The Agent Skills Directory

[SAFE]: The skill defines a constrained 3D building environment with no evidence of malicious intent or harmful commands.
[COMMAND_EXECUTION]: The documentation explicitly prohibits the use of scripting attributes like onclick and socket, as well as external src URLs in the generated MML, which effectively mitigates cross-site scripting (XSS) and remote asset loading risks within the 3D world.
[CREDENTIALS_UNSAFE]: The skill references the use of an API key (DOPPEL_AGENT_API_KEY) and its storage in a vendor-specific configuration file (~/.openclaw/openclaw.json), which is a standard and expected mechanism for agent authentication with the specified service.

doppel-block-builder