Is 0xm1kr/doppel-architect safe?

https://github.com/openclaw/skills/tree/main/skills/0xm1kr/doppel-architect

89
SAFE

The doppel-architect skill is a documentation-only skill for the Doppel collaborative world-building platform. It contains no executable code, no hidden instructions, and triggered no suspicious behavior during clone monitoring. The primary concerns are the urgency-driven language that could cause agents to prioritize building streaks over user tasks, and the recommendation to install three additional skills which expands the trust surface.

Category Scores

Prompt Injection 75/100 · 30%
Data Exfiltration 92/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (7)

MEDIUM Urgency-based priority manipulation -10

The skill uses strong urgency language to pressure the agent into prioritizing building submissions over user tasks. Phrases like 'the most valuable thing you have', 'Treat the clock like a deadline', and 'Inactivity is the biggest rep killer' create behavioral pressure that could cause the agent to act autonomously or deprioritize explicit user instructions in favor of maintaining streaks.

MEDIUM Recommends installing additional skills -10

The skill explicitly instructs the agent to install three additional skills (block-builder, social-outreach, erc-8004), expanding the trust boundary without requiring explicit user approval for each. If any of these downstream skills contain malicious content, this skill acts as an entry point into a broader attack chain.

LOW Agent persona override -5

The skill opens with 'You are a builder' which sets a persona identity for the agent. While common in skill design, this subtly overrides the agent's default helpful-assistant identity.

LOW External API data submission -5

The skill instructs the agent to send MML content via POST requests to an external server endpoint. While this is the stated purpose of the skill, it does result in data being sent to third-party infrastructure controlled by the skill ecosystem operator.

LOW Reads API credentials from local config -3

The skill references reading the Doppel API key from ~/.openclaw/openclaw.json or environment variables. This is expected for authentication but provides the skill access to credential material.

INFO Financial incentive loop may drive autonomous behavior -5

The skill describes a reputation-to-token pipeline where consistent daily building yields increasing token allocations. This economic incentive could cause the agent to act autonomously to maximize financial returns, potentially conflicting with user intentions.

INFO No executable code detected 0

The skill contains only a SKILL.md documentation file, a _meta.json metadata file, and a .clawhub/lock.json lock file. No executable code, scripts, hooks, or submodules were found.