ClawHub

Agent Doppelgänger

v1.0.0

Constrained autonomous delegate for identity-proxied communication. Handles incoming messages (Email, Discord, Slack, WhatsApp) by analyzing intent and applying declarative authority policies before generating responses. Use when the user wants to delegate communication tasks while maintaining identity fidelity and enforcing strict non-overreach boundaries.

1· 1.8k·7 current·10 all-time
bySieer Shafi Lone@sieershafilone
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to handle Email, Discord, Slack, and WhatsApp and to enforce declarative policies. Its manifest and code show local policy/profile reads and audit writes under ~/.openclaw/adg, which is consistent with an on-device delegate. However, the shipped code is a lightweight scaffold (no channel adapters or network/connector code) and the referenced policy DSL file is missing (policy-dsl.md is 'To Be Created'), so the skill currently oversells out-of-the-box channel support and policy tooling. Also the registry metadata version (1.0.0) and manifest version (0.1.0) differ, indicating sloppy packaging.
Instruction Scope
SKILL.md stays within the claimed scope (intent analysis, policy gate, confidence, watermarking, audit). Runtime scripts do perform local file I/O: reading profiles, policies, contacts, and writing audit logs and style/profile files under ~/.openclaw/adg. That file access is proportional to the stated purpose, but reanchor_style will create a training_samples.jsonl in the user's home profile directory if absent, which is an active filesystem change the user should be aware of.
Install Mechanism
No install spec (instruction-only plus bundled code) — lowest install risk. All code is included in the bundle and there are no downloads/remote installers. That said, the code imports PyYAML and other stdlib modules; ensure required Python packages are installed in a controlled environment.
Credentials
The skill requests no environment variables or external credentials. The manifest limits network outbound access and restricts filesystem permissions to ~/.openclaw/adg/*, which aligns with the declared local-first design. There are no hidden credential requests in SKILL.md or the code.
Persistence & Privilege
The manifest marks runtime type as long_running and requires persistence (it will read/write under ~/.openclaw/adg and keep audit logs). always:false (not force-included) and network outbound is false — good. Still, persistent long-running components that keep audit logs and memory increase blast radius if later modified to enable networking; verify runtime isolation and permissions before enabling in a sensitive account.
What to consider before installing
What to consider before installing: - Trust and provenance: The skill's source/homepage are unknown and author contact looks local/test. Treat it as third-party experimental code and prefer testing in an isolated environment before using with real accounts. - Local file writes: The skill reads/writes under ~/.openclaw/adg (profile, policies, memory, audit). Expect creation of training_samples.jsonl and style.yaml by reanchor_style.py. If you don't want files created at that path, run it in a sandbox or adjust the base path. - Missing pieces / oversell: The code is a scaffold — there are no channel adapters included (no actual Email/Discord/Slack/WhatsApp connectors) and the referenced policy DSL file is not present. Policy enforcement depends on files you must supply; do not assume safe defaults. - Review policies first: Before enabling autonomous replies, create and inspect the policy and contacts YAMLs that live in ~/.openclaw/adg/policies and ~/.openclaw/adg/profile. A misconfigured allowlist could enable undesired autonomous replies. - Dependencies & runtime: The scripts use PyYAML (yaml). Run in a controlled Python environment (venv) and review imports. The manifest expects a long-running Python service — ensure the runtime's isolation and permission controls are enforced by your platform. - Watermark & audit: The tool adds a subtle watermark marker (signature '⛧') and writes audit logs. If that behavior is undesirable, plan to modify or disable watermarking and confirm audit storage is acceptable. - Safe testing: Start with draft-only/default mode and non-sensitive channels/accounts. Confirm policy gates behave as you expect. If you plan to enable persistent/autonomous behavior later, re-audit the code and configuration and ensure network egress remains disabled. Because the package is largely coherent but incomplete/oversold and makes persistent changes on the filesystem, exercise caution (test in a sandbox, inspect or author the policy files, and confirm the runtime isolation) before granting it access to real messaging channels or sensitive accounts.

Like a lobster shell, security has layers — review code before you run it.

adgvk970mrxz7hja4ezzf3jwwb9rj580m2ydlatestvk970mrxz7hja4ezzf3jwwb9rj580m2ydpolicyvk970mrxz7hja4ezzf3jwwb9rj580m2yd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments