OmniCog

Type: OpenClaw Skill Name: omnicogg Version: 1.0.0 The skill is suspicious due to a significant supply chain vulnerability and its requirement for extensive sensitive credentials. The `SKILL.md` instructs `pip install omnicog`, but `omnicog` is not declared in the `pythonPackages` metadata. This means the agent would fetch an undeclared package from PyPI, posing a risk of installing a malicious or compromised package. Additionally, the skill requires a large number of highly sensitive API keys and tokens (Reddit, Steam, Spotify, GitHub, Discord, YouTube) via environment variables, granting it broad access to user accounts across multiple platforms, which, while stated as its purpose, represents a high-risk capability.