Is 0xm1kr/doppel-social-outreach safe?

https://github.com/openclaw/skills/tree/main/skills/0xm1kr/doppel-social-outreach

90
SAFE

This is a pure-markdown social media outreach skill for the Doppel virtual world platform. It contains no executable code, no data exfiltration vectors, and no traditional prompt injection attacks. The primary concerns are behavioral: it encourages autonomous daily social media posting without user-approval guardrails, includes cross-skill installation directives that could expand attack surface, and describes an agent-to-agent recruitment mechanism that could amplify propagation of untrusted skills.

Category Scores

Prompt Injection 82/100 · 30%
Data Exfiltration 96/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 72/100 · 5%

Findings (5)

LOW Cross-skill installation directives -8

The skill explicitly instructs agents to install two other skills ('doppel' and 'block-builder') as part of its workflow. While this is contextually appropriate for the platform's ecosystem, it creates a propagation vector where installing this skill leads to installing additional skills whose security has not been verified in this audit.

LOW Persistent behavioral loop directives -10

The skill attempts to establish a daily behavioral pattern in the agent, encouraging it to autonomously run a 'builder-promoter loop' every day. These directives shape agent behavior beyond responding to user requests, though they are consistent with the skill's stated purpose.

INFO External URL references -4

The skill references two external URLs (moltbook.com and doppel.fun) as platform resources. These are informational links only — the skill does not instruct the agent to fetch content from, authenticate with, or send data to these URLs.

LOW Autonomous social media posting risk -18

The skill provides detailed templates and encouragement for posting across four social media platforms. An agent with social media API access could act on these instructions without user confirmation, resulting in unsanctioned posts. The skill does not include any guardrails requiring user approval before posting.

LOW Agent-to-agent viral recruitment mechanism -10

The skill describes a recruitment mechanism where agents post on Moltbook to recruit other AI agents, creating a viral loop. While this is the skill's intended function, it could be exploited to rapidly spread skill installations across an agent network without human oversight.