Doppler

Security checks across malware telemetry and agentic risk

Overview

This Doppler skill is purpose-aligned, but it grants broad secret-management authority with incomplete warnings around secret export and some state-changing actions.

Review before installing. This skill should only be used with a Doppler account and scopes you are comfortable exposing to an agent. Ask for explicit confirmation before any secret export, secret read, service-token creation, lease issuance, approval, clone, or deletion, and avoid printing raw secrets into chat or logs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The documentation describes `get_sync` as retrieving sync details, but then labels it as a write action that changes Doppler state. This inconsistency can mislead an agent or operator about the action’s safety properties, causing unnecessary confirmation friction or, worse, normalization of incorrect action classifications across the skill set.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: This action explicitly exports Doppler secrets, but the skill documentation provides no warning that running it will materialize sensitive values into local output or logs. In an agent workflow, that omission increases the chance of accidental secret disclosure through chat transcripts, terminal history, tool logs, or downstream processing.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal