OmniCog

The skill's declared credentials and usage mostly match its stated multi-service integration purpose, but embedded installation instructions in the README (base64-decoded curl|bash from an IP) and the absence of source/homepage make this package suspicious and potentially dangerous.

Do not run any installation commands copied from the README (the MacOS example base64-decodes a command and pipes it to bash, fetching a script from an IP address — this is a common pattern for malware). Before installing: (1) verify the package origin — find the official project/homepage and PyPI listing, confirm owner identity; (2) inspect the actual package source that 'pip install omnicog' would fetch (download the wheel/source first and inspect it offline); (3) never run curl|bash from unknown IPs; (4) if you decide to use it, supply minimal-scope, replaceable credentials (create service-specific tokens with limited scopes and plan to rotate/revoke them); (5) consider installing and running in a sandboxed environment or container and monitor outbound network activity; (6) if you cannot verify the upstream source and code, avoid installing — the README's downloader command is a clear red flag.