ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

CogDx Feedback (Free)

v1.0.1

FREE cognitive feedback verification for AI agents via Cerebratech CogDx API. Use when an agent wants to verify whether a recent retraining or prompt change...

0· 96·0 current·0 all-time
byDr Amanda Kavner@drkavner
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: the SKILL.md documents POSTing feedback to https://api.cerebratech.ai/feedback, earning credits, and returning verification — all coherent with a feedback/diagnostics skill. No unexpected binaries, env vars, or installs are requested.
Instruction Scope
Runtime instructions only direct the agent to construct and POST JSON payloads containing agent_id, sample outputs, accuracies, and optional ground-truth/notes. The SKILL.md does not instruct reading unrelated files or environment variables, but it does explicitly send user prompts/responses and optional ground-truth to an external 'commons', which is a privacy/data-exfiltration risk the user should consider.
Install Mechanism
No install spec and no code files — instruction-only skill. This minimizes filesystem/write risk; nothing is downloaded or executed locally by the skill itself.
Credentials
The skill declares no required environment variables or credentials. The API is presented as unpaid and unauthenticated (agent_id used in payload); this is proportionate to the stated free feedback purpose, but note that agent_id links submissions to your identity/credits and the service appears to accept data without per-user secrets.
Persistence & Privilege
always is false and the skill does not request persistent system privileges or modify other skills. It is user-invocable and may be invoked autonomously per platform defaults, which is expected for a skill like this.
Assessment
This skill is coherent and low-risk from a system-perspective (no installs, no credentials requested). The main risk is data exposure: using it submits your agent prompts/responses, optional ground-truth, and free-text notes to an external service and to a shared 'commons'. Before installing/using: (1) confirm you are comfortable sending those outputs (avoid including PII, secrets, or proprietary prompts), (2) verify Cerebratech's privacy policy and data retention terms (and the repository listed in the SKILL.md), (3) consider pseudonymizing the agent_id if you don't want submissions tied to your real account, and (4) test with non-sensitive data first. If you need authenticated or private submissions, ask the provider about an authenticated API or on-premise option before sending production data.

Like a lobster shell, security has layers — review code before you run it.

latestvk974yn40vmz316ek9en911c3p98350tz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments