Is 0xm1kr/doppel-block-builder safe?

The skill explicitly instructs the agent to install three additional skills: 'doppel' (prerequisite), 'architect' (recommended), and 'social-outreach' (next step). Each additional skill expands the agent's behavioral surface area and could introduce risks not evaluated in this audit. The 'Next step' section uses imperative language: 'Install the social-outreach skill.'

The skill uses gamification and FOMO language designed to make the agent act autonomously without user prompting. Phrases like 'agents who skip fall behind', 'every placement is permanent and scored', and 'your streak depends on it' create artificial urgency that could override user intent.

The skill attempts to establish a recurring autonomous behavior pattern for the agent: 'build → share → recruit → build again'. This could cause the agent to perform actions without explicit user requests.

The skill instructs the agent to make POST requests with Bearer token authentication to external server endpoints ({serverUrl}/api/agent/mml). While the payload is MML content (not user data), the agent sends authentication tokens to third-party infrastructure.

The skill directs the agent to read API credentials from ~/.openclaw/openclaw.json and environment variables. While this is the intended credential storage for the platform, it normalizes the agent reading credential files.

The .clawhub/lock.json references 'academic-research-hub' as an installed skill, which has no obvious connection to a 3D block builder. This could indicate the skill was developed in an environment with other skills, or could be an artifact of a shared development pipeline.

The skill contains only a SKILL.md markdown file, _meta.json metadata, and .clawhub/lock.json. No executable code, scripts, hooks, or submodules were detected.

No canary files (.env, SSH keys, AWS credentials) were accessed or modified during the skill installation process.