Cozi Family Organizer
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears purpose-aligned for managing Cozi lists and calendar items, but it needs your Cozi credentials, stores a session token, and can change or delete organizer data.
Before installing, confirm you are comfortable storing Cozi credentials for this skill and letting your agent read and modify family organizer lists and calendar entries. Ask the agent to confirm before delete actions, and protect or periodically remove the cached session file.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any process that can access the configured credentials or cached session file may be able to act on the user's Cozi family organizer account until the token expires.
The skill needs account credentials and stores a reusable session token, giving it authenticated access to the user's Cozi account.
`COZI_EMAIL` — Your Cozi account email - `COZI_PASSWORD` — Your Cozi account password The script caches your session token in `~/.openclaw/skills/cozi/.session.json`
Only install if you are comfortable giving this skill access to the Cozi account. Protect the `.env` and `.session.json` files, and remove the session file or rotate credentials if access should be revoked.
If invoked incorrectly, the agent could remove list items, delete lists, or delete appointments from a family organizer account.
The skill exposes direct commands that can delete or modify organizer data in the authenticated Cozi account.
node ~/.openclaw/skills/cozi/scripts/cozi.js remove <listId> <itemId> # Remove item node ~/.openclaw/skills/cozi/scripts/cozi.js delete-list <listId> # Delete list node ~/.openclaw/skills/cozi/scripts/cozi.js remove-appt <year> <month> <apptId>
Use clear instructions for write operations and require confirmation before delete or removal commands, especially for calendar appointments and whole lists.
The skill may stop working or behave unexpectedly if Cozi changes the private API.
The integration depends on an unofficial reverse-engineered API rather than a stable official interface.
This uses an unofficial API (reverse-engineered). Cozi may change it at any time.
Treat this as an unofficial integration and verify important changes in Cozi directly if reliability matters.