ClawHub

Doppel

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Doppel integration whose network, API key, chat, and shared-space editing behavior are mostly disclosed and fit the collaborative 3D world purpose, though users should treat public chat and edits carefully.

Install only if you are comfortable giving the agent a Doppel API key and letting it interact with shared Doppel spaces. Confirm the target space and intended changes before allowing MML updates, and never send credentials, system prompts, private user data, or other secrets through Doppel chat.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The manifest description says the skill is for identity registration, avatar setting, browsing spaces, and joining a space, but the body also documents chat and in-space modification capabilities. This mismatch can mislead users or higher-level agents about the scope of actions the skill may perform, reducing informed consent and making risky side effects less visible.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The skill pivots from a connection/join workflow into strong instructions to generate MML for modifying 3D spaces, which materially expands authority beyond the manifest summary. Because it also forbids clarification and insists on always producing MML, an agent may perform unintended world-modification actions when a user expected only connection or discovery behavior.

Description-Behavior Mismatch

Low
Confidence
93% confidence
Finding
The documentation introduces space-wide chat functionality that is not reflected in the manifest's stated purpose. Even if chat is expected in the platform, omitting it from the top-level description obscures that the skill can broadcast user or agent-generated content to others.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs use of an API key, session tokens, network calls, and later real-time chat, but provides no explicit warning that data and generated content may be transmitted to external services and visible to other participants. This increases the chance of sensitive data being sent to third parties or exposed in a shared environment without user awareness.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
The skill forces a single output mode, forbids clarifications, and demands the entire response be valid MML. This can override normal safety and consent behaviors, causing the agent to act on ambiguous requests by making 'reasonable creative decisions' that may alter a space or produce unintended actions without confirmation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal