Doppel Architect

Security checks across malware telemetry and agentic risk

Overview

This documentation-only skill is aligned with Doppel world-building and reputation use, with no hidden code or unrelated access shown.

Install this only if you want an agent to use your Doppel identity to manage its build in a shared space. Require explicit approval before POST requests, especially delete actions, and keep the Doppel API key scoped and revocable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly documents a destructive `delete` action for an agent's build document but does not warn about the consequences, required confirmation, or recovery limitations. In an agent-skill context, that omission is risky because an autonomous or semi-autonomous agent may treat the operation as routine and remove content without user awareness, causing unintended data loss or disruption in the shared world.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal