .env | tr -d "\r"); DBU=$(awk -F= "/^DAT
low line 16

External URL reference

SourceSKILL.md
16- App URL: `http://47.106.198.133:8080`
low line 31

External URL reference

SourceSKILL.md
31ssh [email protected] 'curl -I --max-time 20 http://127.0.0.1:8080/login'
low line 32

External URL reference

SourceSKILL.md
32ssh [email protected] 'curl -s --max-time 20 http://127.0.0.1:8080/api/v1/settings/public'
low line 58

External URL reference

SourceSKILL.md
58ssh [email protected] 'curl -s --max-time 20 http://127.0.0.1:8080/api/v1/settings/public; echo'
low line 59

External URL reference

SourceSKILL.md
59ssh [email protected] 'curl -I --max-time 20 http://127.0.0.1:8080/login'
low line 111

External URL reference

SourceSKILL.md
111ssh [email protected] 'curl -I --max-time 20 --proxy http://127.0.0.1:10809 https://registry-1.docker.io/v2/'
low line 112

External URL reference

SourceSKILL.md
112ssh [email protected] 'docker exec sub2api_core sh -lc "curl -I --max-time 20 --proxy http://172.19.0.1:10809 https://www.google.com | sed -n '\''1,12p'\''"'
low line 148

External URL reference

SourceSKILL.md
148- Docker pull timeout: verify `xray.service`, Docker proxy environment, and `curl --proxy http://127.0.0.1:10809`.
Scanned on Jun 10, 2026
View Security Dashboard
Installation guide →
Rate this skill
Categorydevelopment
UpdatedJune 15, 2026
openclawbackenddevopsdevops-srebackend-developerdata-engineerdockerredispostgresqldevelopment
Pans0020/opencode-skills