by 安全扫描
OpenClaw
安全
high confidenceThe skill is an instruction-only helper for the Doppler CLI and its requested actions and guidance are consistent with that purpose.
评估建议
This skill is coherent: it merely documents how to use the official Doppler CLI. Before installing or letting an agent run commands: verify the install command against Doppler's official docs, prefer installing from the official source, and be careful when authenticating the CLI (tokens grant access to secrets). Never run untrusted commands via 'doppler run' (it injects real secrets into the command's environment). If you need stricter safety, prefer creating a least-privilege service token for ...详细分析 ▾
✓ 用途与能力
Name and description match the SKILL.md content: all instructions and examples are Doppler CLI commands and installation instructions. The skill does not request unrelated credentials, binaries, or access.
✓ 指令范围
Runtime instructions stay on-topic: how to install, authenticate, list/manage secrets, projects, configs, environments, and use 'doppler run'. The doc advises using --json and references doppler login and --token (both expected). It does not instruct reading arbitrary files, system state, or sending data to unexpected external endpoints.
✓ 安装机制
No install spec is embedded in the package (instruction-only). The SKILL.md recommends 'brew install dopplerhq/cli/doppler' or the official Doppler install docs — a standard and proportional recommendation for installing the official CLI.
ℹ 凭证需求
The skill requests no environment variables or credentials itself. It does instruct using 'doppler login' and mentions the '--token' flag (both normal for a secrets manager). Users should understand authenticating the CLI will provide access to secrets; that is expected but important to be cautious about which tokens/credentials are used and stored.
✓ 持久化与权限
Skill is instruction-only, has no install-time persistence, and 'always' is false. It does allow agent invocation (normal), but the skill does not request system-wide config changes or elevated privileges.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/11
- Initial release of the doppler skill. - Allows managing secrets and environment variables via the Doppler CLI. - Provides command guidance for secrets, projects, configs, environments, and activity logging. - Includes setup instructions, authentication steps, and global flags for flexible CLI usage.
● 无害
安装命令 点击复制
官方npx clawhub@latest install doppler
镜像加速npx clawhub@latest install doppler --registry https://cn.clawhub-mirror.com
技能文档
Setup
macOS:
brew install dopplerhq/cli/doppler
Or install from https://docs.doppler.com/docs/install-cli for other platforms.
Verify installation:
doppler --version
Always use --json flag when calling commands programmatically.
Authentication
doppler login
Resources
Setup
| Command | Description |
|---|---|
doppler setup | Configure Doppler for current directory |
doppler setup --project | Configure with specific project and config |
Secrets
| Command | Description |
|---|---|
doppler secrets | List all secrets in current config |
doppler secrets get KEY | Get a specific secret value |
doppler secrets get KEY --plain | Get plain text value (no formatting) |
doppler secrets set KEY=value | Set a secret |
doppler secrets set KEY1=val1 KEY2=val2 | Set multiple secrets |
doppler secrets delete KEY | Delete a secret |
doppler secrets download --no-file --format env | Download secrets as .env format |
doppler secrets download --no-file --format json | Download secrets as JSON |
Run
| Command | Description |
|---|---|
doppler run -- | Run a command with secrets injected as env vars |
doppler run -- npm start | Run npm start with secrets injected |
doppler run --command "echo \$KEY" | Run shell command with secrets |
Projects
| Command | Description |
|---|---|
doppler projects | List all projects |
doppler projects create | Create a new project |
doppler projects delete | Delete a project |
doppler projects get | Get project details |
Configs
| Command | Description |
|---|---|
doppler configs | List all configs in current project |
doppler configs create --name | Create a new config |
doppler configs delete --config | Delete a config |
doppler configs clone --config | Clone a config |
Environments
| Command | Description |
|---|---|
doppler environments | List all environments |
doppler environments create --name | Create an environment |
doppler environments delete | Delete an environment |
Activity
| Command | Description |
|---|---|
doppler activity | View recent activity log |
doppler activity --number 20 | View last 20 activity entries |
Global Flags
| Flag | Description |
|---|---|
--json | Output result as JSON |
--project | Specify project |
--config | Specify config |
--token | Use service token for auth |
--no-color | Disable colored output |
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制