功能描述

Constrained autonomous delegate for identity-proxied communication. Handles incoming messages (Email, Discord, Slack, WhatsApp) by analyzing intent and applying declarative authority policies before generating responses. Use when the user wants to delegate communication tasks while maintaining identity fidelity and enforcing strict non-overreach boundaries.

使用说明 (SKILL.md)

Agent Doppelgänger (ADG)

Name: Agent Doppelgänger
Author: sieershafilone

ADG is a policy-bounded identity proxy for real-world communication. It acts as a constrained autonomous delegate that communicates on your behalf within formally provable limits.

Core Workflow

Adapter: Normalize incoming messages from various channels.
Intent Analysis: Classify the intent along Domain, Stakes, Authority, and Ambiguity.
Policy Gate: Evaluate declarative policies (DSL) to determine if the agent is allowed to handle the request.
Confidence Engine: Measure confidence in both intent analysis and proposed handling.
Response Generation: Synthesize a response using your Style, Heuristics, and Preferences.
Verifier: Audit the response against hard constraints before sending or drafting.

Implementation Details

1. Identity Modeling

Identity is modeled as a composition of four layers:

Style: Surface form characteristics (length, directness, vocabulary).
Heuristics: Core decision logic (e.g., "avoid meetings without agenda").
Preferences: Soft weights (e.g., Work > Social).
Constraints: Hard, user-defined rules.

2. Authority & Policy

Policies are declarative and evaluated before any generation occurs. This ensures safety and prevents prompt injection from bypassing limits.

3. Escalation

ADG automatically escalates to you (Draft or Block) if:

Policy is violated.
Confidence falls below the defined threshold.
The request involves forbidden domains (Finance, Legal, Medical, etc.).

References

See specification.md for the full architectural blueprint.
See policy-dsl.md (To Be Created) for the formal policy language definition.

Forbidden Modeling

ADG is strictly forbidden from modeling or handling:

Secrets
Financial authority
Legal intent
Political opinions
Emotional vulnerability/trauma

安全使用建议

What to consider before installing: - Trust and provenance: The skill's source/homepage are unknown and author contact looks local/test. Treat it as third-party experimental code and prefer testing in an isolated environment before using with real accounts. - Local file writes: The skill reads/writes under ~/.openclaw/adg (profile, policies, memory, audit). Expect creation of training_samples.jsonl and style.yaml by reanchor_style.py. If you don't want files created at that path, run it in a sandbox or adjust the base path. - Missing pieces / oversell: The code is a scaffold — there are no channel adapters included (no actual Email/Discord/Slack/WhatsApp connectors) and the referenced policy DSL file is not present. Policy enforcement depends on files you must supply; do not assume safe defaults. - Review policies first: Before enabling autonomous replies, create and inspect the policy and contacts YAMLs that live in ~/.openclaw/adg/policies and ~/.openclaw/adg/profile. A misconfigured allowlist could enable undesired autonomous replies. - Dependencies & runtime: The scripts use PyYAML (yaml). Run in a controlled Python environment (venv) and review imports. The manifest expects a long-running Python service — ensure the runtime's isolation and permission controls are enforced by your platform. - Watermark & audit: The tool adds a subtle watermark marker (signature '⛧') and writes audit logs. If that behavior is undesirable, plan to modify or disable watermarking and confirm audit storage is acceptable. - Safe testing: Start with draft-only/default mode and non-sensitive channels/accounts. Confirm policy gates behave as you expect. If you plan to enable persistent/autonomous behavior later, re-audit the code and configuration and ensure network egress remains disabled. Because the package is largely coherent but incomplete/oversold and makes persistent changes on the filesystem, exercise caution (test in a sandbox, inspect or author the policy files, and confirm the runtime isolation) before granting it access to real messaging channels or sensitive accounts.

