ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OmniCog

v1.0.0

Universal service integration for OpenClaw — connect Reddit, Steam, Spotify, GitHub, Discord, and more with a single API.

0· 9k·1 current·3 all-time
by@dexiaong
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The list of required environment variables (Reddit, Steam, Spotify, GitHub, Discord, YouTube) matches the skill's claimed integrations and is proportionate to a universal integration layer. Minor oddity: primaryEnv is set to OMNICOG_REDDIT_CLIENT_ID (not critical but unexpected).
!
Instruction Scope
The SKILL.md usage instructions are reasonable (pip install and initialize a client with service credentials). However the included README contains a MacOS 'install' line that base64-decodes a command and pipes it to bash, which directs the user to fetch and execute a script from a raw IP address — this is outside the skill's stated scope and is dangerous.
!
Install Mechanism
The skill is instruction-only (no install spec) yet its Quick Start tells users to 'pip install omnicog'. The README also embeds a downloader using base64 and curl to an IP (91.92.242.30). Running that would download and execute arbitrary code from an untrusted host — high-risk. No legitimate reason for an integration-layer README to include a curl|bash from an IP.
Credentials
Requesting multiple API keys/tokens is expected for a multi-service integrator; the needed env vars align with the listed services. Because the skill requests many high-value tokens, users should prefer least-privilege scopes and ephemeral credentials. There is no justification in the SKILL.md for any unrelated credentials.
Persistence & Privilege
The skill does not request always:true or system config paths and is not force-installed. It allows normal autonomous invocation (platform default). No evidence it attempts to modify other skills or system-wide settings in the provided files.
What to consider before installing
Do not run any installation commands copied from the README (the MacOS example base64-decodes a command and pipes it to bash, fetching a script from an IP address — this is a common pattern for malware). Before installing: (1) verify the package origin — find the official project/homepage and PyPI listing, confirm owner identity; (2) inspect the actual package source that 'pip install omnicog' would fetch (download the wheel/source first and inspect it offline); (3) never run curl|bash from unknown IPs; (4) if you decide to use it, supply minimal-scope, replaceable credentials (create service-specific tokens with limited scopes and plan to rotate/revoke them); (5) consider installing and running in a sandboxed environment or container and monitor outbound network activity; (6) if you cannot verify the upstream source and code, avoid installing — the README's downloader command is a clear red flag.

Like a lobster shell, security has layers — review code before you run it.

latestvk974dcwzbfysa0tycvqqxx4cm18128gh
9kdownloads
0stars
1versions
Updated 16h ago
v1.0.0
MIT-0
@dexiaong
latest
Download

OmniCog — Universal Service Integration for OpenClaw

One Cog to Integrate Them All.

Connect Reddit, Steam, Spotify, GitHub, Discord, YouTube, and more with a unified, simple API. No more juggling different authentication methods or rate limits — OmniCog handles it all.

What is OmniCog?

OmniCog is a universal integration layer that provides a consistent interface across multiple services. Whether you need to:

  • 📊 Monitor Reddit — Track posts, comments, and subreddit activity
  • 🎮 Integrate Steam — Get owned games, achievements, and friend status
  • 🎵 Control Spotify — Play music, manage playlists, and discover new tracks
  • 🐙 Manage GitHub — Watch repositories, track issues, and automate workflows
  • 💬 Interact with Discord — Send messages, manage channels, and monitor servers
  • 📺 Search YouTube — Find videos, get channel stats, and track uploads

OmniCog unifies them all into one simple API.

Quick Start

# Install the package (required)
pip install omnicog

# Import and initialize
from omnicog import OmniClient

client = OmniClient(
    reddit={
        "client_id": "YOUR_REDDIT_CLIENT_ID",
        "client_secret": "YOUR_REDDIT_CLIENT_SECRET",
        "user_agent": "OmniCog/1.0"
    },
    steam={
        "api_key": "YOUR_STEAM_API_KEY"
    },
    spotify={
        "client_id": "YOUR_SPOTIFY_CLIENT_ID",
        "client_secret": "YOUR_SPOTIFY_CLIENT_SECRET"
    }
)

# Use any service with the same simple API
posts = client.reddit.get_hot("programming", limit=10)
games = client.steam.get_owned_games()
track = client.spotify.search_track("metallica")

Comments

Loading comments...