Code Cog
ReviewAudited by ClawScan on May 10, 2026.
Overview
Code Cog clearly describes a coding-agent integration that can edit files and run terminal commands through CellCog, so it is purpose-aligned but high-impact.
Install this only if you want an external CellCog coding agent to work on local projects. Keep the working directory narrow, review approvals for writes and terminal commands, protect the CELLCOG_API_KEY, and verify the separate CellCog skill/Desktop components before use.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
CodeCog may change project files, install packages, run tests or build commands, and otherwise affect the local development environment.
The skill explicitly enables file modification and shell execution on the user's machine. This is central to a coding agent, but it is high-impact.
Via CellCog Co-work, CodeCog operates directly on the user's filesystem: - Reads and writes files on the real machine - Runs terminal commands in the user's shell
Use it only on intended project directories, review requested write/execute approvals carefully, and avoid giving it broad filesystem paths.
Anyone or any agent using this configured skill can submit tasks through the user's CellCog account.
The skill requires a CellCog API key. This is expected for the provider integration, but it gives access to the user's CellCog account and credits.
requires:
bins: [python3]
env: [CELLCOG_API_KEY]Store the API key securely, rotate it if exposed, and monitor CellCog usage or billing/credit consumption.
The effective behavior depends on external CellCog components beyond this artifact review.
The provided skill is instruction-only and delegates functionality to a separate CellCog skill/SDK/Desktop application that is not included in the supplied artifacts.
This skill requires the `cellcog` skill for SDK setup and API calls. ```bash clawhub install cellcog ```
Review and install the referenced CellCog components only from trusted sources before using Code Cog.
A repository could contain instructions that influence how CodeCog edits files or runs commands.
The coding agent may treat repository instruction files as guidance. That is normal for coding agents, but malicious or untrusted repository instructions could steer behavior.
- Auto-reads AGENTS.md/CLAUDE.md for project conventions
Inspect project instruction files in untrusted repositories before letting the agent work there.
A delegated coding task may keep running while the main agent continues other work.
The OpenClaw workflow can start a task without blocking for completion. This is disclosed and expected for delegated agent work, but users should understand that work may continue asynchronously.
OpenClaw (fire-and-forget):
Use clear task labels, monitor CellCog Desktop/session notifications, and stop or cancel tasks that are no longer desired.