Doppler
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If followed too broadly, the agent could delete secrets, projects, or configs and disrupt applications that depend on them.
The skill documents destructive Doppler operations, including a config deletion example that bypasses the CLI confirmation prompt with `--yes`, but does not add guidance to obtain explicit user confirmation or verify project/config scope first.
`doppler secrets delete KEY`; `doppler projects delete <name>`; `doppler configs delete --config <name> --yes`
Require explicit user confirmation for every delete or bulk mutation, verify the target project/config first, and avoid `--yes` unless the user has specifically approved the exact action.
Commands may operate with access to real Doppler secrets and account resources.
The skill expects the Doppler CLI to authenticate with a user account or service token, giving the agent access according to that account or token's permissions.
`doppler login` ... `--token <token>` | Use service token for auth
Use the least-privileged Doppler account or service token possible, scoped to the intended project/config, and avoid using broad admin credentials for routine tasks.
Secret values could be exposed in chat history, logs, or downstream tool outputs if the agent prints or processes them unnecessarily.
These commands can place secret values, including all secrets for a config, directly into command output where an agent may include them in conversation context or logs.
`doppler secrets get KEY --plain`; `doppler secrets download --no-file --format env`; `doppler secrets download --no-file --format json`
Only retrieve specific secrets when necessary, avoid all-secret downloads unless explicitly requested, and redact secret values from responses and logs.
A command could receive production secrets in its environment and leak or misuse them if chosen poorly.
The skill documents running arbitrary commands with Doppler secrets injected, which is a normal Doppler feature but sensitive if the command is not user-approved.
`doppler run -- <command>` | Run a command with secrets injected as env vars
Run only user-approved commands with injected secrets, prefer scoped configs, and avoid echoing or logging secret environment variables.
The installed Doppler CLI becomes part of the trusted execution path for managing secrets.
The skill relies on installing an external CLI from Doppler/Homebrew; this is purpose-aligned, but the CLI is outside the reviewed artifact set.
install_command: "brew install dopplerhq/cli/doppler" ... install from https://docs.doppler.com/docs/install-cli
Install the CLI only from Doppler's official instructions, verify the package source, and keep it updated.