功能分析

Type: OpenClaw Skill Name: agent-doppelganger Version: 1.0.0 The OpenClaw AgentSkills skill bundle 'agent-doppelganger' is classified as benign. Both the code (scripts/adg.py, scripts/reanchor_style.py) and documentation (SKILL.md, references/specification.md) consistently emphasize a strong safety-first design, with explicit policy gates, confidence checks, and verification steps occurring before any response generation or sending. The manifest.yaml strictly enforces permissions, denying outbound network access and shell execution, and limiting filesystem access to the skill's designated configuration and audit directories (~/.openclaw/adg/). There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the agent itself; instead, the design actively mitigates such risks.

能力评估

ℹ Purpose & Capability

The skill claims to handle Email, Discord, Slack, and WhatsApp and to enforce declarative policies. Its manifest and code show local policy/profile reads and audit writes under ~/.openclaw/adg, which is consistent with an on-device delegate. However, the shipped code is a lightweight scaffold (no channel adapters or network/connector code) and the referenced policy DSL file is missing (policy-dsl.md is 'To Be Created'), so the skill currently oversells out-of-the-box channel support and policy tooling. Also the registry metadata version (1.0.0) and manifest version (0.1.0) differ, indicating sloppy packaging.

ℹ Instruction Scope

SKILL.md stays within the claimed scope (intent analysis, policy gate, confidence, watermarking, audit). Runtime scripts do perform local file I/O: reading profiles, policies, contacts, and writing audit logs and style/profile files under ~/.openclaw/adg. That file access is proportional to the stated purpose, but reanchor_style will create a training_samples.jsonl in the user's home profile directory if absent, which is an active filesystem change the user should be aware of.

✓ Install Mechanism

No install spec (instruction-only plus bundled code) — lowest install risk. All code is included in the bundle and there are no downloads/remote installers. That said, the code imports PyYAML and other stdlib modules; ensure required Python packages are installed in a controlled environment.

✓ Credentials

The skill requests no environment variables or external credentials. The manifest limits network outbound access and restricts filesystem permissions to ~/.openclaw/adg/*, which aligns with the declared local-first design. There are no hidden credential requests in SKILL.md or the code.

ℹ Persistence & Privilege

The manifest marks runtime type as long_running and requires persistence (it will read/write under ~/.openclaw/adg and keep audit logs). always:false (not force-included) and network outbound is false — good. Still, persistent long-running components that keep audit logs and memory increase blast radius if later modified to enable networking; verify runtime isolation and permissions before enabling in a sensitive account.

版本历史

v1.0.0

Initial release of agent-doppelganger. - Introduces a constrained autonomous delegate for identity-proxied communication across channels (Email, Discord, Slack, WhatsApp). - Analyzes message intent and authority, applying user-defined policies before responding. - Enforces strict boundaries to prevent overreach and ensure identity fidelity. - Automatically escalates messages if policies are violated or confidence is low. - Explicitly excludes handling of secrets, financial, legal, political, or sensitive/emotional domains.

元数据

Slug agent-doppelganger

版本 1.0.0

许可证 —

累计安装 10

当前安装数 7

历史版本数 1

常见问题

Agent Doppelgänger 是什么？

Constrained autonomous delegate for identity-proxied communication. Handles incoming messages (Email, Discord, Slack, WhatsApp) by analyzing intent and applying declarative authority policies before generating responses. Use when the user wants to delegate communication tasks while maintaining identity fidelity and enforcing strict non-overreach boundaries. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 1829 次。

如何安装 Agent Doppelgänger？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install agent-doppelganger」即可一键安装，无需额外配置。

Agent Doppelgänger 是免费的吗？

是的，Agent Doppelgänger 完全免费（开源免费），可自由下载、安装和使用。

Agent Doppelgänger 支持哪些平台？

Agent Doppelgänger 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Agent Doppelgänger？

由 Sieer Shafi Lone（@sieershafilone）开发并维护，当前版本 v1.0.0。

Agent Doppelgänger