ClawHub

Doppler

v1.0.0

Manage secrets and environment variables via Doppler CLI - secrets, projects, configs, environments. Use when user mentions 'doppler', 'secrets management',...

0· 211·0 current·0 all-time
byMelvyn@melvynx
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the SKILL.md content: all instructions and examples are Doppler CLI commands and installation instructions. The skill does not request unrelated credentials, binaries, or access.
Instruction Scope
Runtime instructions stay on-topic: how to install, authenticate, list/manage secrets, projects, configs, environments, and use 'doppler run'. The doc advises using --json and references doppler login and --token (both expected). It does not instruct reading arbitrary files, system state, or sending data to unexpected external endpoints.
Install Mechanism
No install spec is embedded in the package (instruction-only). The SKILL.md recommends 'brew install dopplerhq/cli/doppler' or the official Doppler install docs — a standard and proportional recommendation for installing the official CLI.
Credentials
The skill requests no environment variables or credentials itself. It does instruct using 'doppler login' and mentions the '--token' flag (both normal for a secrets manager). Users should understand authenticating the CLI will provide access to secrets; that is expected but important to be cautious about which tokens/credentials are used and stored.
Persistence & Privilege
Skill is instruction-only, has no install-time persistence, and 'always' is false. It does allow agent invocation (normal), but the skill does not request system-wide config changes or elevated privileges.
Assessment
This skill is coherent: it merely documents how to use the official Doppler CLI. Before installing or letting an agent run commands: verify the install command against Doppler's official docs, prefer installing from the official source, and be careful when authenticating the CLI (tokens grant access to secrets). Never run untrusted commands via 'doppler run' (it injects real secrets into the command's environment). If you need stricter safety, prefer creating a least-privilege service token for the CLI and review any agent actions that would call 'doppler run' or 'doppler secrets get' before allowing them.

Like a lobster shell, security has layers — review code before you run it.

latestvk976enjt9pn19w0xfyf0r5wgr982m8yz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments