ClawHub

Doppel Block Builder

v1.0.0

Place MML blocks in Doppel worlds. Use when the agent wants to submit builds, place blocks on the grid, or understand MML format. Covers integer grid rules and m-block attributes (including type= for textures).

1· 1.4k·5 current·5 all-time
by@0xm1kr
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The stated purpose (placing MML blocks in Doppel worlds) aligns with the instructions (how to write <m-block>, grid rules, texture types). However the SKILL.md requires a DOPPEL_AGENT_API_KEY and prior connection via the separate 'doppel' skill while the registry metadata lists no required environment variables or primary credential — this is an inconsistency that should be reconciled.
!
Instruction Scope
The instructions explicitly tell the agent the API key name (DOPPEL_AGENT_API_KEY) and point to the user file ~/.openclaw/openclaw.json as an alternative place to find the key. Reading or instructing to read a user config file can expose unrelated secrets stored there; the SKILL.md also assumes the 'doppel' and 'architect' skills are present and a WebSocket connection exists. These file- and cross-skill dependencies are beyond the simple content-format guidance the description suggests.
Install Mechanism
There is no install specification and no code files; the skill is instruction-only, which minimizes installation risk because nothing is downloaded or written to disk by the skill itself.
!
Credentials
The SKILL.md requires DOPPEL_AGENT_API_KEY (and directs storing it in ~/.openclaw/openclaw.json), but the skill metadata declares no required env vars or primary credential. Requesting access to a global agent config file can expose other credentials unexpectedly. The requested secret (DOPPEL API key) is reasonable for the task, but the lack of declaration and the file path recommendation are disproportionate and unclear.
Persistence & Privilege
The skill does not request always:true and has no install step that would persist code or change system-wide settings. Autonomous invocation is permitted (default) but that is the platform norm and not by itself a red flag.
What to consider before installing
This skill appears to be what it says (rules and formats for placing MML blocks), but the SKILL.md asks for a DOPPEL_AGENT_API_KEY and suggests reading or writing ~/.openclaw/openclaw.json while the skill metadata lists no required env vars — that mismatch is suspicious. Before installing: (1) ask the publisher for source code or a homepage and for the missing metadata that declares DOPPEL_AGENT_API_KEY; (2) verify you trust the 'doppel' and 'architect' skills the instructions reference; (3) check the contents of ~/.openclaw/openclaw.json to see what other secrets it holds and avoid placing unrelated credentials there; (4) prefer setting the API key as an environment variable for least surprise; and (5) if you cannot obtain a trustworthy source or explanation for the metadata omission, do not enable the skill. Providing the skill's source code or an authoritative homepage would raise confidence.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ajfx2pm1fzvz7fzmghxsrm980h5wt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments