← Back to Skills Marketplace
Agent Doppelgänger
by
Sieer Shafi Lone
· GitHub ↗
· v1.0.0
1829
Downloads
1
Stars
7
Active Installs
1
Versions
Install in OpenClaw
/install agent-doppelganger
Description
Constrained autonomous delegate for identity-proxied communication. Handles incoming messages (Email, Discord, Slack, WhatsApp) by analyzing intent and applying declarative authority policies before generating responses. Use when the user wants to delegate communication tasks while maintaining identity fidelity and enforcing strict non-overreach boundaries.
README (SKILL.md)
Agent Doppelgänger (ADG)
ADG is a policy-bounded identity proxy for real-world communication. It acts as a constrained autonomous delegate that communicates on your behalf within formally provable limits.
Core Workflow
- Adapter: Normalize incoming messages from various channels.
- Intent Analysis: Classify the intent along Domain, Stakes, Authority, and Ambiguity.
- Policy Gate: Evaluate declarative policies (DSL) to determine if the agent is allowed to handle the request.
- Confidence Engine: Measure confidence in both intent analysis and proposed handling.
- Response Generation: Synthesize a response using your Style, Heuristics, and Preferences.
- Verifier: Audit the response against hard constraints before sending or drafting.
Implementation Details
1. Identity Modeling
Identity is modeled as a composition of four layers:
- Style: Surface form characteristics (length, directness, vocabulary).
- Heuristics: Core decision logic (e.g., "avoid meetings without agenda").
- Preferences: Soft weights (e.g., Work > Social).
- Constraints: Hard, user-defined rules.
2. Authority & Policy
Policies are declarative and evaluated before any generation occurs. This ensures safety and prevents prompt injection from bypassing limits.
3. Escalation
ADG automatically escalates to you (Draft or Block) if:
- Policy is violated.
- Confidence falls below the defined threshold.
- The request involves forbidden domains (Finance, Legal, Medical, etc.).
References
- See specification.md for the full architectural blueprint.
- See policy-dsl.md (To Be Created) for the formal policy language definition.
Forbidden Modeling
ADG is strictly forbidden from modeling or handling:
- Secrets
- Financial authority
- Legal intent
- Political opinions
- Emotional vulnerability/trauma
Usage Guidance
What to consider before installing:
- Trust and provenance: The skill's source/homepage are unknown and author contact looks local/test. Treat it as third-party experimental code and prefer testing in an isolated environment before using with real accounts.
- Local file writes: The skill reads/writes under ~/.openclaw/adg (profile, policies, memory, audit). Expect creation of training_samples.jsonl and style.yaml by reanchor_style.py. If you don't want files created at that path, run it in a sandbox or adjust the base path.
- Missing pieces / oversell: The code is a scaffold — there are no channel adapters included (no actual Email/Discord/Slack/WhatsApp connectors) and the referenced policy DSL file is not present. Policy enforcement depends on files you must supply; do not assume safe defaults.
- Review policies first: Before enabling autonomous replies, create and inspect the policy and contacts YAMLs that live in ~/.openclaw/adg/policies and ~/.openclaw/adg/profile. A misconfigured allowlist could enable undesired autonomous replies.
- Dependencies & runtime: The scripts use PyYAML (yaml). Run in a controlled Python environment (venv) and review imports. The manifest expects a long-running Python service — ensure the runtime's isolation and permission controls are enforced by your platform.
- Watermark & audit: The tool adds a subtle watermark marker (signature '⛧') and writes audit logs. If that behavior is undesirable, plan to modify or disable watermarking and confirm audit storage is acceptable.
- Safe testing: Start with draft-only/default mode and non-sensitive channels/accounts. Confirm policy gates behave as you expect. If you plan to enable persistent/autonomous behavior later, re-audit the code and configuration and ensure network egress remains disabled.
Because the package is largely coherent but incomplete/oversold and makes persistent changes on the filesystem, exercise caution (test in a sandbox, inspect or author the policy files, and confirm the runtime isolation) before granting it access to real messaging channels or sensitive accounts.
Capability Analysis
Type: OpenClaw Skill
Name: agent-doppelganger
Version: 1.0.0
The OpenClaw AgentSkills skill bundle 'agent-doppelganger' is classified as benign. Both the code (scripts/adg.py, scripts/reanchor_style.py) and documentation (SKILL.md, references/specification.md) consistently emphasize a strong safety-first design, with explicit policy gates, confidence checks, and verification steps occurring before any response generation or sending. The manifest.yaml strictly enforces permissions, denying outbound network access and shell execution, and limiting filesystem access to the skill's designated configuration and audit directories (~/.openclaw/adg/). There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the agent itself; instead, the design actively mitigates such risks.
Capability Assessment
Purpose & Capability
The skill claims to handle Email, Discord, Slack, and WhatsApp and to enforce declarative policies. Its manifest and code show local policy/profile reads and audit writes under ~/.openclaw/adg, which is consistent with an on-device delegate. However, the shipped code is a lightweight scaffold (no channel adapters or network/connector code) and the referenced policy DSL file is missing (policy-dsl.md is 'To Be Created'), so the skill currently oversells out-of-the-box channel support and policy tooling. Also the registry metadata version (1.0.0) and manifest version (0.1.0) differ, indicating sloppy packaging.
Instruction Scope
SKILL.md stays within the claimed scope (intent analysis, policy gate, confidence, watermarking, audit). Runtime scripts do perform local file I/O: reading profiles, policies, contacts, and writing audit logs and style/profile files under ~/.openclaw/adg. That file access is proportional to the stated purpose, but reanchor_style will create a training_samples.jsonl in the user's home profile directory if absent, which is an active filesystem change the user should be aware of.
Install Mechanism
No install spec (instruction-only plus bundled code) — lowest install risk. All code is included in the bundle and there are no downloads/remote installers. That said, the code imports PyYAML and other stdlib modules; ensure required Python packages are installed in a controlled environment.
Credentials
The skill requests no environment variables or external credentials. The manifest limits network outbound access and restricts filesystem permissions to ~/.openclaw/adg/*, which aligns with the declared local-first design. There are no hidden credential requests in SKILL.md or the code.
Persistence & Privilege
The manifest marks runtime type as long_running and requires persistence (it will read/write under ~/.openclaw/adg and keep audit logs). always:false (not force-included) and network outbound is false — good. Still, persistent long-running components that keep audit logs and memory increase blast radius if later modified to enable networking; verify runtime isolation and permissions before enabling in a sensitive account.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install agent-doppelganger - After installation, invoke the skill by name or use
/agent-doppelganger - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of agent-doppelganger.
- Introduces a constrained autonomous delegate for identity-proxied communication across channels (Email, Discord, Slack, WhatsApp).
- Analyzes message intent and authority, applying user-defined policies before responding.
- Enforces strict boundaries to prevent overreach and ensure identity fidelity.
- Automatically escalates messages if policies are violated or confidence is low.
- Explicitly excludes handling of secrets, financial, legal, political, or sensitive/emotional domains.
Metadata
Frequently Asked Questions
What is Agent Doppelgänger?
Constrained autonomous delegate for identity-proxied communication. Handles incoming messages (Email, Discord, Slack, WhatsApp) by analyzing intent and applying declarative authority policies before generating responses. Use when the user wants to delegate communication tasks while maintaining identity fidelity and enforcing strict non-overreach boundaries. It is an AI Agent Skill for Claude Code / OpenClaw, with 1829 downloads so far.
How do I install Agent Doppelgänger?
Run "/install agent-doppelganger" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Agent Doppelgänger free?
Yes, Agent Doppelgänger is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Agent Doppelgänger support?
Agent Doppelgänger is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Agent Doppelgänger?
It is built and maintained by Sieer Shafi Lone (@sieershafilone); the current version is v1.0.0.
More Skills