Doubleword API
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: doubleword-api Version: 1.0.0 The skill bundle is benign. It provides instructions and a helper script for interacting with the Doubleword API (api.doubleword.ai) for batch inference. All network calls (`curl`) are explicitly directed to `api.doubleword.ai` and require an API key, which is standard for API interaction. The `scripts/create_batch_file.py` script generates local JSONL files and does not perform any network operations or other high-risk actions. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the agent in `SKILL.md`.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone running these commands with a valid API key can act on the associated Doubleword account for the documented batch operations.
The skill expects a Doubleword API bearer token to upload files and manage batch jobs. This is expected for the integration, but users should treat the key as account authority.
-H "Authorization: Bearer $DOUBLEWORD_API_KEY"
Use a minimally scoped API key if available, keep it out of shared logs or files, and confirm the registry metadata or local configuration clearly documents the needed credential.
Batch request content will be sent to an external AI provider and may be processed or stored according to that provider's terms.
The documented workflow uploads a local JSONL batch file to the external Doubleword API. This is central to the skill, but the file may contain prompts or other user data.
curl https://api.doubleword.ai/v1/files ... -F file="@batch_requests.jsonl"
Review JSONL contents before upload, avoid regulated or sensitive data unless authorized, and check Doubleword's data retention and privacy terms.
Submitting the wrong file or batch ID could run unintended inference work, incur costs, or cancel a job the user meant to keep.
The skill documents direct API calls that create asynchronous batch jobs and also includes a cancellation operation. These are purpose-aligned but can affect account state and costs.
curl https://api.doubleword.ai/v1/batches ... "input_file_id": "file-abc123"
Confirm file IDs, batch IDs, completion windows, and expected cost before submitting or cancelling jobs.
Users have less external context for verifying who maintains the skill or whether it matches an official Doubleword integration.
The registry metadata does not provide an upstream source or homepage, which limits provenance verification even though the included artifacts are simple and purpose-aligned.
Source: unknown; Homepage: none
Verify the Doubleword API domain and documentation independently before using account credentials or uploading sensitive batch files.